Empty Array prototype elements protection needs to alert on length change.

Empty Array prototype elements protection needs to alert on length change.

If the length of the array prototype is changed, be sure to turn off the
guarantee that it's elements are empty.

This case was missed in https://codereview.chromium.org/1092043002
("Protect the emptiness of Array prototype elements with a PropertyCell")

R=jkummerow@chromium.org
BUG=479781
LOG=N

Committed: https://crrev.com/df7e09da19e39fe9047cb9a02c427aa3f8915916
Cr-Commit-Position: refs/heads/master@{#28033}

[mvstanton, 2015-04-23 15:06:59]

Hi Jakob,
I missed a case in the array_protector work of yesterday:

Array.prototype.length = 5;

Thanks for the look,
--Michael

[Jakob Kummerow, 2015-04-23 15:11:32]

LGTM with a comment.

https://codereview.chromium.org/1099453007/diff/1/src/isolate.cc
File src/isolate.cc (right):

https://codereview.chromium.org/1099453007/diff/1/src/isolate.cc#newcode2431
src/isolate.cc:2431: Handle<PropertyCell> array_protector =
factory()->array_protector();
While you're here, you could avoid a handle creation by inlining this (it only
has a single call site, and we'll break out of the loop right after).

[mvstanton, 2015-04-23 15:21:30]

The CQ bit was checked by mvstanton@chromium.org

[mvstanton, 2015-04-23 15:21:30]

The patchset sent to the CQ was uploaded after l-g-t-m from
jkummerow@chromium.org
Link to the patchset: https://codereview.chromium.org/1099453007/#ps20001
(title: "With comments.")

[commit-bot: I haz the power, 2015-04-23 15:21:45]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1099453007/20001

[commit-bot: I haz the power, 2015-04-23 16:09:15]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2015-04-23 16:09:25]

Patchset 2 (id:??) landed as
https://crrev.com/df7e09da19e39fe9047cb9a02c427aa3f8915916
Cr-Commit-Position: refs/heads/master@{#28033}