%TypedArray%.prototype.fill must only evaluate its argument once
Created attachment 409531 [details] Patch
Comment on attachment 409531 [details] Patch r=me
Comment on attachment 409531 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409531&action=review > Source/JavaScriptCore/builtins/TypedArrayPrototype.js:94 > + var number = @toNumber(value); According to its ChangeLog, https://webkit.org/b/157088 made the opposite change. Have the spec changed since?
(In reply to Alexey Shvayka from comment #3) > Comment on attachment 409531 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=409531&action=review > > > Source/JavaScriptCore/builtins/TypedArrayPrototype.js:94 > > + var number = @toNumber(value); > > According to its ChangeLog, https://webkit.org/b/157088 made the opposite > change. Have the spec changed since? I'm not authorized to see that ticket, but the current spec is clear: https://tc39.es/ecma262/#sec-%typedarray%.prototype.fill (step 5; step 4 is absent because we don't yet support BigInt typed arrays) And we're the only ones to fail the test: https://test262.report/browse/built-ins/TypedArray/prototype/fill/fill-values-conversion-once.js
Oh, I see that it's this patch: https://github.com/WebKit/webkit/commit/43383ccbb7d9c88b31d8e330fe3b32705b8305a5 Yeah, it looks like the spec was changed here three years ago: https://github.com/tc39/ecma262/pull/856
Created attachment 409536 [details] Patch for landing
Committed r267522: <https://trac.webkit.org/changeset/267522> All reviewed patches have been landed. Closing bug and clearing flags on attachment 409536 [details].
<rdar://problem/69485929>
*** Bug 199141 has been marked as a duplicate of this bug. ***