[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
darin
darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:22:20 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 7c7c6412d75652c8f8d6636ec97119a34fbb7d69
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Jan 28 20:50:56 2003 +0000
Reviewed by Maciej.
- fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
if first item in list is chosen
The bug was caused by having array values in the property map past the storageLength cutoff
in an array object; those values would not be seen when you do a get.
* kjs/array_object.cpp:
(ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
of the length. The old rule would sometimes make the storage very big if you added two elements
in a row that both had large, but consecutive indexes. This eliminates any cases where we
make sparse entries in the property map below the sparse array cutoff.
(ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
the caller specifically requests it.
(ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
We will actually enlarge the storage when putting elements in.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3478 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 6c2d453..b115f97 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,23 @@
+2003-01-28 Darin Adler <darin at apple.com>
+
+ Reviewed by Maciej.
+
+ - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
+ if first item in list is chosen
+
+ The bug was caused by having array values in the property map past the storageLength cutoff
+ in an array object; those values would not be seen when you do a get.
+
+ * kjs/array_object.cpp:
+ (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
+ of the length. The old rule would sometimes make the storage very big if you added two elements
+ in a row that both had large, but consecutive indexes. This eliminates any cases where we
+ make sparse entries in the property map below the sparse array cutoff.
+ (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
+ the caller specifically requests it.
+ (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
+ We will actually enlarge the storage when putting elements in.
+
2003-01-25 Darin Adler <darin at apple.com>
Reviewed by Maciej.
diff --git a/JavaScriptCore/ChangeLog-2003-10-25 b/JavaScriptCore/ChangeLog-2003-10-25
index 6c2d453..b115f97 100644
--- a/JavaScriptCore/ChangeLog-2003-10-25
+++ b/JavaScriptCore/ChangeLog-2003-10-25
@@ -1,3 +1,23 @@
+2003-01-28 Darin Adler <darin at apple.com>
+
+ Reviewed by Maciej.
+
+ - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
+ if first item in list is chosen
+
+ The bug was caused by having array values in the property map past the storageLength cutoff
+ in an array object; those values would not be seen when you do a get.
+
+ * kjs/array_object.cpp:
+ (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
+ of the length. The old rule would sometimes make the storage very big if you added two elements
+ in a row that both had large, but consecutive indexes. This eliminates any cases where we
+ make sparse entries in the property map below the sparse array cutoff.
+ (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
+ the caller specifically requests it.
+ (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
+ We will actually enlarge the storage when putting elements in.
+
2003-01-25 Darin Adler <darin at apple.com>
Reviewed by Maciej.
diff --git a/JavaScriptCore/kjs/array_object.cpp b/JavaScriptCore/kjs/array_object.cpp
index 6721e66..91fd648 100644
--- a/JavaScriptCore/kjs/array_object.cpp
+++ b/JavaScriptCore/kjs/array_object.cpp
@@ -112,12 +112,8 @@ void ArrayInstanceImp::put(ExecState *exec, const Identifier &propertyName, cons
bool ok;
unsigned index = propertyName.toULong(&ok);
if (ok) {
- if (length <= index)
- setLength(index + 1, exec);
- if (index < storageLength) {
- storage[index] = value.imp();
- return;
- }
+ put(exec, index, value, attr);
+ return;
}
ObjectImp::put(exec, propertyName, value, attr);
@@ -125,13 +121,20 @@ void ArrayInstanceImp::put(ExecState *exec, const Identifier &propertyName, cons
void ArrayInstanceImp::put(ExecState *exec, unsigned index, const Value &value, int attr)
{
- if (length <= index)
- setLength(index + 1, exec);
+ if (index < sparseArrayCutoff && index >= storageLength) {
+ resizeStorage(index + 1);
+ }
+
+ if (index >= length) {
+ length = index + 1;
+ }
+
if (index < storageLength) {
storage[index] = value.imp();
return;
}
+ assert(index >= sparseArrayCutoff);
ObjectImp::put(exec, Identifier::from(index), value, attr);
}
@@ -213,14 +216,21 @@ ReferenceList ArrayInstanceImp::propList(ExecState *exec, bool recursive)
return properties;
}
-
void ArrayInstanceImp::resizeStorage(unsigned newLength)
{
if (newLength < storageLength) {
memset(storage + newLength, 0, sizeof(ValueImp *) * (storageLength - newLength));
}
if (newLength > capacity) {
- unsigned newCapacity = (newLength * 3 + 1) / 2;
+ unsigned newCapacity;
+ if (newLength > sparseArrayCutoff) {
+ newCapacity = newLength;
+ } else {
+ newCapacity = (newLength * 3 + 1) / 2;
+ if (newCapacity > sparseArrayCutoff) {
+ newCapacity = sparseArrayCutoff;
+ }
+ }
storage = (ValueImp **)realloc(storage, newCapacity * sizeof (ValueImp *));
memset(storage + capacity, 0, sizeof(ValueImp *) * (newCapacity - capacity));
capacity = newCapacity;
@@ -230,7 +240,7 @@ void ArrayInstanceImp::resizeStorage(unsigned newLength)
void ArrayInstanceImp::setLength(unsigned newLength, ExecState *exec)
{
- if (newLength <= MAX(sparseArrayCutoff,storageLength) || newLength == length + 1) {
+ if (newLength <= storageLength) {
resizeStorage(newLength);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list