Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(234)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2037008: Properly process arrays with overridden prototype in various Array's functions. (Closed)

Created:
10 years, 7 months ago by antonm
Modified:
9 years, 4 months ago
CC:
v8-dev
Visibility:
Public.

Description

Properly process arrays with overridden prototype in various Array's functions. Bailout to JS Array builtins if array's prototype is different from Array.prototype. Otherwise there might be inherited elements coming from this prototype. Committed: http://code.google.com/p/v8/source/detail?r=4649

Patch Set 1 #

Patch Set 2 : Nuking debug message #

Total comments: 8

Patch Set 3 : Addressing Mads' comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+353 lines, -33 lines) Patch
M src/builtins.cc View 1 2 9 chunks +32 lines, -27 lines 0 comments Download
M test/mjsunit/array-concat.js View 2 chunks +77 lines, -2 lines 0 comments Download
M test/mjsunit/array-pop.js View 1 chunk +28 lines, -0 lines 0 comments Download
M test/mjsunit/array-shift.js View 1 1 chunk +37 lines, -0 lines 0 comments Download
M test/mjsunit/array-slice.js View 1 chunk +47 lines, -0 lines 0 comments Download
M test/mjsunit/array-splice.js View 1 2 3 chunks +55 lines, -2 lines 0 comments Download
M test/mjsunit/array-unshift.js View 1 2 2 chunks +77 lines, -2 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
antonm
Lasse, Mads, may you have a look?
10 years, 7 months ago (2010-05-12 11:23:03 UTC) #1
Mads Ager (chromium)
LGTM Thanks for the thorough updating of the tests! http://codereview.chromium.org/2037008/diff/2001/3001 File src/builtins.cc (right): http://codereview.chromium.org/2037008/diff/2001/3001#newcode333 src/builtins.cc:333: ...
10 years, 7 months ago (2010-05-12 11:36:25 UTC) #2
antonm
10 years, 7 months ago (2010-05-12 12:15:24 UTC) #3 
Thanks a lot for review, Mads.

Lasse, I'm going to submit it now.  If you have any concerns, I'd address them
in a separate CL.

http://codereview.chromium.org/2037008/diff/2001/3001
File src/builtins.cc (right):

http://codereview.chromium.org/2037008/diff/2001/3001#newcode333
src/builtins.cc:333: static JSObject* ArrayPrototype(Context* global_context) {
On 2010/05/12 11:36:25, Mads Ager wrote:
> Is this function worth it? There seems to be only two calls to it?

Just hate duplicating the code :)  NP, inlining it.

http://codereview.chromium.org/2037008/diff/2001/3006
File test/mjsunit/array-splice.js (right):

http://codereview.chromium.org/2037008/diff/2001/3006#newcode293
test/mjsunit/array-splice.js:293: assertFalse(array.hasOwnProperty(2 << 32 - 1),
"array.hasOwnProperty(2 << 31 - 1)");
On 2010/05/12 11:36:25, Mads Ager wrote:
> Long line.

Done.

http://codereview.chromium.org/2037008/diff/2001/3007
File test/mjsunit/array-unshift.js (right):

http://codereview.chromium.org/2037008/diff/2001/3007#newcode118
test/mjsunit/array-unshift.js:118: // Check that unshif with no args has a
side-effect of
On 2010/05/12 11:36:25, Mads Ager wrote:
> unshif -> unshift

Done.

http://codereview.chromium.org/2037008/diff/2001/3007#newcode119
test/mjsunit/array-unshift.js:119: // feeling the holes with elements from the
prototype
On 2010/05/12 11:36:25, Mads Ager wrote:
> feeling -> filling

Done.

Powered by Google App Engine
This is Rietveld 408576698