[elements] Omit fast path in PrependElementIndices

[elements] Omit fast path in PrependElementIndices

In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.

BUG=chromium:630561
Committed: https://crrev.com/7ede61ed1da8f21bd4043e0d66ef86240cf0fe7c
Cr-Commit-Position: refs/heads/master@{#37993}

[Camillo Bruni, 2016-07-22 11:32:39]

cbruni@chromium.org changed reviewers:
+ jkummerow@chromium.org

[Camillo Bruni, 2016-07-22 11:32:40]

PTAL

[Jakob Kummerow, 2016-07-22 14:02:53]

https://codereview.chromium.org/2173653003/diff/20001/src/elements.cc
File src/elements.cc (left):

https://codereview.chromium.org/2173653003/diff/20001/src/elements.cc#oldcode...
src/elements.cc:1048: if (convert == GetKeysConversion::kConvertToString) {
I think you wanted to keep this line.

[Camillo Bruni, 2016-07-22 14:04:30]

The CQ bit was checked by cbruni@chromium.org

[commit-bot: I haz the power, 2016-07-22 14:04:36]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-22 14:04:36]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-22 14:04:37]

No L-G-T-M from a valid reviewer yet. 
CQ run can only be started by full committers or once the patch has
received an L-G-T-M from a full committer.
Even if an L-G-T-M may have been provided, it was from a non-committer,
_not_ a full super star committer.
Committers are members of the group "project-v8-committers".
Note that this has nothing to do with OWNERS files.

[Camillo Bruni, 2016-07-22 14:05:30]

The CQ bit was checked by cbruni@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-22 14:05:37]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Jakob Kummerow, 2016-07-22 14:07:17]

lgtm

[commit-bot: I haz the power, 2016-07-22 14:26:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-22 14:26:07]

Dry run: This issue passed the CQ dry run.

[Camillo Bruni, 2016-07-23 12:12:12]

The CQ bit was checked by cbruni@chromium.org

[commit-bot: I haz the power, 2016-07-23 12:12:17]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-23 12:13:41]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-07-23 12:16:30]

Description was changed from

==========
[elements] Omit fast path in PrependElementIndices

In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.

BUG=chromium:630561
==========

to

==========
[elements] Omit fast path in PrependElementIndices

In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.

BUG=chromium:630561

Committed: https://crrev.com/7ede61ed1da8f21bd4043e0d66ef86240cf0fe7c
Cr-Commit-Position: refs/heads/master@{#37993}
==========

[commit-bot: I haz the power, 2016-07-23 12:16:31]

Patchset 3 (id:??) landed as
https://crrev.com/7ede61ed1da8f21bd4043e0d66ef86240cf0fe7c
Cr-Commit-Position: refs/heads/master@{#37993}