Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/elements.cc

Issue 11094021: Fix bug in deletion of indexed properties (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Replace api test by mjsunit test Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | src/objects.cc » ('j') | src/objects.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 1318 matching lines...) Expand 10 before | Expand all | Expand 10 after
1329 bool is_arguments = 1329 bool is_arguments =
1330 (obj->GetElementsKind() == NON_STRICT_ARGUMENTS_ELEMENTS); 1330 (obj->GetElementsKind() == NON_STRICT_ARGUMENTS_ELEMENTS);
1331 if (is_arguments) { 1331 if (is_arguments) {
1332 backing_store = FixedArray::cast(backing_store->get(1)); 1332 backing_store = FixedArray::cast(backing_store->get(1));
1333 } 1333 }
1334 SeededNumberDictionary* dictionary = 1334 SeededNumberDictionary* dictionary =
1335 SeededNumberDictionary::cast(backing_store); 1335 SeededNumberDictionary::cast(backing_store);
1336 int entry = dictionary->FindEntry(key); 1336 int entry = dictionary->FindEntry(key);
1337 if (entry != SeededNumberDictionary::kNotFound) { 1337 if (entry != SeededNumberDictionary::kNotFound) {
1338 Object* result = dictionary->DeleteProperty(entry, mode); 1338 Object* result = dictionary->DeleteProperty(entry, mode);
1339 if (result == heap->true_value()) { 1339 if (result == heap->false_value()) {
1340 MaybeObject* maybe_elements = dictionary->Shrink(key); 1340 if (mode == JSObject::STRICT_DELETION) {
1341 FixedArray* new_elements = NULL; 1341 // Deleting a non-configurable property in strict mode.
1342 if (!maybe_elements->To(&new_elements)) { 1342 HandleScope scope(isolate);
1343 return maybe_elements; 1343 Handle<Object> holder(obj);
1344 Handle<Object> name = isolate->factory()->NewNumberFromUint(key);
1345 Handle<Object> args[2] = { name, holder };
1346 Handle<Object> error =
1347 isolate->factory()->NewTypeError("strict_delete_property",
1348 HandleVector(args, 2));
1349 return isolate->Throw(*error);
1344 } 1350 }
1345 if (is_arguments) { 1351 return heap->false_value();
1346 FixedArray::cast(obj->elements())->set(1, new_elements);
1347 } else {
1348 obj->set_elements(new_elements);
1349 }
1350 } 1352 }
1351 if (mode == JSObject::STRICT_DELETION && 1353 MaybeObject* maybe_elements = dictionary->Shrink(key);
1352 result == heap->false_value()) { 1354 FixedArray* new_elements = NULL;
1353 // In strict mode, attempting to delete a non-configurable property 1355 if (!maybe_elements->To(&new_elements)) {
1354 // throws an exception. 1356 return maybe_elements;
1355 HandleScope scope(isolate); 1357 }
1356 Handle<Object> holder(obj); 1358 if (is_arguments) {
1357 Handle<Object> name = isolate->factory()->NewNumberFromUint(key); 1359 FixedArray::cast(obj->elements())->set(1, new_elements);
1358 Handle<Object> args[2] = { name, holder }; 1360 } else {
1359 Handle<Object> error = 1361 obj->set_elements(new_elements);
1360 isolate->factory()->NewTypeError("strict_delete_property",
1361 HandleVector(args, 2));
1362 return isolate->Throw(*error);
1363 } 1362 }
1364 } 1363 }
1365 return heap->true_value(); 1364 return heap->true_value();
1366 } 1365 }
1367 1366
1368 MUST_USE_RESULT static MaybeObject* CopyElementsImpl(FixedArrayBase* from, 1367 MUST_USE_RESULT static MaybeObject* CopyElementsImpl(FixedArrayBase* from,
1369 uint32_t from_start, 1368 uint32_t from_start,
1370 FixedArrayBase* to, 1369 FixedArrayBase* to,
1371 ElementsKind to_kind, 1370 ElementsKind to_kind,
1372 uint32_t to_start, 1371 uint32_t to_start,
(...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after
1681 if (!maybe_obj->To(&new_backing_store)) return maybe_obj; 1680 if (!maybe_obj->To(&new_backing_store)) return maybe_obj;
1682 new_backing_store->set(0, length); 1681 new_backing_store->set(0, length);
1683 { MaybeObject* result = array->SetContent(new_backing_store); 1682 { MaybeObject* result = array->SetContent(new_backing_store);
1684 if (result->IsFailure()) return result; 1683 if (result->IsFailure()) return result;
1685 } 1684 }
1686 return array; 1685 return array;
1687 } 1686 }
1688 1687
1689 1688
1690 } } // namespace v8::internal 1689 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | src/objects.cc » ('j') | src/objects.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698