From 56eb46e0969d79bc41d7a2c2796ce147b04774e2 Mon Sep 17 00:00:00 2001
From: "antonm@chromium.org"
 <antonm@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 4 Mar 2010 21:29:33 +0000
Subject: [PATCH] Fix a special case (zero length result array).

Review URL: http://codereview.chromium.org/669075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/builtins.cc              | 17 +++++++++++++++--
 test/mjsunit/array-slice.js  | 11 +++++++++++
 test/mjsunit/array-splice.js | 11 +++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/builtins.cc b/src/builtins.cc
index b51de33..50f36e5 100644
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -251,6 +251,16 @@ static Object* AllocateJSArray() {
 }
 
 
+static Object* AllocateEmptyJSArray() {
+  Object* result = AllocateJSArray();
+  if (result->IsFailure()) return result;
+  JSArray* result_array = JSArray::cast(result);
+  result_array->set_length(Smi::FromInt(0));
+  result_array->set_elements(Heap::empty_fixed_array());
+  return result_array;
+}
+
+
 static void CopyElements(AssertNoAllocation* no_gc,
                          FixedArray* dst,
                          int dst_index,
@@ -535,8 +545,8 @@ BUILTIN(ArraySlice) {
 
   // Calculate the length of result array.
   int result_len = final - k;
-  if (result_len < 0) {
-    result_len = 0;
+  if (result_len <= 0) {
+    return AllocateEmptyJSArray();
   }
 
   Object* result = AllocateJSArray();
@@ -606,6 +616,9 @@ BUILTIN(ArraySplice) {
     }
   }
   int actualDeleteCount = Min(Max(deleteCount, 0), len - actualStart);
+  if (actualDeleteCount == 0) {
+    return AllocateEmptyJSArray();
+  }
 
   // Allocate result array.
   Object* result = AllocateJSArray();
diff --git a/test/mjsunit/array-slice.js b/test/mjsunit/array-slice.js
index c993a07..30e9f3e 100644
--- a/test/mjsunit/array-slice.js
+++ b/test/mjsunit/array-slice.js
@@ -36,6 +36,17 @@
 })();
 
 
+// Check various variants of empty array's slicing.
+(function() {
+  for (var i = 0; i < 7; i++) {
+    assertEquals([], [].slice(0, 0));
+    assertEquals([], [].slice(1, 0));
+    assertEquals([], [].slice(0, 1));
+    assertEquals([], [].slice(-1, 0));
+  }
+})();
+
+
 // Check various forms of arguments omission.
 (function() {
   var array = new Array(7);
diff --git a/test/mjsunit/array-splice.js b/test/mjsunit/array-splice.js
index 6501ba4..bd471ec 100644
--- a/test/mjsunit/array-splice.js
+++ b/test/mjsunit/array-splice.js
@@ -42,6 +42,17 @@
 })();
 
 
+// Check various variants of empty array's splicing.
+(function() {
+  for (var i = 0; i < 7; i++) {
+    assertEquals([], [].splice(0, 0));
+    assertEquals([], [].splice(1, 0));
+    assertEquals([], [].splice(0, 1));
+    assertEquals([], [].splice(-1, 0));
+  }
+})();
+
+
 // Check various forms of arguments omission.
 (function() {
   var array;
-- 
2.7.4