• mvstanton's avatar
    [Builtins] New Array.prototype.filter implementation observability bug. · 2c84924f
    mvstanton authored
    filter creates an output array with the Array species constructor for
    storing values from the input array that pass the user-supplied
    predicate function. Our new array builtins are implemented such that
    if we fall out of the fast path, we'll pick up where we left off
    in a continuation function. It's important to pass the index of
    where we left off appending to the output array, because otherwise
    we will read it at the start of the continuation function.
    
    That would be observable, and a spec violation.
    
    BUG=
    
    Review-Url: https://codereview.chromium.org/2771483002
    Cr-Commit-Position: refs/heads/master@{#44023}
    2c84924f
code-assembler.cc 30.9 KB