Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 399753005: Fix off-by-one error in Array.concat slow mode check (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <limits> 6 #include <limits>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/accessors.h" 10 #include "src/accessors.h"
(...skipping 9839 matching lines...) Expand 10 before | Expand all | Expand 10 after
9850 void increase_index_offset(uint32_t delta) { 9850 void increase_index_offset(uint32_t delta) {
9851 if (JSObject::kMaxElementCount - index_offset_ < delta) { 9851 if (JSObject::kMaxElementCount - index_offset_ < delta) {
9852 index_offset_ = JSObject::kMaxElementCount; 9852 index_offset_ = JSObject::kMaxElementCount;
9853 } else { 9853 } else {
9854 index_offset_ += delta; 9854 index_offset_ += delta;
9855 } 9855 }
9856 // If the initial length estimate was off (see special case in visit()), 9856 // If the initial length estimate was off (see special case in visit()),
9857 // but the array blowing the limit didn't contain elements beyond the 9857 // but the array blowing the limit didn't contain elements beyond the
9858 // provided-for index range, go to dictionary mode now. 9858 // provided-for index range, go to dictionary mode now.
9859 if (fast_elements_ && 9859 if (fast_elements_ &&
9860 index_offset_ >= static_cast<uint32_t>( 9860 index_offset_ >
9861 FixedArrayBase::cast(*storage_)->length())) { 9861 static_cast<uint32_t>(FixedArrayBase::cast(*storage_)->length())) {
9862 SetDictionaryMode(); 9862 SetDictionaryMode();
9863 } 9863 }
9864 } 9864 }
9865 9865
9866 bool exceeds_array_limit() { 9866 bool exceeds_array_limit() {
9867 return exceeds_array_limit_; 9867 return exceeds_array_limit_;
9868 } 9868 }
9869 9869
9870 Handle<JSArray> ToArray() { 9870 Handle<JSArray> ToArray() {
9871 Handle<JSArray> array = isolate_->factory()->NewJSArray(0); 9871 Handle<JSArray> array = isolate_->factory()->NewJSArray(0);
(...skipping 5094 matching lines...) Expand 10 before | Expand all | Expand 10 after
14966 } 14966 }
14967 return NULL; 14967 return NULL;
14968 } 14968 }
14969 14969
14970 14970
14971 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 14971 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
14972 return &(kIntrinsicFunctions[static_cast<int>(id)]); 14972 return &(kIntrinsicFunctions[static_cast<int>(id)]);
14973 } 14973 }
14974 14974
14975 } } // namespace v8::internal 14975 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698