Arrays created with new Array(n) are not assumed to be sparse unless the given

size is truly huge.  A test had to be modified slightly so as not to be too slow.
Review URL: http://codereview.chromium.org/40163

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/builtins.cc b/src/builtins.cc
index 12e985d..9220698 100644 (file)
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -155,7 +155,7 @@ BUILTIN(ArrayCode) {
     Object* obj = BUILTIN_ARG(1);
     if (obj->IsSmi()) {
       int len = Smi::cast(obj)->value();
-      if (len >= 0 && len < JSObject::kMaxFastElementsLength) {
+      if (len >= 0 && len < JSObject::kInitialMaxFastElementArray) {
         Object* obj = Heap::AllocateFixedArrayWithHoles(len);
         if (obj->IsFailure()) return obj;
         array->SetContent(FixedArray::cast(obj));

diff --git a/src/objects.h b/src/objects.h
index c7d4808..4b2a5f2 100644 (file)
--- a/src/objects.h
+++ b/src/objects.h
@@ -1433,6 +1433,7 @@ class JSObject: public HeapObject {
 
   static const uint32_t kMaxGap = 1024;
   static const int kMaxFastElementsLength = 5000;
+  static const int kInitialMaxFastElementArray = 100000;
   static const int kMaxFastProperties = 8;
   static const int kMaxInstanceSize = 255 * kPointerSize;
   // When extending the backing storage for property values, we increase

diff --git a/test/mjsunit/fuzz-natives.js b/test/mjsunit/fuzz-natives.js
index a2c3217..64331d1 100644 (file)
--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -31,8 +31,8 @@ function makeArguments() {
   var result = [ ];
   result.push(17);
   result.push(-31);
-  result.push(Number.MAX_VALUE);
-  result.push(new Array(5003));
+  result.push(new Array(100));
+  result.push(new Array(100003));
   result.push(Number.MIN_VALUE);
   result.push("whoops");
   result.push("x");