Reland "[heap] Track length for array buffers to avoid free-ing dependency"
The dependency would only happen if we have a smi overflow for the length and have create a heap number. In this case the heap number would've to survive until the array buffer is collected. To avoid this dependency we track the length (as we previously used to). BUG=chromium:625752 LOG=N TEST=test/mjsunit/regress/regress-625752.js R=hpayer@chromium.org This reverts commit 1791d7bb. Review-Url: https://codereview.chromium.org/2127643002 Cr-Commit-Position: refs/heads/master@{#37537}
Showing
Please
register
or
sign in
to comment