src/builtins.cc - Issue 279773002: Fix Array.prototype.push and Array.prototype.unshift for read-only length.

Side by Side Diff: src/builtins.cc

Issue 279773002: Fix Array.prototype.push and Array.prototype.unshift for read-only length. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Address comments Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2012 the V8 project authors. All rights reserved.	1 // Copyright 2012 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "v8.h"	5 #include "v8.h"

6	6

7 #include "api.h"	7 #include "api.h"

8 #include "arguments.h"	8 #include "arguments.h"

9 #include "bootstrapper.h"	9 #include "bootstrapper.h"

10 #include "builtins.h"	10 #include "builtins.h"

(...skipping 364 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
375 HandleScope scope(isolate);	375 HandleScope scope(isolate);

376 Handle<Object> receiver = args.receiver();	376 Handle<Object> receiver = args.receiver();

377 MaybeHandle<FixedArrayBase> maybe_elms_obj =	377 MaybeHandle<FixedArrayBase> maybe_elms_obj =

378 EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1);	378 EnsureJSArrayWithWritableFastElements(isolate, receiver, &args, 1);

379 Handle<FixedArrayBase> elms_obj;	379 Handle<FixedArrayBase> elms_obj;

380 if (!maybe_elms_obj.ToHandle(&elms_obj)) {	380 if (!maybe_elms_obj.ToHandle(&elms_obj)) {

381 return CallJsBuiltin(isolate, "ArrayPush", args);	381 return CallJsBuiltin(isolate, "ArrayPush", args);

382 }	382 }

383	383

384 Handle<JSArray> array = Handle<JSArray>::cast(receiver);	384 Handle<JSArray> array = Handle<JSArray>::cast(receiver);

	385 int len = Smi::cast(array->length())->value();

	386 int to_add = args.length() - 1;

	387 if (to_add > 0 && JSArray::WouldChangeReadOnlyLength(array, len + to_add)) {

	388 return CallJsBuiltin(isolate, "ArrayPush", args);

	389 }

385 ASSERT(!array->map()->is_observed());	390 ASSERT(!array->map()->is_observed());

386	391

387 ElementsKind kind = array->GetElementsKind();	392 ElementsKind kind = array->GetElementsKind();

388	393

389 if (IsFastSmiOrObjectElementsKind(kind)) {	394 if (IsFastSmiOrObjectElementsKind(kind)) {

390 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);	395 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);

391

392 int len = Smi::cast(array->length())->value();

393 int to_add = args.length() - 1;

394 if (to_add == 0) {	396 if (to_add == 0) {

395 return Smi::FromInt(len);	397 return Smi::FromInt(len);

396 }	398 }

397 // Currently fixed arrays cannot grow too big, so	399 // Currently fixed arrays cannot grow too big, so

398 // we should never hit this case.	400 // we should never hit this case.

399 ASSERT(to_add <= (Smi::kMaxValue - len));	401 ASSERT(to_add <= (Smi::kMaxValue - len));

400	402

401 int new_length = len + to_add;	403 int new_length = len + to_add;

402	404

403 if (new_length > elms->length()) {	405 if (new_length > elms->length()) {

(...skipping 18 matching lines...) Expand all Loading...
422 }	424 }

423	425

424 if (*elms != array->elements()) {	426 if (*elms != array->elements()) {

425 array->set_elements(*elms);	427 array->set_elements(*elms);

426 }	428 }

427	429

428 // Set the length.	430 // Set the length.

429 array->set_length(Smi::FromInt(new_length));	431 array->set_length(Smi::FromInt(new_length));

430 return Smi::FromInt(new_length);	432 return Smi::FromInt(new_length);

431 } else {	433 } else {

432 int len = Smi::cast(array->length())->value();

433 int elms_len = elms_obj->length();	434 int elms_len = elms_obj->length();

434

435 int to_add = args.length() - 1;

436 if (to_add == 0) {	435 if (to_add == 0) {

437 return Smi::FromInt(len);	436 return Smi::FromInt(len);

438 }	437 }

439 // Currently fixed arrays cannot grow too big, so	438 // Currently fixed arrays cannot grow too big, so

440 // we should never hit this case.	439 // we should never hit this case.

