Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(111)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 1246513002: Fix element enumeration on String wrappers with dictionary elements (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-510426.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <iomanip> 5 #include <iomanip>
6 #include <sstream> 6 #include <sstream>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/accessors.h" 10 #include "src/accessors.h"
(...skipping 12995 matching lines...) Expand 10 before | Expand all | Expand 10 after
13006 storage->set(counter, Smi::FromInt(counter)); 13006 storage->set(counter, Smi::FromInt(counter));
13007 } 13007 }
13008 counter++; 13008 counter++;
13009 } 13009 }
13010 DCHECK(!storage || storage->length() >= counter); 13010 DCHECK(!storage || storage->length() >= counter);
13011 break; 13011 break;
13012 } 13012 }
13013 13013
13014 case DICTIONARY_ELEMENTS: { 13014 case DICTIONARY_ELEMENTS: {
13015 if (storage != NULL) { 13015 if (storage != NULL) {
13016 element_dictionary()->CopyKeysTo(storage, 0, filter, 13016 element_dictionary()->CopyKeysTo(storage, counter, filter,
13017 SeededNumberDictionary::SORTED); 13017 SeededNumberDictionary::SORTED);
13018 } 13018 }
13019 counter += element_dictionary()->NumberOfElementsFilterAttributes(filter); 13019 counter += element_dictionary()->NumberOfElementsFilterAttributes(filter);
13020 break; 13020 break;
13021 } 13021 }
13022 case FAST_SLOPPY_ARGUMENTS_ELEMENTS: 13022 case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
13023 case SLOW_SLOPPY_ARGUMENTS_ELEMENTS: { 13023 case SLOW_SLOPPY_ARGUMENTS_ELEMENTS: {
13024 FixedArray* parameter_map = FixedArray::cast(elements()); 13024 FixedArray* parameter_map = FixedArray::cast(elements());
13025 int mapped_length = parameter_map->length() - 2; 13025 int mapped_length = parameter_map->length() - 2;
13026 FixedArray* arguments = FixedArray::cast(parameter_map->get(1)); 13026 FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
13027 if (arguments->IsDictionary()) { 13027 if (arguments->IsDictionary()) {
13028 // Copy the keys from arguments first, because Dictionary::CopyKeysTo 13028 // Copy the keys from arguments first, because Dictionary::CopyKeysTo
13029 // will insert in storage starting at index 0. 13029 // will insert in storage starting at index 0.
13030 SeededNumberDictionary* dictionary = 13030 SeededNumberDictionary* dictionary =
13031 SeededNumberDictionary::cast(arguments); 13031 SeededNumberDictionary::cast(arguments);
13032 if (storage != NULL) { 13032 if (storage != NULL) {
13033 dictionary->CopyKeysTo(storage, 0, filter, 13033 dictionary->CopyKeysTo(storage, counter, filter,
adamk 2015/07/17 18:10:34 This should always be zero anyway, but it seemed c
Michael Starzinger 2015/07/20 08:12:33 Agreed.
13034 SeededNumberDictionary::UNSORTED); 13034 SeededNumberDictionary::UNSORTED);
13035 } 13035 }
13036 counter += dictionary->NumberOfElementsFilterAttributes(filter); 13036 counter += dictionary->NumberOfElementsFilterAttributes(filter);
13037 for (int i = 0; i < mapped_length; ++i) { 13037 for (int i = 0; i < mapped_length; ++i) {
13038 if (!parameter_map->get(i + 2)->IsTheHole()) { 13038 if (!parameter_map->get(i + 2)->IsTheHole()) {
13039 if (storage != NULL) storage->set(counter, Smi::FromInt(i)); 13039 if (storage != NULL) storage->set(counter, Smi::FromInt(i));
13040 ++counter; 13040 ++counter;
13041 } 13041 }
13042 } 13042 }
13043 if (storage != NULL) storage->SortPairs(storage, counter); 13043 if (storage != NULL) storage->SortPairs(storage, counter);
(...skipping 2840 matching lines...) Expand 10 before | Expand all | Expand 10 after
15884 Handle<Object> new_value) { 15884 Handle<Object> new_value) {
15885 if (cell->value() != *new_value) { 15885 if (cell->value() != *new_value) {
15886 cell->set_value(*new_value); 15886 cell->set_value(*new_value);
15887 Isolate* isolate = cell->GetIsolate(); 15887 Isolate* isolate = cell->GetIsolate();
15888 cell->dependent_code()->DeoptimizeDependentCodeGroup( 15888 cell->dependent_code()->DeoptimizeDependentCodeGroup(
15889 isolate, DependentCode::kPropertyCellChangedGroup); 15889 isolate, DependentCode::kPropertyCellChangedGroup);
15890 } 15890 }
15891 } 15891 }
15892 } // namespace internal 15892 } // namespace internal
15893 } // namespace v8 15893 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-510426.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698