Chromium Code Reviews Chromium Code Reviews
Issue 279773002:
Fix Array.prototype.push and Array.prototype.unshift for read-only length. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "v8.h" | 5 #include "v8.h" |
| 6 | 6 |
| 7 #include "api.h" | 7 #include "api.h" |
| 8 #include "arguments.h" | 8 #include "arguments.h" |
| 9 #include "bootstrapper.h" | 9 #include "bootstrapper.h" |
| 10 #include "builtins.h" | 10 #include "builtins.h" |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 375 HandleScope scope(isolate); | 375 HandleScope scope(isolate); |
| 376 Handle<Object> receiver = args.receiver(); | 376 Handle<Object> receiver = args.receiver(); |
| 377 MaybeHandle<FixedArrayBase> maybe_elms_obj = | 377 MaybeHandle<FixedArrayBase> maybe_elms_obj = |
| 378 EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1); | 378 EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1); |
| 379 Handle<FixedArrayBase> elms_obj; | 379 Handle<FixedArrayBase> elms_obj; |
| 380 if (!maybe_elms_obj.ToHandle(&elms_obj)) { | 380 if (!maybe_elms_obj.ToHandle(&elms_obj)) { |
| 381 return CallJsBuiltin(isolate, "ArrayPush", args); | 381 return CallJsBuiltin(isolate, "ArrayPush", args); |
| 382 } | 382 } |
| 383 | 383 |
| 384 Handle<JSArray> array = Handle<JSArray>::cast(receiver); | 384 Handle<JSArray> array = Handle<JSArray>::cast(receiver); |
| 385 int len = Smi::cast(array->length())->value(); | |
| 386 int to_add = args.length() - 1; | |
| 387 if (to_add > 0 && JSArray::ChangeOfReadOnlyLength(array, len + to_add)) { | |
|
mvstanton
2014/05/09 12:56:09
The name of this function is odd, how about JSArra
| |
| 388 RETURN_FAILURE_ON_EXCEPTION( | |
| 389 isolate, | |
| 390 JSArray::ReadOnlyLengthError(array)); | |
| 391 } | |
| 385 ASSERT(!array->map()->is_observed()); | 392 ASSERT(!array->map()->is_observed()); |
| 386 | 393 |
| 387 ElementsKind kind = array->GetElementsKind(); | 394 ElementsKind kind = array->GetElementsKind(); |
| 388 | 395 |
| 389 if (IsFastSmiOrObjectElementsKind(kind)) { | 396 if (IsFastSmiOrObjectElementsKind(kind)) { |
| 390 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj); | 397 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj); |
| 391 | |
| 392 int len = Smi::cast(array->length())->value(); | |
| 393 int to_add = args.length() - 1; | |
| 394 if (to_add == 0) { | 398 if (to_add == 0) { |
| 395 return Smi::FromInt(len); | 399 return Smi::FromInt(len); |
| 396 } | 400 } |
| 397 // Currently fixed arrays cannot grow too big, so | 401 // Currently fixed arrays cannot grow too big, so |
| 398 // we should never hit this case. | 402 // we should never hit this case. |
| 399 ASSERT(to_add <= (Smi::kMaxValue - len)); | 403 ASSERT(to_add <= (Smi::kMaxValue - len)); |
| 400 | 404 |
| 401 int new_length = len + to_add; | 405 int new_length = len + to_add; |
| 402 | 406 |
| 403 if (new_length > elms->length()) { | 407 if (new_length > elms->length()) { |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 422 } | 426 } |
| 423 | 427 |
| 424 if (*elms != array->elements()) { | 428 if (*elms != array->elements()) { |
| 425 array->set_elements(*elms); | 429 array->set_elements(*elms); |
| 426 } | 430 } |
| 427 | 431 |
| 428 // Set the length. | 432 // Set the length. |
| 429 array->set_length(Smi::FromInt(new_length)); | 433 array->set_length(Smi::FromInt(new_length)); |
| 430 return Smi::FromInt(new_length); | 434 return Smi::FromInt(new_length); |
| 431 } else { | 435 } else { |
