https://codereview.chromium.org/11416238/diff/1001/src/elements.cc File src/elements.cc (right):
https://codereview.chromium.org/11416238/diff/1001/src/elements.cc#newcode1045 src/elements.cc:1045: return CopyElementsImpl(arguments, from_start, to, from_kind, On 2012/11/29 09:39:32, Michael Starzinger wrote:
Are you sure this is correct? This seems to only copy elements from
the
arguments backing store but ignore aliased arguments. Also it seems
like the
AliasedArgumentsEntry might escape through this path.
I looked into this problem. The current situation is horrible. The only way I see to resolve this cleanly is to move the implementation of SetFastElementsCapacityAndLength from objects.cc into the elements accessor next. Thereby not calling CopyElements() on arguments->elements() with arguments->elements()->get(1) as the target, which is just insane. Could you please add a TODO to this case that it should actually be unreachable and is a temporary hack for SetFastElementsCapacityAndLength() only? https://codereview.chromium.org/11416238/ -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
