]> git.saurik.com Git - apple/javascriptcore.git/blob - runtime/JSArray.cpp
projects / apple / javascriptcore.git / blob
? search:


473ba1d3eec4973a48a2131dc1c36faf284fe74f
[apple/javascriptcore.git] / runtime / JSArray.cpp
1 /*
2 * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
3 * Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
4 * Copyright (C) 2003 Peter Kelly (pmk@post.com)
5 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 *
21 */
22
23 #include "config.h"
24 #include "JSArray.h"
25
26 #include "ArrayPrototype.h"
27 #include "CachedCall.h"
28 #include "Error.h"
29 #include "Executable.h"
30 #include "PropertyNameArray.h"
31 #include <wtf/AVLTree.h>
32 #include <wtf/Assertions.h>
33 #include <wtf/OwnPtr.h>
34 #include <Operations.h>
35
36 using namespace std;
37 using namespace WTF;
38
39 namespace JSC {
40
41 ASSERT_CLASS_FITS_IN_CELL(JSArray);
42
43 // Overview of JSArray
44 //
45 // Properties of JSArray objects may be stored in one of three locations:
46 // * The regular JSObject property map.
47 // * A storage vector.
48 // * A sparse map of array entries.
49 //
50 // Properties with non-numeric identifiers, with identifiers that are not representable
51 // as an unsigned integer, or where the value is greater than MAX_ARRAY_INDEX
52 // (specifically, this is only one property - the value 0xFFFFFFFFU as an unsigned 32-bit
53 // integer) are not considered array indices and will be stored in the JSObject property map.
54 //
55 // All properties with a numeric identifer, representable as an unsigned integer i,
56 // where (i <= MAX_ARRAY_INDEX), are an array index and will be stored in either the
57 // storage vector or the sparse map. An array index i will be handled in the following
58 // fashion:
59 //
60 // * Where (i < MIN_SPARSE_ARRAY_INDEX) the value will be stored in the storage vector.
61 // * Where (MIN_SPARSE_ARRAY_INDEX <= i <= MAX_STORAGE_VECTOR_INDEX) the value will either
62 // be stored in the storage vector or in the sparse array, depending on the density of
63 // data that would be stored in the vector (a vector being used where at least
64 // (1 / minDensityMultiplier) of the entries would be populated).
65 // * Where (MAX_STORAGE_VECTOR_INDEX < i <= MAX_ARRAY_INDEX) the value will always be stored
66 // in the sparse array.
67
68 // The definition of MAX_STORAGE_VECTOR_LENGTH is dependant on the definition storageSize
69 // function below - the MAX_STORAGE_VECTOR_LENGTH limit is defined such that the storage
70 // size calculation cannot overflow. (sizeof(ArrayStorage) - sizeof(JSValue)) +
71 // (vectorLength * sizeof(JSValue)) must be <= 0xFFFFFFFFU (which is maximum value of size_t).
72 #define MAX_STORAGE_VECTOR_LENGTH static_cast<unsigned>((0xFFFFFFFFU - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue))
73
74 // These values have to be macros to be used in max() and min() without introducing
75 // a PIC branch in Mach-O binaries, see <rdar://problem/5971391>.
76 #define MIN_SPARSE_ARRAY_INDEX 10000U
77 #define MAX_STORAGE_VECTOR_INDEX (MAX_STORAGE_VECTOR_LENGTH - 1)
78 // 0xFFFFFFFF is a bit weird -- is not an array index even though it's an integer.
79 #define MAX_ARRAY_INDEX 0xFFFFFFFEU
80
81 // The value BASE_VECTOR_LEN is the maximum number of vector elements we'll allocate
82 // for an array that was created with a sepcified length (e.g. a = new Array(123))
83 #define BASE_VECTOR_LEN 4U
84
85 // The upper bound to the size we'll grow a zero length array when the first element
86 // is added.
87 #define FIRST_VECTOR_GROW 4U
88
89 // Our policy for when to use a vector and when to use a sparse map.
90 // For all array indices under MIN_SPARSE_ARRAY_INDEX, we always use a vector.
91 // When indices greater than MIN_SPARSE_ARRAY_INDEX are involved, we use a vector
92 // as long as it is 1/8 full. If more sparse than that, we use a map.
93 static const unsigned minDensityMultiplier = 8;
94
95 const ClassInfo JSArray::s_info = {"Array", &JSNonFinalObject::s_info, 0, 0};
96
97 // We keep track of the size of the last array after it was grown. We use this
98 // as a simple heuristic for as the value to grow the next array from size 0.
99 // This value is capped by the constant FIRST_VECTOR_GROW defined above.
