Patch coming.
Created attachment 295315 [details] proposed patch.
Comment on attachment 295315 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review > Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213 > + RETURN_IF_EXCEPTION(scope, false); I wonder if this should be an assertion instead of a return. Why would this fail?
Comment on attachment 295315 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review >> Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213 >> + RETURN_IF_EXCEPTION(scope, false); > > I wonder if this should be an assertion instead of a return. Why would this fail? I think you're right. As far as I can remember, the reason I added this check was because: 1. putDirectMayBeIndex() may call putDirectIndex() with mode PutDirectIndexLikePutDirect. 2. putDirectIndex() may call putDirectIndexBeyondVectorLength(). 3. putDirectIndexBeyondVectorLength() may call putDirectIndexBeyondVectorLengthWithArrayStorage(). 4. putDirectIndexBeyondVectorLengthWithArrayStorage() may throw if mode == PutDirectIndexShouldThrow. So, in our case here, we wouldn't expect an exception because the PutDirectIndexMode is never PutDirectIndexShouldThrow. I'll change this to an assert.
Created attachment 304729 [details] Patch for landing.
Thanks for the review. Landed in r214085: <http://trac.webkit.org/r214085>.