Remove over-zealous hole checking in Array.slice()

src/builtins.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 840 matching lines @@
     if (!len_obj->IsSmi()) {
       return CallJsBuiltin(isolate, "ArraySlice", args);
     }
     len = Smi::cast(len_obj)->value();
     if (len > elms->length()) {
       return CallJsBuiltin(isolate, "ArraySlice", args);
     }
   }
 
   JSObject* object = JSObject::cast(receiver);
-  ElementsKind kind = object->GetElementsKind();
-
-  if (IsHoleyElementsKind(kind)) {
-    bool packed = true;
-    ElementsAccessor* accessor = ElementsAccessor::ForKind(kind);
-    for (int i = 0; i < len; i++) {
-      if (!accessor->HasElement(object, object, i, elms)) {
-        packed = false;
-        break;
-      }
-    }
-    if (packed) {
-      kind = GetPackedElementsKind(kind);
-    } else if (!receiver->IsJSArray()) {
-      return CallJsBuiltin(isolate, "ArraySlice", args);
-    }
-  }
 
   ASSERT(len >= 0);
   int n_arguments = args.length() - 1;
 
   // Note carefully choosen defaults---if argument is missing,
   // it's undefined which gets converted to 0 for relative_start
   // and to len for relative_end.
   int relative_start = 0;
   int relative_end = len;
   if (n_arguments > 0) {
@@ skipping 29 matching lines @@
   int k = (relative_start < 0) ? Max(len + relative_start, 0)
                                : Min(relative_start, len);
 
   // ECMAScript 232, 3rd Edition, Section 15.4.4.10, step 8.
   int final = (relative_end < 0) ? Max(len + relative_end, 0)
                                  : Min(relative_end, len);
 
   // Calculate the length of result array.
   int result_len = Max(final - k, 0);
 
+  ElementsKind kind = object->GetElementsKind();
+  if (IsHoleyElementsKind(kind)) {
+    bool packed = true;
+    ElementsAccessor* accessor = ElementsAccessor::ForKind(kind);
+    for (int i = k; i < final; i++) {
+      if (!accessor->HasElement(object, object, i, elms)) {
+        packed = false;
+        break;
+      }
+    }
+    if (packed) {
+      kind = GetPackedElementsKind(kind);
+    } else if (!receiver->IsJSArray()) {
+      return CallJsBuiltin(isolate, "ArraySlice", args);
+    }
+  }
+
   JSArray* result_array;
   MaybeObject* maybe_array = heap->AllocateJSArrayAndStorage(kind,
                                                              result_len,
                                                              result_len);
 
   AssertNoAllocation no_gc;
   if (result_len == 0) return maybe_array;
   if (!maybe_array->To(&result_array)) return maybe_array;
 
   ElementsAccessor* accessor = object->GetElementsAccessor();
@@ skipping 1005 matching lines @@
   return Handle<Code>(code_address);                        \
 }
 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)
 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)
 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)
 #undef DEFINE_BUILTIN_ACCESSOR_C
 #undef DEFINE_BUILTIN_ACCESSOR_A
 
 
 } }  // namespace v8::internal