100 static unsigned lastArraySize = 0;
101
102 static inline size_t storageSize(unsigned vectorLength)
103 {
104 if (vectorLength > MAX_STORAGE_VECTOR_LENGTH)
105 CRASH();
106
107 // MAX_STORAGE_VECTOR_LENGTH is defined such that provided (vectorLength <= MAX_STORAGE_VECTOR_LENGTH)
108 // - as asserted above - the following calculation cannot overflow.
109 size_t size = (sizeof(ArrayStorage) - sizeof(JSValue)) + (vectorLength * sizeof(JSValue));
110 // Assertion to detect integer overflow in previous calculation (should not be possible, provided that
111 // MAX_STORAGE_VECTOR_LENGTH is correctly defined).
112 ASSERT(((size - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue) == vectorLength) && (size >= (sizeof(ArrayStorage) - sizeof(JSValue))));
113
114 return size;
115 }
116
117 static inline bool isDenseEnoughForVector(unsigned length, unsigned numValues)
118 {
119 return length / minDensityMultiplier <= numValues;
120 }
121
122 #if !CHECK_ARRAY_CONSISTENCY
123
124 inline void JSArray::checkConsistency(ConsistencyCheckType)
125 {
126 }
127
128 #endif
129
130 JSArray::JSArray(VPtrStealingHackType)
131 : JSNonFinalObject(VPtrStealingHack)
132 {
133 }
134
135 JSArray::JSArray(JSGlobalData& globalData, Structure* structure)
136 : JSNonFinalObject(globalData, structure)
137 {
138 ASSERT(inherits(&s_info));
139
140 unsigned initialCapacity = 0;
141
142 m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
143 m_storage->m_allocBase = m_storage;
144 m_indexBias = 0;
145 m_vectorLength = initialCapacity;
146
147 checkConsistency();
148
149 Heap::heap(this)->reportExtraMemoryCost(storageSize(0));
150 }
151
152 JSArray::JSArray(JSGlobalData& globalData, Structure* structure, unsigned initialLength, ArrayCreationMode creationMode)
153 : JSNonFinalObject(globalData, structure)
154 {
155 ASSERT(inherits(&s_info));
156
157 unsigned initialCapacity;
158 if (creationMode == CreateCompact)
159 initialCapacity = initialLength;
160 else
161 initialCapacity = min(BASE_VECTOR_LEN, MIN_SPARSE_ARRAY_INDEX);
162
163 m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
164 m_storage->m_allocBase = m_storage;
165 m_storage->m_length = initialLength;
166 m_indexBias = 0;
167 m_vectorLength = initialCapacity;
168 m_storage->m_sparseValueMap = 0;
169 m_storage->subclassData = 0;
170 m_storage->reportedMapCapacity = 0;
171
172 if (creationMode == CreateCompact) {
173 #if CHECK_ARRAY_CONSISTENCY
174 m_storage->m_inCompactInitialization = !!initialCapacity;
175 #endif
176 m_storage->m_length = 0;
177 m_storage->m_numValuesInVector = initialCapacity;
178 } else {
179 #if CHECK_ARRAY_CONSISTENCY
180 storage->m_inCompactInitialization = false;
181 #endif
182 m_storage->m_length = initialLength;
183 m_storage->m_numValuesInVector = 0;
184 WriteBarrier<Unknown>* vector = m_storage->m_vector;
185 for (size_t i = 0; i < initialCapacity; ++i)
186 vector[i].clear();
187 }
188
189 checkConsistency();
190
191 Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
192 }
193
194 JSArray::JSArray(JSGlobalData& globalData, Structure* structure, const ArgList& list)
195 : JSNonFinalObject(globalData, structure)
196 {
197 ASSERT(inherits(&s_info));
198
199 unsigned initialCapacity = list.size();
200 unsigned initialStorage;
201
202 // If the ArgList is empty, allocate space for 3 entries. This value empirically
203 // works well for benchmarks.
