Skip to site navigation (Press enter)

[webkit-changes] [228596] branches/safari-605-branch

jmarcell Sat, 17 Feb 2018 10:36:09 -0800

Title: [228596] branches/safari-605-branch

Revision: 228596
Author: [email protected]
Date: 2018-02-17 10:35:46 -0800 (Sat, 17 Feb 2018)

Log Message

Cherry-pick r228454. rdar://problem/37615380


Modified Paths

branches/safari-605-branch/JSTests/ChangeLog
branches/safari-605-branch/Source/_javascript_Core/ChangeLog
branches/safari-605-branch/Source/_javascript_Core/runtime/JSObject.cpp


Added Paths

branches/safari-605-branch/JSTests/stress/always-enter-dictionary-indexing-mode-with-getter.js

Diff

Modified: branches/safari-605-branch/JSTests/ChangeLog (228595 => 228596)


--- branches/safari-605-branch/JSTests/ChangeLog	2018-02-17 06:01:58 UTC (rev 228595)
+++ branches/safari-605-branch/JSTests/ChangeLog	2018-02-17 18:35:46 UTC (rev 228596)
@@ -1,3 +1,21 @@
+2018-02-16  Jason Marcell  <[email protected]>
+
+        Cherry-pick r228454. rdar://problem/37615380
+
+    2018-02-13  Saam Barati  <[email protected]>
+
+            putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode always if attributes are present
+            https://bugs.webkit.org/show_bug.cgi?id=182755
+            <rdar://problem/37080864>
+
+            Reviewed by Keith Miller.
+
+            * stress/always-enter-dictionary-indexing-mode-with-getter.js: Added.
+            (test1.o.get 10005):
+            (test1):
+            (test2.o.get 1000):
+            (test2):
+
 2018-02-15  Jason Marcell  <[email protected]>
 
         Cherry-pick r228488. rdar://problem/37570860

Added: branches/safari-605-branch/JSTests/stress/always-enter-dictionary-indexing-mode-with-getter.js (0 => 228596)


--- branches/safari-605-branch/JSTests/stress/always-enter-dictionary-indexing-mode-with-getter.js	                        (rev 0)
+++ branches/safari-605-branch/JSTests/stress/always-enter-dictionary-indexing-mode-with-getter.js	2018-02-17 18:35:46 UTC (rev 228596)
@@ -0,0 +1,29 @@
+function test1(item) {
+    var o = {
+        10000: item,
+        get 10005() { },
+    };
+    let arr = new Array(10008);
+    for (let key of arr.keys()) {
+        let o2 = {};
+        o[key] = o2;
+    }
+}
+test1({});
+test1(10);
+test1(10.5);
+
+function test2(item) {
+    var o = {
+        0: item,
+        get 1000() { },
+    };
+    let arr = new Array(1000);
+    for (let key of arr.keys()) {
+        let o2 = {};
+        o[key] = o2;
+    }
+}
+test2({});
+test2(10);
+test2(10.5);

Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (228595 => 228596)


--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-17 06:01:58 UTC (rev 228595)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-17 18:35:46 UTC (rev 228596)
@@ -1,3 +1,24 @@
+2018-02-16  Jason Marcell  <[email protected]>
+
+        Cherry-pick r228454. rdar://problem/37615380
+
+    2018-02-13  Saam Barati  <[email protected]>
+
+            putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode always if attributes are present
+            https://bugs.webkit.org/show_bug.cgi?id=182755
+            <rdar://problem/37080864>
+
+            Reviewed by Keith Miller.
+
+            putDirectIndexSlowOrBeyondVectorLength with non-zero attributes only converted
+            the object in question to a dictionary indexing mode when the index is less than
+            the vector length. This makes no sense. If we're defining a getter, setter, or read
+            only property, we must always enter the dictionary indexing mode irrespective
+            of the index in relation to the vector length.
+
+            * runtime/JSObject.cpp:
+            (JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):
+
 2018-02-15  Jason Marcell  <[email protected]>
 
         Cherry-pick r228481. rdar://problem/37570863

Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSObject.cpp (228595 => 228596)


--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSObject.cpp	2018-02-17 06:01:58 UTC (rev 228595)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSObject.cpp	2018-02-17 18:35:46 UTC (rev 228596)
@@ -2922,11 +2922,9 @@
     }
         
     case ALL_INT32_INDEXING_TYPES: {
-        if (attributes) {
-            if (i < m_butterfly->vectorLength())
-                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
-            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertInt32ToArrayStorage(vm));
-        }
+        ASSERT(!indexingShouldBeSparse());
+        if (attributes)
+            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
         if (!value.isInt32()) {
             convertInt32ForValue(vm, value);
             return putDirectIndexSlowOrBeyondVectorLength(exec, i, value, attributes, mode);
@@ -2936,11 +2934,9 @@
     }
         
     case ALL_DOUBLE_INDEXING_TYPES: {
-        if (attributes) {
-            if (i < m_butterfly->vectorLength())
-                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
-            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertDoubleToArrayStorage(vm));
-        }
+        ASSERT(!indexingShouldBeSparse());
+        if (attributes)
+            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
         if (!value.isNumber()) {
             convertDoubleToContiguous(vm);
             return putDirectIndexSlowOrBeyondVectorLength(exec, i, value, attributes, mode);
@@ -2955,20 +2951,16 @@
     }
         
     case ALL_CONTIGUOUS_INDEXING_TYPES: {
-        if (attributes) {
-            if (i < m_butterfly->vectorLength())
-                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
-            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, convertContiguousToArrayStorage(vm));
-        }
+        ASSERT(!indexingShouldBeSparse());
+        if (attributes)
+            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
         putByIndexBeyondVectorLengthWithoutAttributes<ContiguousShape>(exec, i, value);
         return true;
     }
 
     case ALL_ARRAY_STORAGE_INDEXING_TYPES:
-        if (attributes) {
-            if (i < m_butterfly->vectorLength())
-                return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
-        }
+        if (attributes)
+            return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, ensureArrayStorageExistsAndEnterDictionaryIndexingMode(vm));
         return putDirectIndexBeyondVectorLengthWithArrayStorage(exec, i, value, attributes, mode, arrayStorage());
         
     default:

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes