[Builtins] New Array.prototype.filter implementation observability bug.

[Builtins] New Array.prototype.filter implementation observability bug.

filter creates an output array with the Array species constructor for
storing values from the input array that pass the user-supplied
predicate function. Our new array builtins are implemented such that
if we fall out of the fast path, we'll pick up where we left off
in a continuation function. It's important to pass the index of
where we left off appending to the output array, because otherwise
we will read it at the start of the continuation function.

That would be observable, and a spec violation.

BUG=

Review-Url: https://codereview.chromium.org/2771483002
Cr-Commit-Position: refs/heads/master@{#44023}
Committed: https://chromium.googlesource.com/v8/v8/+/2c84924f1b70bedcbd7b356cb578b32df4180e28

[mvstanton, 2017-03-22 09:54:24]

mvstanton@chromium.org changed reviewers:
+ danno@chromium.org

[mvstanton, 2017-03-22 09:54:24]

Hi Danno,
Here is the fix we discussed, thanks!
--Michael

[mvstanton, 2017-03-22 09:54:36]

The CQ bit was checked by mvstanton@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-22 09:54:38]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 10:20:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-22 10:20:07]

Dry run: This issue passed the CQ dry run.

[danno, 2017-03-22 13:12:33]

lgtm

[mvstanton, 2017-03-22 13:14:25]

The CQ bit was checked by mvstanton@chromium.org

[commit-bot: I haz the power, 2017-03-22 13:14:32]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 13:18:27]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1490188465408080, "parent_rev":
"e046b80a55fef6004aa9956bf55b802f1625f43a", "commit_rev":
"2c84924f1b70bedcbd7b356cb578b32df4180e28"}

[commit-bot: I haz the power, 2017-03-22 13:18:35]

Description was changed from

==========
[Builtins] New Array.prototype.filter implementation observability bug.

filter creates an output array with the Array species constructor for
storing values from the input array that pass the user-supplied
predicate function. Our new array builtins are implemented such that
if we fall out of the fast path, we'll pick up where we left off
in a continuation function. It's important to pass the index of
where we left off appending to the output array, because otherwise
we will read it at the start of the continuation function.

That would be observable, and a spec violation.

BUG=
==========

to

==========
[Builtins] New Array.prototype.filter implementation observability bug.

filter creates an output array with the Array species constructor for
storing values from the input array that pass the user-supplied
predicate function. Our new array builtins are implemented such that
if we fall out of the fast path, we'll pick up where we left off
in a continuation function. It's important to pass the index of
where we left off appending to the output array, because otherwise
we will read it at the start of the continuation function.

That would be observable, and a spec violation.

BUG=

Review-Url: https://codereview.chromium.org/2771483002
Cr-Commit-Position: refs/heads/master@{#44023}
Committed:
https://chromium.googlesource.com/v8/v8/+/2c84924f1b70bedcbd7b356cb578b32df41...
==========

[commit-bot: I haz the power, 2017-03-22 13:18:36]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/v8/v8/+/2c84924f1b70bedcbd7b356cb578b32df41...