Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/runtime.cc

Issue 8694: Fix issue with Array.concat not preserving holes in the (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 12 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/objects.h ('k') | test/mjsunit/array-concat.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/runtime.cc
===================================================================
--- src/runtime.cc (revision 631)
+++ src/runtime.cc (working copy)
@@ -4128,16 +4128,17 @@
/**
* A helper function of Runtime_ArrayConcat.
*
- * The first argument is an Array of Arrays and objects. It is the same as
- * the arguments array of Array::concat JS function.
+ * The first argument is an Array of arrays and objects. It is the
+ * same as the arguments array of Array::concat JS function.
*
- * If an argument is an Array object, the function visits array elements.
- * If an argument is not an Array object, the function visits the object
- * as if it is an one-element array.
+ * If an argument is an Array object, the function visits array
+ * elements. If an argument is not an Array object, the function
+ * visits the object as if it is an one-element array.
*
- * If the result array index overflows 32-bit integer, the rounded non-negative
- * number is used as new length. For example, if one array length is 2^32 - 1,
- * second array length is 1, the concatenated array length is 0.
+ * If the result array index overflows 32-bit integer, the rounded
+ * non-negative number is used as new length. For example, if one
+ * array length is 2^32 - 1, second array length is 1, the
+ * concatenated array length is 0.
*/
static uint32_t IterateArguments(Handle<JSArray> arguments,
ArrayConcatVisitor* visitor) {
@@ -4201,13 +4202,16 @@
Handle<JSArray> result = Factory::NewJSArray(0);
uint32_t estimate_nof_elements = IterateArguments(arguments, NULL);
- // If estimated number of elements is more than half of length,
- // A fixed array (fast case) is more time & space-efficient than a dictionary.
+ // If estimated number of elements is more than half of length, a
+ // fixed array (fast case) is more time and space-efficient than a
+ // dictionary.
bool fast_case = (estimate_nof_elements * 2) >= result_length;
Handle<FixedArray> storage;
if (fast_case) {
- storage = Factory::NewFixedArray(result_length);
+ // The backing storage array must have non-existing elements to
+ // preserve holes across concat operations.
+ storage = Factory::NewFixedArrayWithHoles(result_length);
} else {
// TODO(126): move 25% pre-allocation logic into Dictionary::Allocate
« no previous file with comments | « src/objects.h ('k') | test/mjsunit/array-concat.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698