[v8-dev] Allow JSArray fast moving elements even if the array's proto isn't Array.prototype in original state (issue 706703005 by [email protected])

Thu, 06 Nov 2014 04:21:02 -0800 

Reviewers: mvstanton, Michael Achenbach,

Message:
PTAL

Description:
Allow JSArray fast moving elements even if the array's proto isn't
Array.prototype in original state
Otherwise array builtins don't work on internal arrays.

BUG=v8:3681
LOG=n

Please review this at https://codereview.chromium.org/706703005/

Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+9, -14 lines):
  M src/builtins.cc


Index: src/builtins.cc
diff --git a/src/builtins.cc b/src/builtins.cc
index 8dbaa487b1bf7eacee5d18eb9c3030c404ec00a9..2057bc0d78dd71261974512b2575990c9081bb97 100644 
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -186,19 +186,15 @@ static bool ArrayPrototypeHasNoElements(Heap* heap,
                                         Context* native_context,
                                         JSObject* array_proto) {
   DisallowHeapAllocation no_gc;
-  // This method depends on non writability of Object and Array prototype
-  // fields.
-  if (array_proto->elements() != heap->empty_fixed_array()) return false;
-  // Object.prototype
-  PrototypeIterator iter(heap->isolate(), array_proto);
-  if (iter.IsAtEnd()) {
-    return false;
+  PrototypeIterator iter(heap->isolate(), array_proto,
+                         PrototypeIterator::START_AT_RECEIVER);
+  for (; !iter.IsAtEnd(); iter.Advance()) {
+    if (JSObject::cast(iter.GetCurrent())->elements() !=
+        heap->empty_fixed_array()) {
+      return false;
+    }
   }
-  array_proto = JSObject::cast(iter.GetCurrent());
- if (array_proto != native_context->initial_object_prototype()) return false; 
-  if (array_proto->elements() != heap->empty_fixed_array()) return false;
-  iter.Advance();
-  return iter.IsAtEnd();
+  return true;
 }
@@ -210,8 +206,7 @@ static inline bool IsJSArrayFastElementMovingAllowed(Heap* heap, 
   JSObject* array_proto =
       JSObject::cast(native_context->array_function()->prototype());
   PrototypeIterator iter(heap->isolate(), receiver);
-  return iter.GetCurrent() == array_proto &&
-         ArrayPrototypeHasNoElements(heap, native_context, array_proto);
+  return ArrayPrototypeHasNoElements(heap, native_context, array_proto);
 }




--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to