Skip to site navigation (Press enter)

[webkit-changes] [205226] branches/safari-602-branch/Source/JavaScriptCore

bshafiei Wed, 31 Aug 2016 00:20:07 -0700

Title: [205226] branches/safari-602-branch/Source/_javascript_Core

Revision: 205226
Author: [email protected]
Date: 2016-08-31 00:19:50 -0700 (Wed, 31 Aug 2016)

Log Message

Merge r203798. rdar://problem/27991578


Modified Paths

branches/safari-602-branch/Source/_javascript_Core/ChangeLog
branches/safari-602-branch/Source/_javascript_Core/runtime/ArrayPrototype.cpp


Added Paths

branches/safari-602-branch/Source/_javascript_Core/tests/
branches/safari-602-branch/Source/_javascript_Core/tests/stress/
branches/safari-602-branch/Source/_javascript_Core/tests/stress/concat-append-one-with-sparse-array.js

Diff

Modified: branches/safari-602-branch/Source/_javascript_Core/ChangeLog (205225 => 205226)


--- branches/safari-602-branch/Source/_javascript_Core/ChangeLog	2016-08-31 07:19:43 UTC (rev 205225)
+++ branches/safari-602-branch/Source/_javascript_Core/ChangeLog	2016-08-31 07:19:50 UTC (rev 205226)
@@ -1,3 +1,23 @@
+2016-08-30  Babak Shafiei  <[email protected]>
+
+        Merge r203798. rdar://problem/27991578
+
+    2016-07-27  Keith Miller  <[email protected]>
+
+            concatAppendOne should allocate using the indexing type of the array if it cannot merge
+            https://bugs.webkit.org/show_bug.cgi?id=160261
+            <rdar://problem/27530122>
+
+            Reviewed by Mark Lam.
+
+            Before, if we could not merge the indexing types for copying, we would allocate the
+            the array as ArrayWithUndecided. Instead, we should allocate an array with the original
+            array's indexing type.
+
+            * runtime/ArrayPrototype.cpp:
+            (JSC::concatAppendOne):
+            * tests/stress/concat-append-one-with-sparse-array.js: Added.
+
 2016-08-17  Babak Shafiei  <[email protected]>
 
         Merge r204572. rdar://problem/27889416

Modified: branches/safari-602-branch/Source/_javascript_Core/runtime/ArrayPrototype.cpp (205225 => 205226)


--- branches/safari-602-branch/Source/_javascript_Core/runtime/ArrayPrototype.cpp	2016-08-31 07:19:43 UTC (rev 205225)
+++ branches/safari-602-branch/Source/_javascript_Core/runtime/ArrayPrototype.cpp	2016-08-31 07:19:50 UTC (rev 205226)
@@ -1125,7 +1125,7 @@
 
     IndexingType type = first->mergeIndexingTypeForCopying(indexingTypeForValue(second) | IsArray);
     if (type == NonArray)
-        type = ArrayWithUndecided;
+        type = first->indexingType();
 
     Structure* resultStructure = exec->lexicalGlobalObject()->arrayStructureForIndexingTypeDuringAllocation(type);
     JSArray* result = JSArray::create(vm, resultStructure, firstArraySize + 1);

Added: branches/safari-602-branch/Source/_javascript_Core/tests/stress/concat-append-one-with-sparse-array.js (0 => 205226)


--- branches/safari-602-branch/Source/_javascript_Core/tests/stress/concat-append-one-with-sparse-array.js	                        (rev 0)
+++ branches/safari-602-branch/Source/_javascript_Core/tests/stress/concat-append-one-with-sparse-array.js	2016-08-31 07:19:50 UTC (rev 205226)
@@ -0,0 +1,6 @@
+//@ skip
+
+let length = 0x10001000;
+
+let foo = new Array(length);
+foo.concat(1);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes