Support concatenating with zero-size arrays with DICTIONARY_ELEMENTS in Runtime_Array...

author ishell <ishell@chromium.org>

Thu, 22 Jan 2015 11:15:15 +0000 (03:15 -0800)

committer Commit bot <commit-bot@chromium.org>

Thu, 22 Jan 2015 11:15:30 +0000 (11:15 +0000)
author ishell <ishell@chromium.org>
Thu, 22 Jan 2015 11:15:15 +0000 (03:15 -0800)
committer Commit bot <commit-bot@chromium.org>
Thu, 22 Jan 2015 11:15:30 +0000 (11:15 +0000)
diff --git a/src/runtime/runtime-array.cc b/src/runtime/runtime-array.cc

index a69d8c8..0ba1fa6 100644 (file)
--- a/src/runtime/runtime-array.cc
+++ b/src/runtime/runtime-array.cc
@@ -850,6 +850,7 @@ RUNTIME_FUNCTION(Runtime_ArrayConcat) {
              }
              case FAST_HOLEY_ELEMENTS:
              case FAST_ELEMENTS:
+            case DICTIONARY_ELEMENTS:
                DCHECK_EQ(0, length);
                break;
              default:
diff --git a/test/mjsunit/regress/regress-450895.js b/test/mjsunit/regress/regress-450895.js

new file mode 100644 (file)

index 0000000..48aa00d
--- /dev/null
+++ b/test/mjsunit/regress/regress-450895.js
@@ -0,0 +1,9 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+var v = new Array();
+Object.freeze(v);
+v = v.concat(0.5);
author	ishell <ishell@chromium.org>
	Thu, 22 Jan 2015 11:15:15 +0000 (03:15 -0800)
committer	Commit bot <commit-bot@chromium.org>
	Thu, 22 Jan 2015 11:15:30 +0000 (11:15 +0000)
src/runtime/runtime-array.cc		patch \| blob \| history
test/mjsunit/regress/regress-450895.js	[new file with mode: 0644]	patch \| blob