Issue 80623002: Array builtins proceed blithely on frozen arrays

Issue 80623002: Array builtins proceed blithely on frozen arrays (Closed)

Created:
7 years, 1 month ago by mvstanton

Modified:
7 years ago

Reviewers:
Toon Verwaest, rossberg

CC:
v8-dev

Base URL:
https://v8.googlecode.com/svn/branches/bleeding_edge

Visibility:
Public.

Array builtins need to be prevented from changing frozen objects, and changing structure on sealed objects. BUG=299979 LOG=Y R=verwaest@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=18164

Created: 7 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+194 lines, -37 lines)			Patch
M	src/arm/stub-cache-arm.cc	View	1 2 3 4	2 chunks	+8 lines, -4 lines	0 comments	Download
M	src/array.js	View	1 2 3 4 5	6 chunks	+47 lines, -7 lines	0 comments	Download
M	src/builtins.cc	View	1 2 3 4	1 chunk	+1 line, -0 lines	0 comments	Download
M	src/ia32/stub-cache-ia32.cc	View	1 2 3 4	2 chunks	+8 lines, -4 lines	0 comments	Download
M	src/messages.js	View	1 2 3 4	1 chunk	+2 lines, -0 lines	0 comments	Download
M	src/mips/stub-cache-mips.cc	View	1 2 3 4	2 chunks	+8 lines, -4 lines	0 comments	Download
M	src/objects-printer.cc	View	1 2	1 chunk	+5 lines, -0 lines	0 comments	Download
M	src/x64/stub-cache-x64.cc	View	1 2 3 4	2 chunks	+8 lines, -12 lines	0 comments	Download
M	test/mjsunit/object-freeze.js	View	1 2 3 4 5	1 chunk	+23 lines, -0 lines	0 comments	Download
M	test/mjsunit/object-seal.js	View	1 2 3 4 5	2 chunks	+76 lines, -0 lines	0 comments	Download
M	test/mjsunit/regress/regress-2711.js	View		1 chunk	+2 lines, -2 lines	0 comments	Download
A +	test/mjsunit/regress/regress-299979.js	View	1 2	1 chunk	+6 lines, -4 lines	0 comments	Download

Total messages: 7 (0 generated)

mvstanton

Hi, I've updated to rely on sealed, only paying attention to frozen in array.splice(), where ...

7 years ago (2013-11-25 15:50:15 UTC) #3

Message was sent while issue was closed.

Committed patchset #6 manually as r18164 (presubmit successful).