204 if (!initialCapacity)
205 initialStorage = 3;
206 else
207 initialStorage = initialCapacity;
208
209 m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialStorage)));
210 m_storage->m_allocBase = m_storage;
211 m_indexBias = 0;
212 m_storage->m_length = initialCapacity;
213 m_vectorLength = initialStorage;
214 m_storage->m_numValuesInVector = initialCapacity;
215 m_storage->m_sparseValueMap = 0;
216 m_storage->subclassData = 0;
217 m_storage->reportedMapCapacity = 0;
218 #if CHECK_ARRAY_CONSISTENCY
219 m_storage->m_inCompactInitialization = false;
220 #endif
221
222 size_t i = 0;
223 WriteBarrier<Unknown>* vector = m_storage->m_vector;
224 ArgList::const_iterator end = list.end();
225 for (ArgList::const_iterator it = list.begin(); it != end; ++it, ++i)
226 vector[i].set(globalData, this, *it);
227 for (; i < initialStorage; i++)
228 vector[i].clear();
229
230 checkConsistency();
231
232 Heap::heap(this)->reportExtraMemoryCost(storageSize(initialStorage));
233 }
234
235 JSArray::~JSArray()
236 {
237 ASSERT(vptr() == JSGlobalData::jsArrayVPtr);
238 checkConsistency(DestructorConsistencyCheck);
239
240 delete m_storage->m_sparseValueMap;
241 fastFree(m_storage->m_allocBase);
242 }
243
244 bool JSArray::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
245 {
246 ArrayStorage* storage = m_storage;
247
248 if (i >= storage->m_length) {
249 if (i > MAX_ARRAY_INDEX)
250 return getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
251 return false;
252 }
253
254 if (i < m_vectorLength) {
255 JSValue value = storage->m_vector[i].get();
256 if (value) {
257 slot.setValue(value);
258 return true;
259 }
260 } else if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
261 if (i >= MIN_SPARSE_ARRAY_INDEX) {
262 SparseArrayValueMap::iterator it = map->find(i);
263 if (it != map->end()) {
264 slot.setValue(it->second.get());
265 return true;
266 }
267 }
268 }
269
270 return JSObject::getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
271 }
272
273 bool JSArray::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
274 {
275 if (propertyName == exec->propertyNames().length) {
276 slot.setValue(jsNumber(length()));
277 return true;
278 }
279
280 bool isArrayIndex;
281 unsigned i = propertyName.toArrayIndex(isArrayIndex);
282 if (isArrayIndex)
283 return JSArray::getOwnPropertySlot(exec, i, slot);
284
285 return JSObject::getOwnPropertySlot(exec, propertyName, slot);
286 }
287
288 bool JSArray::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
289 {
290 if (propertyName == exec->propertyNames().length) {
291 descriptor.setDescriptor(jsNumber(length()), DontDelete | DontEnum);
292 return true;
293 }
294
295 ArrayStorage* storage = m_storage;
296
297 bool isArrayIndex;
298 unsigned i = propertyName.toArrayIndex(isArrayIndex);
299 if (isArrayIndex) {
300 if (i >= storage->m_length)
301 return false;
302 if (i < m_vectorLength) {
303 WriteBarrier<Unknown>& value = storage->m_vector[i];
304 if (value) {
305 descriptor.setDescriptor(value.get(), 0);
306 return true;
307 }
308 } else if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
309 if (i >= MIN_SPARSE_ARRAY_INDEX) {
310 SparseArrayValueMap::iterator it = map->find(i);
311 if (it != map->end()) {
312 descriptor.setDescriptor(it->second.get(), 0);
313 return true;
314 }
315 }
316 }
317 }
318 return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
319 }
320
321 // ECMA 15.4.5.1
322 void JSArray::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
323 {
324 bool isArrayIndex;
325 unsigned i = propertyName.toArrayIndex(isArrayIndex);
326 if (isArrayIndex) {
327 put(exec, i, value);
328 return;
329 }
330
331 if (propertyName == exec->propertyNames().length) {
332 unsigned newLength = value.toUInt32(exec);
333 if (value.toNumber(exec) != static_cast<double>(newLength)) {
334 throwError(exec, createRangeError(exec, "Invalid array length."));
335 return;
336 }
337 setLength(newLength);
338 return;
339 }
340
341 JSObject::put(exec, propertyName, value, slot);
342 }
343
344 void JSArray::put(ExecState* exec, unsigned i, JSValue value)
345 {
346 checkConsistency();
347
348 ArrayStorage* storage = m_storage;
349
350 unsigned length = storage->m_length;
351 if (i >= length && i <= MAX_ARRAY_INDEX) {
352 length = i + 1;
353 storage->m_length = length;
354 }
355
356 if (i < m_vectorLength) {
357 WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
358 if (valueSlot) {
359 valueSlot.set(exec->globalData(), this, value);
360 checkConsistency();
361 return;
362 }
363 valueSlot.set(exec->globalData(), this, value);
364 ++storage->m_numValuesInVector;
365 checkConsistency();
366 return;
367 }
368
369 putSlowCase(exec, i, value);
370 }
371
372 NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue value)
373 {
374 ArrayStorage* storage = m_storage;
375
376 SparseArrayValueMap* map = storage->m_sparseValueMap;
377
378 if (i >= MIN_SPARSE_ARRAY_INDEX) {
379 if (i > MAX_ARRAY_INDEX) {
380 PutPropertySlot slot;
381 put(exec, Identifier::from(exec, i), value, slot);
382 return;
383 }
384
385 // We miss some cases where we could compact the storage, such as a large array that is being filled from the end
386 // (which will only be compacted as we reach indices that are less than MIN_SPARSE_ARRAY_INDEX) - but this makes the check much faster.
