test/mjsunit/array-sort.js - Issue 555173002: Array.prototype.sort: Unchecked calls to hasOwnProperty and push and sort

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/mjsunit/array-sort.js

Issue 555173002: Array.prototype.sort: Unchecked calls to hasOwnProperty and push and sort (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Added test Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/mjsunit/array-sort.js

diff --git a/test/mjsunit/array-sort.js b/test/mjsunit/array-sort.js

index 3fa623a65601e7f6bc42809ff88fa9c2d008f7b1..5712232bb6fb51a0b450c7f39ebe38dfc9025281 100644

--- a/test/mjsunit/array-sort.js

+++ b/test/mjsunit/array-sort.js

@@ -404,3 +404,50 @@ function cmpTest(a, b) {

return a.val - b.val;

}

arr.sort(cmpTest);

+// Test sort doesn't depend on Object.prototype.hasOwnProperty. Otherwise a

arv (Not doing code reviews) 2014/09/15 15:32:47 You can remove this comment. The name and the code

+// TypeError Exception will be thrown when running sort().

+function TestSortDoesntDependOnObjectPrototypeHasOwnProperty()

arv (Not doing code reviews) 2014/09/15 15:32:47 no newline before {

+ Array.prototype.sort.call({__proto__: { hasOwnProperty: null, 0: 1 }, length: 5});

arv (Not doing code reviews) 2014/09/15 15:32:47 long line

+ var arr = new Array(2);

+ Object.defineProperty(arr, "0", { get: function() {}, set: function() {},

arv (Not doing code reviews) 2014/09/15 15:32:47 Why the strange 0 property? It does not seem relev

+ configurable: true});

+ arr.hasOwnProperty = null;

+ arr.sort();

+TestSortDoesntDependOnObjectPrototypeHasOwnProperty();

+// Test sort doesn't depend on Array.prototype.push. Otherwise a TypeError

+// Exception will be thrown when running sort().

+function TestSortDoesntDepenOnArrayPrototypePush()

+ // InsertionSort is used for arrays which length <= 22

+ var arr = [];

+ for (var i = 0; i < 22; i++) arr[i] = {};

+ delete Array.prototype.push;

arv (Not doing code reviews) 2014/09/15 15:32:47 or Array.prototype.push = function() { fail('Sh

+ arr.sort();

+ // Quicksort is used for arrays which length > 22

+ // Arrays which length > 1000 guarantee GetThirdIndex is executed

+ arr = [];

+ for (var i = 0; i < 2000; ++i) arr[i] = {};

+ arr.sort();

+TestSortDoesntDepenOnArrayPrototypePush();

+// Test sort doesn't depend on Array.prototype.sort. Otherwise a TypeError

+// Exception will be thrown when running sort().

+function TestSortDoesntDepenOnArrayPrototypeSort()

+ var arr = [];

+ for (var i = 0; i < 2000; i++) arr[i] = {};

+ var sortfn = Array.prototype.sort;

+ delete Array.prototype.sort;

+ sortfn.call(arr);

+TestSortDoesntDepenOnArrayPrototypeSort();

« no previous file with comments | « src/array.js ('k') | no next file » | no next file with comments »