IgnoredAmbience
commented
9 years ago (Note to self, need to run a regression test for this and #22)
Closed IgnoredAmbience closed 9 years ago
IgnoredAmbience
commented
9 years ago (Note to self, need to run a regression test for this and #22)
conrad-watt
commented
9 years ago Oh wow, this is super nasty.
IgnoredAmbience
commented
9 years ago Was that function defined by you or from v8?
IgnoredAmbience
commented
9 years ago tests/test262/ch15/15.4/15.4.4/15.4.4.20/15.4.4.20-9-b-6.js is a variant on the theme, I'm just looking at.
conrad-watt
commented
9 years ago All javascript functions beginning with % were written by me, the % denotes an assembly/c++ callout in the original v8.
In %MoveArrayContents, array[i] was used to assign fields of the array. This relies on [[CanPut]] being true in order to call [[DefineOwnProperty]](as specified in the individual Array methods).
However, if a prototype of Array has a getter (but no setter) defined for the desired property, [[CanPut]] will always return false.
We should therefore use Object.defineProperty() (or similar) to force the use of [[DefineOwnProperty]].
Fixes: tests/test262/ch15/15.4/15.4.4/15.4.4.19/15.4.4.19-8-b-6.js