387 if ((i > MAX_STORAGE_VECTOR_INDEX) || !isDenseEnoughForVector(i + 1, storage->m_numValuesInVector + 1)) {
388 if (!map) {
389 map = new SparseArrayValueMap;
390 storage->m_sparseValueMap = map;
391 }
392
393 WriteBarrier<Unknown> temp;
394 pair<SparseArrayValueMap::iterator, bool> result = map->add(i, temp);
395 result.first->second.set(exec->globalData(), this, value);
396 if (!result.second) // pre-existing entry
397 return;
398
399 size_t capacity = map->capacity();
400 if (capacity != storage->reportedMapCapacity) {
401 Heap::heap(this)->reportExtraMemoryCost((capacity - storage->reportedMapCapacity) * (sizeof(unsigned) + sizeof(JSValue)));
402 storage->reportedMapCapacity = capacity;
403 }
404 return;
405 }
406 }
407
408 // We have decided that we'll put the new item into the vector.
409 // Fast case is when there is no sparse map, so we can increase the vector size without moving values from it.
410 if (!map || map->isEmpty()) {
411 if (increaseVectorLength(i + 1)) {
412 storage = m_storage;
413 storage->m_vector[i].set(exec->globalData(), this, value);
414 ++storage->m_numValuesInVector;
415 checkConsistency();
416 } else
417 throwOutOfMemoryError(exec);
418 return;
419 }
420
421 // Decide how many values it would be best to move from the map.
422 unsigned newNumValuesInVector = storage->m_numValuesInVector + 1;
423 unsigned newVectorLength = getNewVectorLength(i + 1);
424 for (unsigned j = max(m_vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
425 newNumValuesInVector += map->contains(j);
426 if (i >= MIN_SPARSE_ARRAY_INDEX)
427 newNumValuesInVector -= map->contains(i);
428 if (isDenseEnoughForVector(newVectorLength, newNumValuesInVector)) {
429 unsigned needLength = max(i + 1, storage->m_length);
430 unsigned proposedNewNumValuesInVector = newNumValuesInVector;
431 // If newVectorLength is already the maximum - MAX_STORAGE_VECTOR_LENGTH - then do not attempt to grow any further.
432 while ((newVectorLength < needLength) && (newVectorLength < MAX_STORAGE_VECTOR_LENGTH)) {
433 unsigned proposedNewVectorLength = getNewVectorLength(newVectorLength + 1);
434 for (unsigned j = max(newVectorLength, MIN_SPARSE_ARRAY_INDEX); j < proposedNewVectorLength; ++j)
435 proposedNewNumValuesInVector += map->contains(j);
436 if (!isDenseEnoughForVector(proposedNewVectorLength, proposedNewNumValuesInVector))
437 break;
438 newVectorLength = proposedNewVectorLength;
439 newNumValuesInVector = proposedNewNumValuesInVector;
440 }
441 }
442
443 void* baseStorage = storage->m_allocBase;
444
445 if ((unsigned)m_indexBias > (MAX_STORAGE_VECTOR_LENGTH - newVectorLength)
446 || !tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage)) {
447 throwOutOfMemoryError(exec);
448 return;
449 }
450
451 m_storage = reinterpret_cast_ptr<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
452 m_storage->m_allocBase = baseStorage;
453 storage = m_storage;
454
455 unsigned vectorLength = m_vectorLength;
456 WriteBarrier<Unknown>* vector = storage->m_vector;
457
458 if (newNumValuesInVector == storage->m_numValuesInVector + 1) {
459 for (unsigned j = vectorLength; j < newVectorLength; ++j)
460 vector[j].clear();
461 if (i > MIN_SPARSE_ARRAY_INDEX)
462 map->remove(i);
463 } else {
464 for (unsigned j = vectorLength; j < max(vectorLength, MIN_SPARSE_ARRAY_INDEX); ++j)
465 vector[j].clear();
466 JSGlobalData& globalData = exec->globalData();
467 for (unsigned j = max(vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
468 vector[j].set(globalData, this, map->take(j).get());
469 }
470
471 ASSERT(i < newVectorLength);
472
473 m_vectorLength = newVectorLength;
474 storage->m_numValuesInVector = newNumValuesInVector;
475
476 storage->m_vector[i].set(exec->globalData(), this, value);
477
478 checkConsistency();
479
480 Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
481 }
482
483 bool JSArray::deleteProperty(ExecState* exec, const Identifier& propertyName)
484 {
485 bool isArrayIndex;
