[runtime] fix getting element keys from SLOW_SLOPPY_ARGUMENTS_ELEMENTS

src/elements.cc

Index: src/elements.cc
diff --git a/src/elements.cc b/src/elements.cc
index 742942b844c718e04f0956799c61acf5df7fa50d..4a4e92802985185ca5e54c339351d3f29c484eaa 100644
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -2310,6 +2310,113 @@ class SlowSloppyArgumentsElementsAccessor
           object, arguments, entry - length, value, attributes);
     }
   }
+
+  static void CollectElementIndicesImpl(Handle<JSObject> object,
+                                        Handle<FixedArrayBase> backing_store,
+                                        KeyAccumulator* keys, uint32_t range,
+                                        PropertyFilter filter,
+                                        uint32_t offset) {
+    Handle<FixedArray> parameter_map = Handle<FixedArray>::cast(backing_store);
+    uint32_t length = parameter_map->length() - 2;
+    uint32_t i;
+    for (i = offset; i < length; ++i) {
+      if (!parameter_map->get(i + 2)->IsTheHole()) {
+        keys->AddKey(i);
+      }
+    }
+
+    {
+      DisallowHeapAllocation no_allocation;
+      Handle<SeededNumberDictionary> dict(
+          SeededNumberDictionary::cast(parameter_map->get(1)));
+      uint32_t arguments_length = dict->Capacity();
+      if (range < arguments_length) arguments_length = range;
+      uint32_t index;
+      for (; i < arguments_length; ++i) {
+        Object* key = dict->KeyAt(i);
+        if (!key->IsTheHole() && key->ToUint32(&index)) {
+          if (filter != ALL_PROPERTIES &&
+              DictionaryElementsAccessor::GetDetailsImpl(*dict, i).attributes())
+            continue;
+          keys->AddKey(index);
+        }
+      }
+    }
+    keys->SortCurrentElementsList();

[Camillo Bruni, 2016/03/10 09:15:14]

I would prefer a base implementation in SloppyArgumentsElementsAccessor which
forwards the non-fixed-arguments part to the ArgumentsAccessor template
argument.
IMO that would make the implementation a bit cleaner than just duplicating the
whole dictionary implementations again, WDYT?

I'm also not fully sure why you re-implemented the dictionary part slightly
different than the corresponding
DictionaryElementsAccessor::CollectElementIndicesImpl, AFAIK you could directly
call those methods on the dictionary part.

[caitp (gmail), 2016/03/10 16:58:33]

Done.

+  }
+
+  static Handle<FixedArray> DirectCollectElementIndicesImpl(
+      Isolate* isolate, Handle<JSObject> object,
+      Handle<FixedArrayBase> backing_store, GetKeysConversion convert,
+      PropertyFilter filter, Handle<FixedArray> list, uint32_t* nof_indices) {
+    Handle<FixedArray> parameter_map = Handle<FixedArray>::cast(backing_store);
+    uint32_t length = parameter_map->length() - 2;
+    uint32_t insertion_index = 0;
+    uint32_t i;
+    for (i = 0; i < length; ++i) {
+      if (!parameter_map->get(i + 2)->IsTheHole()) {
+        if (convert == CONVERT_TO_STRING) {
+          Handle<String> index_string = isolate->factory()->Uint32ToString(i);
+          list->set(insertion_index, *index_string);
+        } else {
+          list->set(insertion_index, Smi::FromInt(i), SKIP_WRITE_BARRIER);
+        }
+        insertion_index++;
+      }
+    }
+
+    {
+      Handle<SeededNumberDictionary> dict(
+          SeededNumberDictionary::cast(parameter_map->get(1)));
+      uint32_t arguments_length = dict->Capacity();
+      for (; i < arguments_length; ++i) {
+        Object* key = dict->KeyAt(i);
+        uint32_t index;
+        if (!key->IsTheHole() && key->ToUint32(&index)) {
+          if (filter != ALL_PROPERTIES &&
+              DictionaryElementsAccessor::GetDetailsImpl(*dict, i).attributes())
+            continue;
+          if (convert == CONVERT_TO_STRING) {
+            Handle<String> index_string =
+                isolate->factory()->Uint32ToString(index);
+            list->set(insertion_index, *index_string);
+          } else {
+            list->set(insertion_index, Smi::FromInt(index), SKIP_WRITE_BARRIER);
+          }
+          insertion_index++;
+        }
+      }
+    }
+
+    *nof_indices = insertion_index;
+    return list;
+  }
+
+  static void AddElementsToKeyAccumulatorImpl(Handle<JSObject> receiver,
+                                              KeyAccumulator* accumulator,
+                                              AddKeyConversion convert) {
+    Handle<FixedArray> parameter_map(FixedArray::cast(receiver->elements()));
+    uint32_t length = parameter_map->length() - 2;
+    uint32_t i;
+    for (i = 0; i < length; ++i) {
+      if (!parameter_map->get(i + 2)->IsTheHole()) {
+        accumulator->AddKey(Smi::FromInt(i), convert);
+      }
+    }
+
+    {
+      Handle<SeededNumberDictionary> dict(
+          SeededNumberDictionary::cast(parameter_map->get(1)));
+      uint32_t arguments_length = dict->Capacity();
+      for (; i < arguments_length; ++i) {
+        Object* key = dict->KeyAt(i);
+        uint32_t index;
+        if (!key->IsTheHole() && key->ToUint32(&index)) {
+          accumulator->AddKey(key, convert);
+        }
+      }
+    }
+  }
 };