[webkit-changes] [178353] releases/WebKitGTK/webkit-2.6/Source/JavaScriptCore

[carlosgc]

Title: [178353] releases/WebKitGTK/webkit-2.6/Source/_javascript_Core

Revision

178353

Author

carlo...@webkit.org

Date

2015-01-13 03:28:39 -0800 (Tue, 13 Jan 2015)

Log Message

Merge r177245 - shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
https://bugs.webkit.org/show_bug.cgi?id=139598
<rdar://problem/18779367>

Reviewed by Filip Pizlo.

* runtime/JSArray.cpp:
(JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
* tests/stress/sparse_splice.js: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/ChangeLog
• releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/runtime/JSArray.cpp

Added Paths

• releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/tests/stress/sparse_splice.js

Diff

Modified: releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/ChangeLog (178352 => 178353)

--- releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/ChangeLog	2015-01-13 11:20:23 UTC (rev 178352)
+++ releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/ChangeLog	2015-01-13 11:28:39 UTC (rev 178353)
@@ -1,3 +1,15 @@
+2014-12-12  Matthew Mirman  <mmir...@apple.com>
+
+        shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
+        https://bugs.webkit.org/show_bug.cgi?id=139598
+        <rdar://problem/18779367>
+
+        Reviewed by Filip Pizlo.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
+        * tests/stress/sparse_splice.js: Added.
+
 2014-12-10  Matthew Mirman  <mmir...@apple.com>
 
         Fixes operationPutByIds such that they check that the put didn't

Modified: releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/runtime/JSArray.cpp (178352 => 178353)

--- releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/runtime/JSArray.cpp	2015-01-13 11:20:23 UTC (rev 178352)
+++ releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/runtime/JSArray.cpp	2015-01-13 11:28:39 UTC (rev 178353)
@@ -676,7 +676,7 @@
     // If the array contains holes or is otherwise in an abnormal state,
     // use the generic algorithm in ArrayPrototype.
     if ((storage->hasHoles() && this->structure(vm)->holesMustForwardToPrototype(vm)) 
-        || inSparseIndexingMode() 
+        || hasSparseMap() 
         || shouldUseSlowPut(indexingType())) {
         return false;
     }

Added: releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/tests/stress/sparse_splice.js (0 => 178353)

--- releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/tests/stress/sparse_splice.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.6/Source/_javascript_Core/tests/stress/sparse_splice.js	2015-01-13 11:28:39 UTC (rev 178353)
@@ -0,0 +1,12 @@
+var myArray = Array();
+myArray[ 10000 ] = "a";
+myArray[ 10001 ] = "b";
+myArray[ 10002 ] = "c";
+
+// remove element at index 1001
+myArray.splice( 10001, 1 );
+
+if (myArray[10000] != "a")
+    throw "Splicing Error! start index changed";
+if (myArray[10001] != "c")
+    throw "Splicing Error! removed element not removed";

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes