Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(809)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1247243003: The ArrayConcat builtin didn't respect @@isConcatSp (Closed)

Created:
5 years, 5 months ago by Dan Ehrenberg
Modified:
5 years, 2 months ago
Reviewers:
Camillo Bruni, adamk
CC:
v8-dev
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

Fix @@isConcatSpreadable in ArrayConcat builtin The ArrayConcat builtin didn't respect @@isConcatSpreadable, which, surprisingly, is observable if you modify an Array's Symbol.isConcatSpreadable property. This patch bails out of the ArrayConcat builtin if any argument's Symbol.isConcatSpreadable property is set to false, but continues otherwise, meeting the spec's requirements. BUG=v8:4317 LOG=N

Patch Set 1 #

Patch Set 2 : Fix builtin rather than removing it #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+37 lines, -19 lines) Patch
M src/builtins.cc View 1 1 chunk +6 lines, -1 line 1 comment Download
M src/elements.h View 1 1 chunk +2 lines, -0 lines 0 comments Download
M src/elements.cc View 1 1 chunk +18 lines, -0 lines 0 comments Download
M src/runtime/runtime-array.cc View 1 1 chunk +0 lines, -18 lines 0 comments Download
M test/mjsunit/harmony/array-concat.js View 1 chunk +11 lines, -0 lines 0 comments Download

Messages

Total messages: 10 (4 generated)
Camillo Bruni
lgtm
5 years, 4 months ago (2015-08-19 12:48:07 UTC) #2
Dan Ehrenberg
I am a little hesitant to push ahead with this strategy until we have benchmarks ...
5 years, 4 months ago (2015-08-19 17:39:50 UTC) #3
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1247243003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1247243003/20001
5 years, 4 months ago (2015-08-19 17:40:04 UTC) #5
commit-bot: I haz the power
Dry run: Try jobs failed on following builders: v8_mac_rel on tryserver.v8 (JOB_FAILED, http://build.chromium.org/p/tryserver.v8/builders/v8_mac_rel/builds/8837)
5 years, 4 months ago (2015-08-19 17:52:15 UTC) #7
adamk
https://codereview.chromium.org/1247243003/diff/20001/src/builtins.cc File src/builtins.cc (right): https://codereview.chromium.org/1247243003/diff/20001/src/builtins.cc#newcode951 src/builtins.cc:951: fallback = !IsConcatSpreadable(isolate, obj); As the test failures show, ...
5 years, 4 months ago (2015-08-19 19:50:35 UTC) #9
Camillo Bruni
5 years, 3 months ago (2015-09-04 08:24:36 UTC) #10 
On 2015/08/19 at 19:50:35, adamk wrote:
> https://codereview.chromium.org/1247243003/diff/20001/src/builtins.cc
> File src/builtins.cc (right):
> 
>
https://codereview.chromium.org/1247243003/diff/20001/src/builtins.cc#newcode951
> src/builtins.cc:951: fallback = !IsConcatSpreadable(isolate, obj);
> As the test failures show, you can't make this call here, since there are a
bunch of non-handlified bits of state in local variables which might move if an
allocation occurs.

I'm about to finish a refactoring of ArrayConcata in
https://codereview.chromium.org/1330483003 which avoids jumping to the
JavaScript code after trying the fast Builtin.
I will try to fix your issue as well using the same approach.

Powered by Google App Engine
This is Rietveld 408576698