Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Side by Side Diff: test/cctest/test-api.cc

Issue 1099453007: Empty Array prototype elements protection needs to alert on length change. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: With comments. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 16666 matching lines...) Expand 10 before | Expand all | Expand 10 after
16677 isolate1->Dispose(); 16677 isolate1->Dispose();
16678 } 16678 }
16679 16679
16680 16680
16681 TEST(VerifyArrayPrototypeGuarantees) { 16681 TEST(VerifyArrayPrototypeGuarantees) {
16682 // Break fast array hole handling by element changes. 16682 // Break fast array hole handling by element changes.
16683 BreakArrayGuarantees("[].__proto__[1] = 3;"); 16683 BreakArrayGuarantees("[].__proto__[1] = 3;");
16684 BreakArrayGuarantees("Object.prototype[3] = 'three';"); 16684 BreakArrayGuarantees("Object.prototype[3] = 'three';");
16685 BreakArrayGuarantees("Array.prototype.push(1);"); 16685 BreakArrayGuarantees("Array.prototype.push(1);");
16686 BreakArrayGuarantees("Array.prototype.unshift(1);"); 16686 BreakArrayGuarantees("Array.prototype.unshift(1);");
16687 // Break fast array hole handling by changing length.
16688 BreakArrayGuarantees("Array.prototype.length = 30;");
16687 // Break fast array hole handling by prototype structure changes. 16689 // Break fast array hole handling by prototype structure changes.
16688 BreakArrayGuarantees("[].__proto__.__proto__ = { funny: true };"); 16690 BreakArrayGuarantees("[].__proto__.__proto__ = { funny: true };");
16689 // By sending elements to dictionary mode. 16691 // By sending elements to dictionary mode.
16690 BreakArrayGuarantees("Object.freeze(Array.prototype);"); 16692 BreakArrayGuarantees("Object.freeze(Array.prototype);");
16691 BreakArrayGuarantees("Object.freeze(Object.prototype);"); 16693 BreakArrayGuarantees("Object.freeze(Object.prototype);");
16692 BreakArrayGuarantees( 16694 BreakArrayGuarantees(
16693 "Object.defineProperty(Array.prototype, 0, {" 16695 "Object.defineProperty(Array.prototype, 0, {"
16694 " get: function() { return 3; }});"); 16696 " get: function() { return 3; }});");
16695 BreakArrayGuarantees( 16697 BreakArrayGuarantees(
16696 "Object.defineProperty(Object.prototype, 0, {" 16698 "Object.defineProperty(Object.prototype, 0, {"
(...skipping 4378 matching lines...) Expand 10 before | Expand all | Expand 10 after
21075 21077
21076 { 21078 {
21077 v8::HandleScope handle_scope(isolate); 21079 v8::HandleScope handle_scope(isolate);
21078 21080
21079 // Should work 21081 // Should work
21080 v8::Local<v8::Object> obj = v8::Object::New(isolate); 21082 v8::Local<v8::Object> obj = v8::Object::New(isolate);
21081 21083
21082 USE(obj); 21084 USE(obj);
21083 } 21085 }
21084 } 21086 }
OLDNEW
« no previous file with comments | « src/objects.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698