Changeset 73623 in webkit for trunk/JavaScriptCore/runtime/JSValue.h

Timestamp:

Dec 9, 2010, 10:27:13 AM (15 years ago)

Author:

[email protected]

Message:

2010-12-09 Michael Saboff <​[email protected]>

Reviewed by Geoffrey Garen.

Addressed the "FIXME" issues in array sort for toString() methods that
mutate the array in either size or contents. The change is to mark
the temporary array contents so that they are not garbage collected
and to make sure the array is large enough to hold the contents
of the sorted temporary vector.
​https://bugs.webkit.org/show_bug.cgi?id=50718

• runtime/Collector.cpp: (JSC::Heap::addTempSortVector): (JSC::Heap::removeTempSortVector): (JSC::Heap::markTempSortVectors): (JSC::Heap::markRoots):
• runtime/Collector.h:
• runtime/JSArray.cpp: (JSC::JSArray::sort):
• runtime/JSValue.h:

2010-12-09 Michael Saboff <​[email protected]>

Reviewed by Geoffrey Garen.

New test to verify that arrays sort per the standard even it
there is an override for toString() that modifies the array.
​https://bugs.webkit.org/show_bug.cgi?id=50718

• fast/js/array-sort-modifying-tostring-expected.txt: Added.
• fast/js/array-sort-modifying-tostring.html: Added.
• fast/js/script-tests/array-sort-modifying-tostring.js: Added. (do_gc): (Item): (toString_Mutate): (test):

File:

• trunk/JavaScriptCore/runtime/JSValue.h (modified) (1 diff)

trunk/JavaScriptCore/runtime/JSValue.h

@@ -764 +764 @@
     }
 #endif // USE(JSVALUE32_64)
-
+    
+    typedef std::pair<JSValue, UString> ValueStringPair;
 } // namespace JSC