Changeset 128706 in webkit


Ignore:
Timestamp:
Sep 16, 2012 12:22:46 AM (12 years ago)
Author:
fpizlo@apple.com
Message:

JSObject.cpp and JSArray.cpp have inconsistent tests for the invalid array index case
https://bugs.webkit.org/show_bug.cgi?id=96878

Reviewed by Sam Weinig.

Removed the uses of UNLIKELY() because I don't believe they are buying us anything,
since we're already on the slow path. Also found other places where we're testing for
the invalid array index case using unusual predicates rather than just using
MAX_ARRAY_INDEX. With this change, I believe that all of our tests for invalid
array indices (i.e. indices that should be treated as non-indexed properties)
uniformly use MAX_ARRAY_INDEX and PropertyName::NotAnIndex.

  • runtime/JSArray.cpp:

(JSC::JSArray::push):

  • runtime/JSObject.cpp:

(JSC::JSObject::putByIndex):
(JSC::JSObject::defineOwnIndexedProperty):

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r128705 r128706  
     12012-09-16  Filip Pizlo  <fpizlo@apple.com>
     2
     3        JSObject.cpp and JSArray.cpp have inconsistent tests for the invalid array index case
     4        https://bugs.webkit.org/show_bug.cgi?id=96878
     5
     6        Reviewed by Sam Weinig.
     7
     8        Removed the uses of UNLIKELY() because I don't believe they are buying us anything,
     9        since we're already on the slow path. Also found other places where we're testing for
     10        the invalid array index case using unusual predicates rather than just using
     11        MAX_ARRAY_INDEX. With this change, I believe that all of our tests for invalid
     12        array indices (i.e. indices that should be treated as non-indexed properties)
     13        uniformly use MAX_ARRAY_INDEX and PropertyName::NotAnIndex.
     14
     15        * runtime/JSArray.cpp:
     16        (JSC::JSArray::push):
     17        * runtime/JSObject.cpp:
     18        (JSC::JSObject::putByIndex):
     19        (JSC::JSObject::defineOwnIndexedProperty):
     20
    1212012-09-15  Filip Pizlo  <fpizlo@apple.com>
    222

  • trunk/Source/JavaScriptCore/runtime/JSArray.cpp

    r128680 r128706  
    478478        }
    479479
    480         // Pushing to an array of length 2^32-1 stores the property, but throws a range error.
    481         if (UNLIKELY(storage->length() == 0xFFFFFFFFu)) {
     480        // Pushing to an array of invalid length (2^31-1) stores the property, but throws a range error.
     481        if (storage->length() > MAX_ARRAY_INDEX) {
    482482            methodTable()->putByIndex(this, exec, storage->length(), value, true);
    483483            // Per ES5.1 15.4.4.7 step 6 & 15.4.5.1 step 3.d.

  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r128705 r128706  
    348348    thisObject->checkIndexingConsistency();
    349349   
    350     if (UNLIKELY(propertyName > MAX_ARRAY_INDEX)) {
     350    if (propertyName > MAX_ARRAY_INDEX) {
    351351        PutPropertySlot slot(shouldThrow);
    352352        thisObject->methodTable()->put(thisObject, exec, Identifier::from(exec, propertyName), value, slot);
     
    981981bool JSObject::defineOwnIndexedProperty(ExecState* exec, unsigned index, PropertyDescriptor& descriptor, bool throwException)
    982982{
    983     ASSERT(index != 0xFFFFFFFF);
     983    ASSERT(index <= MAX_ARRAY_INDEX);
    984984
    985985    if (!inSparseIndexingMode()) {
Note: See TracChangeset for help on using the changeset viewer.