corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Third and final followup patch for bug 260106.

Browse Source
This commit is contained in:
Brendan Eich
2008-06-06 13:23:19 -07:00
parent 58245c40f3
commit ddb43b17ea
1 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
js/src/jsarray.cpp
View File

@@ -2346,7 +2346,7 @@ static JSBool
array_concat(JSContext *cx, uintN argc, jsval *vp)
{
jsval *argv, v;
JSObject *nobj, *aobj;
JSObject *aobj, *nobj;
jsuint length, alength, slot;
uintN i;
JSBool hole, ok;
@@ -2359,11 +2359,21 @@ array_concat(JSContext *cx, uintN argc, jsval *vp)
/* Create a new Array object and root it using *vp. */
aobj = JS_THIS_OBJECT(cx, vp);
if (OBJ_IS_DENSE_ARRAY(cx, aobj)) {
nobj = js_NewArrayObject(cx, ARRAY_DENSE_LENGTH(aobj), aobj->dslots,
JS_TRUE);
/*
* Clone aobj but pass the minimum of its length and capacity (aka
* "dense length"), to handle a = [1,2,3]; a.length = 10000 "dense"
* cases efficiently. In such a case we'll pass 8 (not 3) due to the
* ARRAY_GROWBY over-allocation policy, which will cause nobj to be
* over-allocated to 16. But in the normal case where length is <=
* capacity, nobj and aobj will have the same dense length.
*/
length = aobj->fslots[JSSLOT_ARRAY_LENGTH];
jsuint capacity = ARRAY_DENSE_LENGTH(aobj);
nobj = js_NewArrayObject(cx, JS_MIN(length, capacity), aobj->dslots,
aobj->fslots[JSSLOT_ARRAY_COUNT] !=
(jsval) length);
if (!nobj)
return JS_FALSE;
length = aobj->fslots[JSSLOT_ARRAY_LENGTH];
nobj->fslots[JSSLOT_ARRAY_LENGTH] = length;
*vp = OBJECT_TO_JSVAL(nobj);
if (argc == 0)
@@ -2492,7 +2502,8 @@ array_slice(JSContext *cx, uintN argc, jsval *vp)
if (OBJ_IS_DENSE_ARRAY(cx, obj) && end <= ARRAY_DENSE_LENGTH(obj)) {
nobj = js_NewArrayObject(cx, end - begin, obj->dslots + begin,
JS_TRUE);
obj->fslots[JSSLOT_ARRAY_COUNT] !=
obj->fslots[JSSLOT_ARRAY_LENGTH]);
if (!nobj)
return JS_FALSE;
*vp = OBJECT_TO_JSVAL(nobj);