Changeset 128706 in webkit for trunk/Source/JavaScriptCore/runtime/JSArray.cpp

Timestamp:

Sep 16, 2012, 12:22:46 AM (13 years ago)

Author:

[email protected]

Message:

JSObject.cpp and JSArray.cpp have inconsistent tests for the invalid array index case
​https://bugs.webkit.org/show_bug.cgi?id=96878

Reviewed by Sam Weinig.

Removed the uses of UNLIKELY() because I don't believe they are buying us anything,
since we're already on the slow path. Also found other places where we're testing for
the invalid array index case using unusual predicates rather than just using
MAX_ARRAY_INDEX. With this change, I believe that all of our tests for invalid
array indices (i.e. indices that should be treated as non-indexed properties)
uniformly use MAX_ARRAY_INDEX and PropertyName::NotAnIndex.

• runtime/JSArray.cpp:

(JSC::JSArray::push):

• runtime/JSObject.cpp:

(JSC::JSObject::putByIndex):
(JSC::JSObject::defineOwnIndexedProperty):

File:

• trunk/Source/JavaScriptCore/runtime/JSArray.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/runtime/JSArray.cpp

@@ -478 +478 @@
         }
 
-        // Pushing to an array of length 2^32-1 stores the property, but throws a range error.
-        if (UNLIKELY(storage->length() == 0xFFFFFFFFu)) {
+        // Pushing to an array of invalid length (2^31-1) stores the property, but throws a range error.
+        if (storage->length() > MAX_ARRAY_INDEX) {
             methodTable()->putByIndex(this, exec, storage->length(), value, true);
             // Per ES5.1 15.4.4.7 step 6 & 15.4.5.1 step 3.d.