[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:22:20 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 7c7c6412d75652c8f8d6636ec97119a34fbb7d69
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 28 20:50:56 2003 +0000

            Reviewed by Maciej.
    
            - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
            if first item in list is chosen
    
            The bug was caused by having array values in the property map past the storageLength cutoff
            in an array object; those values would not be seen when you do a get.
    
            * kjs/array_object.cpp:
            (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
            of the length. The old rule would sometimes make the storage very big if you added two elements
            in a row that both had large, but consecutive indexes. This eliminates any cases where we
            make sparse entries in the property map below the sparse array cutoff.
            (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
            the caller specifically requests it.
            (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
            We will actually enlarge the storage when putting elements in.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 6c2d453..b115f97 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,23 @@
+2003-01-28  Darin Adler  <darin at apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
+        if first item in list is chosen
+        
+        The bug was caused by having array values in the property map past the storageLength cutoff
+        in an array object; those values would not be seen when you do a get.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
+        of the length. The old rule would sometimes make the storage very big if you added two elements
+        in a row that both had large, but consecutive indexes. This eliminates any cases where we
+        make sparse entries in the property map below the sparse array cutoff.
+        (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
+        the caller specifically requests it.
+        (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
+        We will actually enlarge the storage when putting elements in.
+
 2003-01-25  Darin Adler  <darin at apple.com>
 
         Reviewed by Maciej.
diff --git a/JavaScriptCore/ChangeLog-2003-10-25 b/JavaScriptCore/ChangeLog-2003-10-25
index 6c2d453..b115f97 100644
--- a/JavaScriptCore/ChangeLog-2003-10-25
+++ b/JavaScriptCore/ChangeLog-2003-10-25
@@ -1,3 +1,23 @@
+2003-01-28  Darin Adler  <darin at apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
+        if first item in list is chosen
+        
+        The bug was caused by having array values in the property map past the storageLength cutoff
+        in an array object; those values would not be seen when you do a get.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
+        of the length. The old rule would sometimes make the storage very big if you added two elements
+        in a row that both had large, but consecutive indexes. This eliminates any cases where we
+        make sparse entries in the property map below the sparse array cutoff.
+        (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
+        the caller specifically requests it.
+        (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
+        We will actually enlarge the storage when putting elements in.
+
 2003-01-25  Darin Adler  <darin at apple.com>
 
         Reviewed by Maciej.
diff --git a/JavaScriptCore/kjs/array_object.cpp b/JavaScriptCore/kjs/array_object.cpp
index 6721e66..91fd648 100644
--- a/JavaScriptCore/kjs/array_object.cpp
+++ b/JavaScriptCore/kjs/array_object.cpp
@@ -112,12 +112,8 @@ void ArrayInstanceImp::put(ExecState *exec, const Identifier &propertyName, cons
   bool ok;
   unsigned index = propertyName.toULong(&ok);
   if (ok) {
-    if (length <= index)
-      setLength(index + 1, exec);
-    if (index < storageLength) {
-      storage[index] = value.imp();
-      return;
-    }
+    put(exec, index, value, attr);
+    return;
   }
   
   ObjectImp::put(exec, propertyName, value, attr);
@@ -125,13 +121,20 @@ void ArrayInstanceImp::put(ExecState *exec, const Identifier &propertyName, cons
 
 void ArrayInstanceImp::put(ExecState *exec, unsigned index, const Value &value, int attr)
 {
-  if (length <= index)
-    setLength(index + 1, exec);
+  if (index < sparseArrayCutoff && index >= storageLength) {
+    resizeStorage(index + 1);
+  }
+
+  if (index >= length) {
+    length = index + 1;
+  }
+
   if (index < storageLength) {
     storage[index] = value.imp();
     return;
   }
   
+  assert(index >= sparseArrayCutoff);
   ObjectImp::put(exec, Identifier::from(index), value, attr);
 }
 
@@ -213,14 +216,21 @@ ReferenceList ArrayInstanceImp::propList(ExecState *exec, bool recursive)
   return properties;
 }
 
-
 void ArrayInstanceImp::resizeStorage(unsigned newLength)
 {
     if (newLength < storageLength) {
       memset(storage + newLength, 0, sizeof(ValueImp *) * (storageLength - newLength));
     }
     if (newLength > capacity) {
-      unsigned newCapacity = (newLength * 3 + 1) / 2;
+      unsigned newCapacity;
+      if (newLength > sparseArrayCutoff) {
+        newCapacity = newLength;
+      } else {
+        newCapacity = (newLength * 3 + 1) / 2;
+        if (newCapacity > sparseArrayCutoff) {
+          newCapacity = sparseArrayCutoff;
+        }
+      }
       storage = (ValueImp **)realloc(storage, newCapacity * sizeof (ValueImp *));
       memset(storage + capacity, 0, sizeof(ValueImp *) * (newCapacity - capacity));
       capacity = newCapacity;
@@ -230,7 +240,7 @@ void ArrayInstanceImp::resizeStorage(unsigned newLength)
 
 void ArrayInstanceImp::setLength(unsigned newLength, ExecState *exec)
 {
-  if (newLength <= MAX(sparseArrayCutoff,storageLength) || newLength == length + 1) {
+  if (newLength <= storageLength) {
     resizeStorage(newLength);
   }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list