[v8-dev] [v8] r14759 committed - Fix Object.freeze on dictionary-backed arrays to properly freeze eleme...

Wed, 22 May 2013 13:40:26 -0700 

Revision: 14759
Author:   [email protected]
Date:     Wed May 22 13:40:04 2013
Log: Fix Object.freeze on dictionary-backed arrays to properly freeze elements 


Follow-up to r14758: slightly rearranges JSObject::Freeze() to avoid  
duplicating

code while still retaining proper dictionary elements storage behavior.

Also fix a lint error.

[email protected]

Review URL: https://codereview.chromium.org/15737018
http://code.google.com/p/v8/source/detail?r=14759

Modified:
 /branches/bleeding_edge/src/objects.cc
 /branches/bleeding_edge/test/mjsunit/object-freeze.js

=======================================
--- /branches/bleeding_edge/src/objects.cc      Wed May 22 11:53:58 2013
+++ /branches/bleeding_edge/src/objects.cc      Wed May 22 13:40:04 2013
@@ -5408,17 +5408,12 @@
       GetElementsCapacityAndUsage(&capacity, &used);

       MaybeObject* maybe_dict = SeededNumberDictionary::Allocate(heap,  
used);

       if (!maybe_dict->To(&new_element_dictionary)) return maybe_dict;
-      // Make sure that we never go back to fast case.
-      new_element_dictionary->set_requires_slow_elements();


       // Move elements to a dictionary; avoid calling NormalizeElements to  
avoid

       // unnecessary transitions.

       maybe_dict = CopyFastElementsToDictionary(isolate, elements(),  
length,

                                                 new_element_dictionary);
       if (!maybe_dict->To(&new_element_dictionary)) return maybe_dict;
-
-      // Freeze all the elements in the dictionary.
-      FreezeDictionary(new_element_dictionary);
     } else {
       // No existing elements, use a pre-allocated empty backing store
       new_element_dictionary = heap->empty_slow_element_dictionary();
@@ -5470,8 +5465,17 @@
   }

   ASSERT(map()->has_dictionary_elements());
-  if (new_element_dictionary != NULL)
+  if (new_element_dictionary != NULL) {
     set_elements(new_element_dictionary);
+  }
+
+  if (elements() != heap->empty_slow_element_dictionary()) {
+    SeededNumberDictionary* dictionary = element_dictionary();
+    // Make sure we never go back to the fast case
+    dictionary->set_requires_slow_elements();
+    // Freeze all elements in the dictionary
+    FreezeDictionary(dictionary);
+  }

   return this;
 }
=======================================

--- /branches/bleeding_edge/test/mjsunit/object-freeze.js	Wed May 22  
11:53:58 2013
+++ /branches/bleeding_edge/test/mjsunit/object-freeze.js	Wed May 22  
13:40:04 2013

@@ -253,3 +253,9 @@
 };
 func('hello', 'world');
 func('goodbye', 'world');
+
+// Freezing sparse arrays
+var sparseArr = [0, 1];
+sparseArr[10000] = 10000;
+Object.freeze(sparseArr);
+assertTrue(Object.isFrozen(sparseArr));

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
















    











					Reply via email to