• Mike Stanton's avatar
    [builtins] Enable Torque Array.prototype.splice · fd334b32
    Mike Stanton authored
    Before, splice was implemented with a C++ fast path and a
    comprehensive JavaScript version.
    
    This impl. is entirely in Torque with a fastpath for SMI,
    DOUBLE and OBJECT arrays, and a comprehensive slow path.
    The same level of "sparse" array support as given by the
    array.js implementation is included.
    
    This reland addresses several issues:
    
    * Removed "sparse" array support from splice.
    * Addressed ClusterFuzz issue 876443:
      The test and code that uses the fix is in this CL.
      The fix in isolation can be seen here:
      https://chromium-review.googlesource.com/c/v8/v8/+/1199403
    * Removed dead code in elements.cc
    
    BUG=chromium:876443, v8:8131, v8:1956, v8:7221
    
    Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
    Change-Id: I2d4a66c24ba1edabeca34e27e6ff8ee6136ed5f1
    Reviewed-on: https://chromium-review.googlesource.com/1201783
    Commit-Queue: Michael Stanton <mvstanton@chromium.org>
    Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#55610}
    fd334b32
Name
Last commit
Last update
..
OWNERS Loading commit data...
array.js Loading commit data...
intl.js Loading commit data...
macros.py Loading commit data...
prologue.js Loading commit data...
typedarray.js Loading commit data...