| 432 int len = Smi::cast(array->length())->value(); | |
| 433 int elms_len = elms_obj->length(); | 436 int elms_len = elms_obj->length(); |
| 434 | |
| 435 int to_add = args.length() - 1; | |
| 436 if (to_add == 0) { | 437 if (to_add == 0) { |
| 437 return Smi::FromInt(len); | 438 return Smi::FromInt(len); |
| 438 } | 439 } |
| 439 // Currently fixed arrays cannot grow too big, so | 440 // Currently fixed arrays cannot grow too big, so |
| 440 // we should never hit this case. | 441 // we should never hit this case. |
| 441 ASSERT(to_add <= (Smi::kMaxValue - len)); | 442 ASSERT(to_add <= (Smi::kMaxValue - len)); |
| 442 | 443 |
| 443 int new_length = len + to_add; | 444 int new_length = len + to_add; |
| 444 | 445 |
| 445 Handle<FixedDoubleArray> new_elms; | 446 Handle<FixedDoubleArray> new_elms; |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 580 } | 581 } |
| 581 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj); | 582 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj); |
| 582 | 583 |
| 583 int len = Smi::cast(array->length())->value(); | 584 int len = Smi::cast(array->length())->value(); |
| 584 int to_add = args.length() - 1; | 585 int to_add = args.length() - 1; |
| 585 int new_length = len + to_add; | 586 int new_length = len + to_add; |
| 586 // Currently fixed arrays cannot grow too big, so | 587 // Currently fixed arrays cannot grow too big, so |
| 587 // we should never hit this case. | 588 // we should never hit this case. |
| 588 ASSERT(to_add <= (Smi::kMaxValue - len)); | 589 ASSERT(to_add <= (Smi::kMaxValue - len)); |
| 589 | 590 |
| 591 if (to_add > 0 && JSArray::ChangeOfReadOnlyLength(array, len + to_add)) { | |
| 592 RETURN_FAILURE_ON_EXCEPTION( | |
| 593 isolate, | |
| 594 JSArray::ReadOnlyLengthError(array)); | |
| 595 } | |
| 596 | |
| 590 JSObject::EnsureCanContainElements(array, &args, 1, to_add, | 597 JSObject::EnsureCanContainElements(array, &args, 1, to_add, |
| 591 DONT_ALLOW_DOUBLE_ELEMENTS); | 598 DONT_ALLOW_DOUBLE_ELEMENTS); |
| 592 | 599 |
| 593 if (new_length > elms->length()) { | 600 if (new_length > elms->length()) { |
| 594 // New backing storage is needed. | 601 // New backing storage is needed. |
| 595 int capacity = new_length + (new_length >> 1) + 16; | 602 int capacity = new_length + (new_length >> 1) + 16; |
| 596 Handle<FixedArray> new_elms = | 603 Handle<FixedArray> new_elms = |
| 597 isolate->factory()->NewUninitializedFixedArray(capacity); | 604 isolate->factory()->NewUninitializedFixedArray(capacity); |
| 598 | 605 |
| 599 ElementsKind kind = array->GetElementsKind(); | 606 ElementsKind kind = array->GetElementsKind(); |
| (...skipping 1106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1706 } | 1713 } |
| 1707 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) | 1714 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) |
| 1708 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) | 1715 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) |
| 1709 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) | 1716 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) |
| 1710 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) | 1717 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) |
| 1711 #undef DEFINE_BUILTIN_ACCESSOR_C | 1718 #undef DEFINE_BUILTIN_ACCESSOR_C |
| 1712 #undef DEFINE_BUILTIN_ACCESSOR_A | 1719 #undef DEFINE_BUILTIN_ACCESSOR_A |
| 1713 | 1720 |
| 1714 | 1721 |
| 1715 } } // namespace v8::internal | 1722 } } // namespace v8::internal |
| OLD | NEW |
