diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc index 0263ddc1d4d6..761676aa8e96 100644 --- a/src/bootstrapper.cc +++ b/src/bootstrapper.cc @@ -3072,13 +3072,13 @@ void Genesis::InitializeGlobal(Handle global_object, { // length Descriptor d = Descriptor::DataField( factory->length_string(), JSSloppyArgumentsObject::kLengthIndex, - DONT_ENUM, Representation::Smi()); + DONT_ENUM, Representation::Tagged()); map->AppendDescriptor(&d); } { // callee Descriptor d = Descriptor::DataField( factory->callee_string(), JSSloppyArgumentsObject::kCalleeIndex, - DONT_ENUM, Representation::HeapObject()); + DONT_ENUM, Representation::Tagged()); map->AppendDescriptor(&d); } // @@iterator method is added later. @@ -3129,7 +3129,7 @@ void Genesis::InitializeGlobal(Handle global_object, { // length Descriptor d = Descriptor::DataField( factory->length_string(), JSStrictArgumentsObject::kLengthIndex, - DONT_ENUM, Representation::Smi()); + DONT_ENUM, Representation::Tagged()); map->AppendDescriptor(&d); } { // callee diff --git a/src/compiler/access-builder.cc b/src/compiler/access-builder.cc index 0a58bcdb6a41..11925a84db14 100644 --- a/src/compiler/access-builder.cc +++ b/src/compiler/access-builder.cc @@ -716,8 +716,8 @@ FieldAccess AccessBuilder::ForValue() { FieldAccess AccessBuilder::ForArgumentsLength() { FieldAccess access = {kTaggedBase, JSArgumentsObject::kLengthOffset, Handle(), MaybeHandle(), - Type::SignedSmall(), MachineType::TaggedSigned(), - kNoWriteBarrier}; + Type::NonInternal(), MachineType::AnyTagged(), + kFullWriteBarrier}; return access; } diff --git a/test/mjsunit/arguments.js b/test/mjsunit/arguments.js index 97ec7cca6d9c..8cdc0608e7d8 100644 --- a/test/mjsunit/arguments.js +++ b/test/mjsunit/arguments.js @@ -271,3 +271,17 @@ assertEquals(117, arg_set(0xFFFFFFFF)); assertEquals(undefined, args[key]); assertEquals(2, args.length); })(); + +(function testSloppyArgumentsLengthMapChange() { + function f(a) { return arguments }; + let args1 = f(1); + let args2 = f(1,2); + assertTrue(%HaveSameMap(args1, args2)); + // Changing the length type doesn't causes a map transition. + args2.length = 12; + assertTrue(%HaveSameMap(args1, args2)); + args2.length = 12.0; + assertTrue(%HaveSameMap(args1, args2)); + args2.length = "aa" + assertTrue(%HaveSameMap(args1, args2)); +})();