From: verwaest@chromium.org Date: Mon, 19 Nov 2012 15:00:34 +0000 (+0000) Subject: Ensure CopyElementsImpl is always executed so it fills in holes even if from_size... X-Git-Tag: upstream/4.7.83~15616 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=08cfda49f23fc95994f9459c8917f92affeef4eb;p=platform%2Fupstream%2Fv8.git Ensure CopyElementsImpl is always executed so it fills in holes even if from_size is 0. Allow FixedDoubleArray::cast to also support FixedArray with size 0. Review URL: https://chromiumcodereview.appspot.com/11280054 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13000 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/elements.cc b/src/elements.cc index 0f4d533..eb021e5 100644 --- a/src/elements.cc +++ b/src/elements.cc @@ -696,9 +696,6 @@ class ElementsAccessorBase : public ElementsAccessor { } } } - if (from->length() == 0 || copy_size == 0) { - return from; - } return ElementsAccessorSubclass::CopyElementsImpl( from, from_start, to, to_kind, to_start, packed_size, copy_size); } @@ -1022,17 +1019,17 @@ class FastSmiOrObjectElementsAccessor packed_size != kPackedSizeNotKnown) { CopyPackedSmiToDoubleElements( FixedArray::cast(from), from_start, - FixedDoubleArray::cast(to), to_start, + FixedDoubleArray::castOrEmptyFixedArray(to), to_start, packed_size, copy_size); } else { CopySmiToDoubleElements( FixedArray::cast(from), from_start, - FixedDoubleArray::cast(to), to_start, copy_size); + FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size); } } else { CopyObjectToDoubleElements( FixedArray::cast(from), from_start, - FixedDoubleArray::cast(to), to_start, copy_size); + FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size); } } else { UNREACHABLE(); @@ -1136,13 +1133,13 @@ class FastDoubleElementsAccessor case FAST_HOLEY_SMI_ELEMENTS: case FAST_HOLEY_ELEMENTS: return CopyDoubleToObjectElements( - FixedDoubleArray::cast(from), from_start, FixedArray::cast(to), - to_kind, to_start, copy_size); + FixedDoubleArray::castOrEmptyFixedArray(from), from_start, + FixedArray::cast(to), to_kind, to_start, copy_size); case FAST_DOUBLE_ELEMENTS: case FAST_HOLEY_DOUBLE_ELEMENTS: - CopyDoubleToDoubleElements(FixedDoubleArray::cast(from), from_start, - FixedDoubleArray::cast(to), - to_start, copy_size); + CopyDoubleToDoubleElements( + FixedDoubleArray::castOrEmptyFixedArray(from), from_start, + FixedDoubleArray::castOrEmptyFixedArray(to), to_start, copy_size); return from; default: UNREACHABLE(); @@ -1476,7 +1473,8 @@ class DictionaryElementsAccessor case FAST_HOLEY_DOUBLE_ELEMENTS: CopyDictionaryToDoubleElements( SeededNumberDictionary::cast(from), from_start, - FixedDoubleArray::cast(to), to_start, copy_size); + FixedDoubleArray::castOrEmptyFixedArray(to), to_start, + copy_size); return from; default: UNREACHABLE(); diff --git a/src/objects-inl.h b/src/objects-inl.h index 7db9175..b2efe2b 100644 --- a/src/objects-inl.h +++ b/src/objects-inl.h @@ -2342,6 +2342,13 @@ void SeededNumberDictionary::set_requires_slow_elements() { // Cast operations +FixedDoubleArray* FixedDoubleArray::castOrEmptyFixedArray(Object* object) { + ASSERT(object == HeapObject::cast(object)->GetHeap()->empty_fixed_array() || + object->IsFixedDoubleArray()); + return reinterpret_cast(object); +} + + CAST_ACCESSOR(FixedArray) CAST_ACCESSOR(FixedDoubleArray) CAST_ACCESSOR(DescriptorArray) diff --git a/src/objects.h b/src/objects.h index 2881ec8..dbee6f3 100644 --- a/src/objects.h +++ b/src/objects.h @@ -2488,6 +2488,7 @@ class FixedDoubleArray: public FixedArrayBase { // Casting. static inline FixedDoubleArray* cast(Object* obj); + static inline FixedDoubleArray* castOrEmptyFixedArray(Object* obj); // Maximal allowed size, in bytes, of a single FixedDoubleArray. // Prevents overflowing size computations, as well as extreme memory diff --git a/test/mjsunit/array-store-and-grow.js b/test/mjsunit/array-store-and-grow.js index 131d4eb..88f3db8 100644 --- a/test/mjsunit/array-store-and-grow.js +++ b/test/mjsunit/array-store-and-grow.js @@ -99,7 +99,10 @@ array_store_5(a, 1, 0.5); a = makeCOW(); array_store_5(a, 1, 0.5); assertEquals(0.5, a[1]); -assertEquals(0.5, array_store_5([], 1, 0.5)); +a = []; +assertEquals(0.5, array_store_5(a, 1, 0.5)); +assertEquals(undefined, a[0]); +assertEquals(0.5, a[1]); function array_store_6(a,b,c) { return (a[b] = c);