projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3326b84)
Ensure CopyElementsImpl is always executed so it fills in holes even if from_size...
authorverwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 19 Nov 2012 15:00:34 +0000 (15:00 +0000)
committerverwaest@chromium.org <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 19 Nov 2012 15:00:34 +0000 (15:00 +0000)
Review URL: https://chromiumcodereview.appspot.com/11280054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/elements.cc patch | blob | history
src/objects-inl.h patch | blob | history
src/objects.h patch | blob | history
test/mjsunit/array-store-and-grow.js patch | blob | history

diff --git a/src/elements.cc b/src/elements.cc
index 0f4d533..eb021e5 100644 (file)
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -696,9 +696,6 @@ class ElementsAccessorBase : public ElementsAccessor {
         }
       }
     }
-    if (from->length() == 0 || copy_size == 0) {
-      return from;
-    }
     return ElementsAccessorSubclass::CopyElementsImpl(
         from, from_start, to, to_kind, to_start, packed_size, copy_size);
   }
@@ -1022,17 +1019,17 @@ class FastSmiOrObjectElementsAccessor
             packed_size != kPackedSizeNotKnown) {
           CopyPackedSmiToDoubleElements(
               FixedArray::cast(from), from_start,
-              FixedDoubleArray::cast(to), to_start,
+              FixedDoubleArray::castOrEmptyFixedArray(to), to_start,
               packed_size, copy_size);
         } else {
           CopySmiToDoubleElements(
               FixedArray::cast(from), from_start,
-              FixedDoubleArray::cast(to), to_start, copy_size);
+              FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size);
         }
       } else {
         CopyObjectToDoubleElements(
             FixedArray::cast(from), from_start,
-            FixedDoubleArray::cast(to), to_start, copy_size);
+            FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size);
       }
     } else {
       UNREACHABLE();
@@ -1136,13 +1133,13 @@ class FastDoubleElementsAccessor
       case FAST_HOLEY_SMI_ELEMENTS:
       case FAST_HOLEY_ELEMENTS:
         return CopyDoubleToObjectElements(
-            FixedDoubleArray::cast(from), from_start, FixedArray::cast(to),
-            to_kind, to_start, copy_size);
+            FixedDoubleArray::castOrEmptyFixedArray(from), from_start,
+            FixedArray::cast(to), to_kind, to_start, copy_size);
       case FAST_DOUBLE_ELEMENTS:
       case FAST_HOLEY_DOUBLE_ELEMENTS:
-        CopyDoubleToDoubleElements(FixedDoubleArray::cast(from), from_start,
-                                   FixedDoubleArray::cast(to),
-                                   to_start, copy_size);
+        CopyDoubleToDoubleElements(
+            FixedDoubleArray::castOrEmptyFixedArray(from), from_start,
+            FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size);
         return from;
       default:
         UNREACHABLE();
@@ -1476,7 +1473,8 @@ class DictionaryElementsAccessor
       case FAST_HOLEY_DOUBLE_ELEMENTS:
         CopyDictionaryToDoubleElements(
             SeededNumberDictionary::cast(from), from_start,
-            FixedDoubleArray::cast(to), to_start, copy_size);
+            FixedDoubleArray::castOrEmptyFixedArray(to), to_start,
+            copy_size);
         return from;
       default:
         UNREACHABLE();
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 7db9175..b2efe2b 100644 (file)
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -2342,6 +2342,13 @@ void SeededNumberDictionary::set_requires_slow_elements() {
 // Cast operations
 
 
+FixedDoubleArray* FixedDoubleArray::castOrEmptyFixedArray(Object* object) {
+  ASSERT(object == HeapObject::cast(object)->GetHeap()->empty_fixed_array() ||
+         object->IsFixedDoubleArray());
+  return reinterpret_cast<FixedDoubleArray*>(object);
+}
+
+
 CAST_ACCESSOR(FixedArray)
 CAST_ACCESSOR(FixedDoubleArray)
 CAST_ACCESSOR(DescriptorArray)
diff --git a/src/objects.h b/src/objects.h
index 2881ec8..dbee6f3 100644 (file)
--- a/src/objects.h
+++ b/src/objects.h
@@ -2488,6 +2488,7 @@ class FixedDoubleArray: public FixedArrayBase {
 
   // Casting.
   static inline FixedDoubleArray* cast(Object* obj);
+  static inline FixedDoubleArray* castOrEmptyFixedArray(Object* obj);
 
   // Maximal allowed size, in bytes, of a single FixedDoubleArray.
   // Prevents overflowing size computations, as well as extreme memory
diff --git a/test/mjsunit/array-store-and-grow.js b/test/mjsunit/array-store-and-grow.js
index 131d4eb..88f3db8 100644 (file)
--- a/test/mjsunit/array-store-and-grow.js
+++ b/test/mjsunit/array-store-and-grow.js
@@ -99,7 +99,10 @@ array_store_5(a, 1, 0.5);
 a = makeCOW();
 array_store_5(a, 1, 0.5);
 assertEquals(0.5, a[1]);
-assertEquals(0.5, array_store_5([], 1, 0.5));
+a = [];
+assertEquals(0.5, array_store_5(a, 1, 0.5));
+assertEquals(undefined, a[0]);
+assertEquals(0.5, a[1]);
 
 function array_store_6(a,b,c) {
   return (a[b] = c);
Domain: Web Framework / Web Engine;