lib: inline `Array` operations in `FreeList` methods
This inlines a simplified behaviour of %Array.prototype.pop%
and %Array.prototype.push%
in FreeList
’s methods and sets the prototype of the list
to null
so that OrdinarySetWithOwnDescriptor doesn’t walk up the prototype chain.
This avoids depending on user code not mutating %Array.prototype%.pop
and %Array.prototype%.push
.
Refs: https://github.com/nodejs/node/pull/36565 Refs: https://github.com/nodejs/node/pull/36600
If I had to guess, I’d say V8 is doing some inlining shenanigans when it detects a
push
orpop
method on an ordinary array with%Array.prototype%
in its[[Prototype]]
internal slot.
/cc @aduh95 @Lxxyx