src/builtins.cc - Issue 706703005: Allow JSArray fast moving elements even if the array's proto isn't Array.prototype in original state

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/builtins.cc

Issue 706703005: Allow JSArray fast moving elements even if the array's proto isn't Array.prototype in original state (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: revert disabling of json2 test Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/builtins.cc

diff --git a/src/builtins.cc b/src/builtins.cc

index 8dbaa487b1bf7eacee5d18eb9c3030c404ec00a9..5eefd27fbbd8a4ade93285de1b8797da58ccb73f 100644

--- a/src/builtins.cc

+++ b/src/builtins.cc

@@ -182,23 +182,16 @@ static void MoveDoubleElements(FixedDoubleArray* dst, int dst_index,

}

-static bool ArrayPrototypeHasNoElements(Heap* heap,

- Context* native_context,

- JSObject* array_proto) {

+static bool ArrayPrototypeHasNoElements(Heap* heap, PrototypeIterator* iter) {

DisallowHeapAllocation no_gc;

- // This method depends on non writability of Object and Array prototype

- // fields.

- if (array_proto->elements() != heap->empty_fixed_array()) return false;

- // Object.prototype

- PrototypeIterator iter(heap->isolate(), array_proto);

- if (iter.IsAtEnd()) {

- return false;

+ for (; !iter->IsAtEnd(); iter->Advance()) {

+ if (iter->GetCurrent()->IsJSProxy()) return false;

+ if (JSObject::cast(iter->GetCurrent())->elements() !=

+ heap->empty_fixed_array()) {

+ return false;

+ }

}

- array_proto = JSObject::cast(iter.GetCurrent());

- if (array_proto != native_context->initial_object_prototype()) return false;

- if (array_proto->elements() != heap->empty_fixed_array()) return false;

- iter.Advance();

- return iter.IsAtEnd();

+ return true;

}

@@ -206,12 +199,8 @@ static inline bool IsJSArrayFastElementMovingAllowed(Heap* heap,

JSArray* receiver) {

if (!FLAG_clever_optimizations) return false;

DisallowHeapAllocation no_gc;

- Context* native_context = heap->isolate()->context()->native_context();

- JSObject* array_proto =

- JSObject::cast(native_context->array_function()->prototype());

PrototypeIterator iter(heap->isolate(), receiver);

- return iter.GetCurrent() == array_proto &&

- ArrayPrototypeHasNoElements(heap, native_context, array_proto);

+ return ArrayPrototypeHasNoElements(heap, &iter);

}

@@ -920,9 +909,10 @@ BUILTIN(ArrayConcat) {

DisallowHeapAllocation no_gc;

Heap* heap = isolate->heap();

Context* native_context = isolate->context()->native_context();

- JSObject* array_proto =

- JSObject::cast(native_context->array_function()->prototype());

- if (!ArrayPrototypeHasNoElements(heap, native_context, array_proto)) {

+ Object* array_proto = native_context->array_function()->prototype();

+ PrototypeIterator iter(isolate, array_proto,

+ PrototypeIterator::START_AT_RECEIVER);

+ if (!ArrayPrototypeHasNoElements(heap, &iter)) {

AllowHeapAllocation allow_allocation;

return CallJsBuiltin(isolate, "ArrayConcatJS", args);

}

« no previous file with comments | « no previous file | test/mjsunit/mjsunit.status » ('j') | no next file with comments »