• mlippautz's avatar
    [heap] Track length for array buffers to avoid free-ing dependency · ddc75cc1
    mlippautz authored
    The dependency would only happen if we have a smi overflow for the length and
    have create a heap number. In this case the heap number would've to survive
    until the array buffer is collected.
    
    To avoid this dependency we track the length (as we previously used to).
    
    BUG=chromium:625748,chromium:625752
    LOG=N
    TEST=test/mjsunit/regress/regress-625752.js
    R=hpayer@chromium.org
    
    Review-Url: https://codereview.chromium.org/2122603004
    Cr-Commit-Position: refs/heads/master@{#37530}
    ddc75cc1
regress-625752.js 392 Bytes