| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 (function(global, utils, extrasUtils) { | 5 (function(global, utils, extrasUtils) { |
| 6 | 6 |
| 7 "use strict"; | 7 "use strict"; |
| 8 | 8 |
| 9 %CheckIsBootstrapping(); | 9 %CheckIsBootstrapping(); |
| 10 | 10 |
| 11 // ------------------------------------------------------------------- | 11 // ------------------------------------------------------------------- |
| 12 // Imports | 12 // Imports |
| 13 | 13 |
| 14 var AddIndexedProperty; |
| 14 var Delete; | 15 var Delete; |
| 15 var FLAG_harmony_tolength; | 16 var FLAG_harmony_tolength; |
| 16 var GlobalArray = global.Array; | 17 var GlobalArray = global.Array; |
| 17 var InternalArray = utils.InternalArray; | 18 var InternalArray = utils.InternalArray; |
| 18 var InternalPackedArray = utils.InternalPackedArray; | 19 var InternalPackedArray = utils.InternalPackedArray; |
| 19 var MakeTypeError; | 20 var MakeTypeError; |
| 20 var MinSimple; | 21 var MinSimple; |
| 21 var ObjectHasOwnProperty; | 22 var ObjectHasOwnProperty; |
| 22 var ObjectIsFrozen; | 23 var ObjectIsFrozen; |
| 23 var ObjectIsSealed; | 24 var ObjectIsSealed; |
| 24 var ObjectToString; | 25 var ObjectToString; |
| 25 var ObserveBeginPerformSplice; | 26 var ObserveBeginPerformSplice; |
| 26 var ObserveEndPerformSplice; | 27 var ObserveEndPerformSplice; |
| 27 var ObserveEnqueueSpliceRecord; | 28 var ObserveEnqueueSpliceRecord; |
| 28 var unscopablesSymbol = utils.ImportNow("unscopables_symbol"); | 29 var unscopablesSymbol = utils.ImportNow("unscopables_symbol"); |
| 29 | 30 |
| 30 utils.Import(function(from) { | 31 utils.Import(function(from) { |
| 32 AddIndexedProperty = from.AddIndexedProperty; |
| 31 Delete = from.Delete; | 33 Delete = from.Delete; |
| 32 MakeTypeError = from.MakeTypeError; | 34 MakeTypeError = from.MakeTypeError; |
| 33 MinSimple = from.MinSimple; | 35 MinSimple = from.MinSimple; |
| 34 ObjectHasOwnProperty = from.ObjectHasOwnProperty; | 36 ObjectHasOwnProperty = from.ObjectHasOwnProperty; |
| 35 ObjectIsFrozen = from.ObjectIsFrozen; | 37 ObjectIsFrozen = from.ObjectIsFrozen; |
| 36 ObjectIsSealed = from.ObjectIsSealed; | 38 ObjectIsSealed = from.ObjectIsSealed; |
| 37 ObjectToString = from.ObjectToString; | 39 ObjectToString = from.ObjectToString; |
| 38 ObserveBeginPerformSplice = from.ObserveBeginPerformSplice; | 40 ObserveBeginPerformSplice = from.ObserveBeginPerformSplice; |
| 39 ObserveEndPerformSplice = from.ObserveEndPerformSplice; | 41 ObserveEndPerformSplice = from.ObserveEndPerformSplice; |
| 40 ObserveEnqueueSpliceRecord = from.ObserveEnqueueSpliceRecord; | 42 ObserveEnqueueSpliceRecord = from.ObserveEnqueueSpliceRecord; |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 // This function implements the optimized splice implementation that can use | 240 // This function implements the optimized splice implementation that can use |
| 239 // special array operations to handle sparse arrays in a sensible fashion. | 241 // special array operations to handle sparse arrays in a sensible fashion. |
| 240 function SparseSlice(array, start_i, del_count, len, deleted_elements) { | 242 function SparseSlice(array, start_i, del_count, len, deleted_elements) { |
| 241 // Move deleted elements to a new array (the return value from splice). | 243 // Move deleted elements to a new array (the return value from splice). |
| 242 var indices = %GetArrayKeys(array, start_i + del_count); | 244 var indices = %GetArrayKeys(array, start_i + del_count); |
| 243 if (IS_NUMBER(indices)) { | 245 if (IS_NUMBER(indices)) { |
| 244 var limit = indices; | 246 var limit = indices; |
| 245 for (var i = start_i; i < limit; ++i) { | 247 for (var i = start_i; i < limit; ++i) { |
| 246 var current = array[i]; | 248 var current = array[i]; |
| 247 if (!IS_UNDEFINED(current) || i in array) { | 249 if (!IS_UNDEFINED(current) || i in array) { |
| 248 %AddElement(deleted_elements, i - start_i, current); | 250 AddIndexedProperty(deleted_elements, i - start_i, current); |
| 249 } | 251 } |
| 250 } | 252 } |