441 ASSERT(to_add <= (Smi::kMaxValue - len));	440 ASSERT(to_add <= (Smi::kMaxValue - len));

442	441

443 int new_length = len + to_add;	442 int new_length = len + to_add;

444	443

445 Handle<FixedDoubleArray> new_elms;	444 Handle<FixedDoubleArray> new_elms;

(...skipping 125 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
571 if (!maybe_elms_obj.ToHandle(&elms_obj) \|\|	570 if (!maybe_elms_obj.ToHandle(&elms_obj) \|\|

572 !IsJSArrayFastElementMovingAllowed(heap,	571 !IsJSArrayFastElementMovingAllowed(heap,

573 *Handle<JSArray>::cast(receiver))) {	572 *Handle<JSArray>::cast(receiver))) {

574 return CallJsBuiltin(isolate, "ArrayUnshift", args);	573 return CallJsBuiltin(isolate, "ArrayUnshift", args);

575 }	574 }

576 Handle<JSArray> array = Handle<JSArray>::cast(receiver);	575 Handle<JSArray> array = Handle<JSArray>::cast(receiver);

577 ASSERT(!array->map()->is_observed());	576 ASSERT(!array->map()->is_observed());

578 if (!array->HasFastSmiOrObjectElements()) {	577 if (!array->HasFastSmiOrObjectElements()) {

579 return CallJsBuiltin(isolate, "ArrayUnshift", args);	578 return CallJsBuiltin(isolate, "ArrayUnshift", args);

580 }	579 }

581 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);

582

583 int len = Smi::cast(array->length())->value();	580 int len = Smi::cast(array->length())->value();

584 int to_add = args.length() - 1;	581 int to_add = args.length() - 1;

585 int new_length = len + to_add;	582 int new_length = len + to_add;

586 // Currently fixed arrays cannot grow too big, so	583 // Currently fixed arrays cannot grow too big, so

587 // we should never hit this case.	584 // we should never hit this case.

588 ASSERT(to_add <= (Smi::kMaxValue - len));	585 ASSERT(to_add <= (Smi::kMaxValue - len));

589	586

	587 if (to_add > 0 && JSArray::WouldChangeReadOnlyLength(array, len + to_add)) {

	588 return CallJsBuiltin(isolate, "ArrayUnshift", args);

	589 }

	590

	591 Handle<FixedArray> elms = Handle<FixedArray>::cast(elms_obj);

	592
	Michael Starzinger 2014/05/21 12:34:36 nit: Only one empty new-line is fine. nit: Only one empty new-line is fine. ulan 2014/05/21 14:52:22 Done. Show quoted text On 2014/05/21 12:34:36, Michael Starzinger wrote: > nit: Only one empty new-line is fine. Done.
	593

590 JSObject::EnsureCanContainElements(array, &args, 1, to_add,	594 JSObject::EnsureCanContainElements(array, &args, 1, to_add,

591 DONT_ALLOW_DOUBLE_ELEMENTS);	595 DONT_ALLOW_DOUBLE_ELEMENTS);

592	596

593 if (new_length > elms->length()) {	597 if (new_length > elms->length()) {

594 // New backing storage is needed.	598 // New backing storage is needed.

595 int capacity = new_length + (new_length >> 1) + 16;	599 int capacity = new_length + (new_length >> 1) + 16;

596 Handle<FixedArray> new_elms =	600 Handle<FixedArray> new_elms =

597 isolate->factory()->NewUninitializedFixedArray(capacity);	601 isolate->factory()->NewUninitializedFixedArray(capacity);

598	602

599 ElementsKind kind = array->GetElementsKind();	603 ElementsKind kind = array->GetElementsKind();

(...skipping 1106 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1706 }	1710 }

1707 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)	1711 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C)

1708 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)	1712 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A)

1709 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)	1713 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H)

1710 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)	1714 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A)

1711 #undef DEFINE_BUILTIN_ACCESSOR_C	1715 #undef DEFINE_BUILTIN_ACCESSOR_C

1712 #undef DEFINE_BUILTIN_ACCESSOR_A	1716 #undef DEFINE_BUILTIN_ACCESSOR_A

1713	1717

1714	1718

1715 } } // namespace v8::internal	1719 } } // namespace v8::internal

OLD	NEW

« src/array.js ('K') | « src/array.js ('k') | src/hydrogen.cc » ('j') | src/ic.cc » ('J')