Ignore:
Timestamp:
Sep 9, 2013, 3:41:00 PM (12 years ago)
Author:
[email protected]
Message:

JSArray::shiftCountWithArrayStorage doesn't change indexBias when shifting the last element in m_vector
https://bugs.webkit.org/show_bug.cgi?id=120389

Reviewed by Michael Saboff.

Went through and cleaned up shiftCountWithArrayStorage. Gave meaningful variable names
and commented the confusing parts. This led to realizing how to fix this bug, which has
been done. The issue was that we were modifying the vector length unconditionally, even
when we weren't logically changing the length of the vector. Instead, we should only modify
the vector length when we modify the index bias.

  • runtime/JSArray.cpp:

(JSC::JSArray::shiftCountWithArrayStorage):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/heap/Heap.cpp

    r155317 r155395  
    5555static const size_t largeHeapSize = 32 * MB; // About 1.5X the average webpage.
    5656static const size_t smallHeapSize = 1 * MB; // Matches the FastMalloc per-thread cache.
     57
     58#define ENABLE_GC_LOGGING 1
    5759
    5860#if ENABLE(GC_LOGGING)
Note: See TracChangeset for help on using the changeset viewer.