| 251 } else { | 253 } else { |
| 252 var length = indices.length; | 254 var length = indices.length; |
| 253 for (var k = 0; k < length; ++k) { | 255 for (var k = 0; k < length; ++k) { |
| 254 var key = indices[k]; | 256 var key = indices[k]; |
| 255 if (!IS_UNDEFINED(key)) { | 257 if (!IS_UNDEFINED(key)) { |
| 256 if (key >= start_i) { | 258 if (key >= start_i) { |
| 257 var current = array[key]; | 259 var current = array[key]; |
| 258 if (!IS_UNDEFINED(current) || key in array) { | 260 if (!IS_UNDEFINED(current) || key in array) { |
| 259 %AddElement(deleted_elements, key - start_i, current); | 261 AddIndexedProperty(deleted_elements, key - start_i, current); |
| 260 } | 262 } |
| 261 } | 263 } |
| 262 } | 264 } |
| 263 } | 265 } |
| 264 } | 266 } |
| 265 } | 267 } |
| 266 | 268 |
| 267 | 269 |
| 268 // This function implements the optimized splice implementation that can use | 270 // This function implements the optimized splice implementation that can use |
| 269 // special array operations to handle sparse arrays in a sensible fashion. | 271 // special array operations to handle sparse arrays in a sensible fashion. |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 329 | 331 |
| 330 // This is part of the old simple-minded splice. We are using it either | 332 // This is part of the old simple-minded splice. We are using it either |
| 331 // because the receiver is not an array (so we have no choice) or because we | 333 // because the receiver is not an array (so we have no choice) or because we |
| 332 // know we are not deleting or moving a lot of elements. | 334 // know we are not deleting or moving a lot of elements. |
| 333 function SimpleSlice(array, start_i, del_count, len, deleted_elements) { | 335 function SimpleSlice(array, start_i, del_count, len, deleted_elements) { |
| 334 var is_array = IS_ARRAY(array); | 336 var is_array = IS_ARRAY(array); |
| 335 for (var i = 0; i < del_count; i++) { | 337 for (var i = 0; i < del_count; i++) { |
| 336 var index = start_i + i; | 338 var index = start_i + i; |
| 337 if (HAS_INDEX(array, index, is_array)) { | 339 if (HAS_INDEX(array, index, is_array)) { |
| 338 var current = array[index]; | 340 var current = array[index]; |
| 339 // The spec requires [[DefineOwnProperty]] here, %AddElement is close | 341 // The spec requires [[DefineOwnProperty]] here, AddIndexedProperty is |
| 340 // enough (in that it ignores the prototype). | 342 // close enough (in that it ignores the prototype). |
| 341 %AddElement(deleted_elements, i, current); | 343 AddIndexedProperty(deleted_elements, i, current); |
| 342 } | 344 } |
| 343 } | 345 } |
| 344 } | 346 } |
| 345 | 347 |
| 346 | 348 |
| 347 function SimpleMove(array, start_i, del_count, len, num_additional_args) { | 349 function SimpleMove(array, start_i, del_count, len, num_additional_args) { |
| 348 var is_array = IS_ARRAY(array); | 350 var is_array = IS_ARRAY(array); |
| 349 if (num_additional_args !== del_count) { | 351 if (num_additional_args !== del_count) { |
| 350 // Move the existing elements after the elements to be deleted | 352 // Move the existing elements after the elements to be deleted |
| 351 // to the right position in the resulting array. | 353 // to the right position in the resulting array. |
| (...skipping 1329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1681 %InstallToContext([ | 1683 %InstallToContext([ |
| 1682 "array_pop", ArrayPop, | 1684 "array_pop", ArrayPop, |
| 1683 "array_push", ArrayPush, | 1685 "array_push", ArrayPush, |
| 1684 "array_shift", ArrayShift, | 1686 "array_shift", ArrayShift, |
| 1685 "array_splice", ArraySplice, | 1687 "array_splice", ArraySplice, |
| 1686 "array_slice", ArraySlice, | 1688 "array_slice", ArraySlice, |
| 1687 "array_unshift", ArrayUnshift, | 1689 "array_unshift", ArrayUnshift, |
| 1688 ]); | 1690 ]); |
| 1689 | 1691 |
| 1690 }); | 1692 }); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1420663003:
Avoid calling %AddElement with a number out of array index range (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master