486 unsigned i = propertyName.toArrayIndex(isArrayIndex);
487 if (isArrayIndex)
488 return deleteProperty(exec, i);
489
490 if (propertyName == exec->propertyNames().length)
491 return false;
492
493 return JSObject::deleteProperty(exec, propertyName);
494 }
495
496 bool JSArray::deleteProperty(ExecState* exec, unsigned i)
497 {
498 checkConsistency();
499
500 ArrayStorage* storage = m_storage;
501
502 if (i < m_vectorLength) {
503 WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
504 if (!valueSlot) {
505 checkConsistency();
506 return false;
507 }
508 valueSlot.clear();
509 --storage->m_numValuesInVector;
510 checkConsistency();
511 return true;
512 }
513
514 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
515 if (i >= MIN_SPARSE_ARRAY_INDEX) {
516 SparseArrayValueMap::iterator it = map->find(i);
517 if (it != map->end()) {
518 map->remove(it);
519 checkConsistency();
520 return true;
521 }
522 }
523 }
524
525 checkConsistency();
526
527 if (i > MAX_ARRAY_INDEX)
528 return deleteProperty(exec, Identifier::from(exec, i));
529
530 return false;
531 }
532
533 void JSArray::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
534 {
535 // FIXME: Filling PropertyNameArray with an identifier for every integer
536 // is incredibly inefficient for large arrays. We need a different approach,
537 // which almost certainly means a different structure for PropertyNameArray.
538
539 ArrayStorage* storage = m_storage;
540
541 unsigned usedVectorLength = min(storage->m_length, m_vectorLength);
542 for (unsigned i = 0; i < usedVectorLength; ++i) {
543 if (storage->m_vector[i])
544 propertyNames.add(Identifier::from(exec, i));
545 }
546
547 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
548 SparseArrayValueMap::iterator end = map->end();
549 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
550 propertyNames.add(Identifier::from(exec, it->first));
551 }
552
553 if (mode == IncludeDontEnumProperties)
554 propertyNames.add(exec->propertyNames().length);
555
556 JSObject::getOwnPropertyNames(exec, propertyNames, mode);
557 }
558
559 ALWAYS_INLINE unsigned JSArray::getNewVectorLength(unsigned desiredLength)
560 {
561 ASSERT(desiredLength <= MAX_STORAGE_VECTOR_LENGTH);
562
563 unsigned increasedLength;
564 unsigned maxInitLength = min(m_storage->m_length, 100000U);
565
566 if (desiredLength < maxInitLength)
567 increasedLength = maxInitLength;
568 else if (!m_vectorLength)
569 increasedLength = max(desiredLength, lastArraySize);
570 else {
571 // Mathematically equivalent to:
572 // increasedLength = (newLength * 3 + 1) / 2;
573 // or:
574 // increasedLength = (unsigned)ceil(newLength * 1.5));
575 // This form is not prone to internal overflow.
576 increasedLength = desiredLength + (desiredLength >> 1) + (desiredLength & 1);
577 }
578
579 ASSERT(increasedLength >= desiredLength);
580
581 lastArraySize = min(increasedLength, FIRST_VECTOR_GROW);
582
583 return min(increasedLength, MAX_STORAGE_VECTOR_LENGTH);
584 }
585
586 bool JSArray::increaseVectorLength(unsigned newLength)
587 {
588 // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
589 // to the vector. Callers have to account for that, because they can do it more efficiently.
590
591 ArrayStorage* storage = m_storage;
592
593 unsigned vectorLength = m_vectorLength;
594 ASSERT(newLength > vectorLength);
595 ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
596 unsigned newVectorLength = getNewVectorLength(newLength);
597 void* baseStorage = storage->m_allocBase;
598
599 if ((unsigned)m_indexBias > (MAX_STORAGE_VECTOR_LENGTH - newVectorLength)
600 || !tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage))
601 return false;
602
603 storage = m_storage = reinterpret_cast_ptr<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
604 m_storage->m_allocBase = baseStorage;
605
606 WriteBarrier<Unknown>* vector = storage->m_vector;
607 for (unsigned i = vectorLength; i < newVectorLength; ++i)
608 vector[i].clear();
609
610 m_vectorLength = newVectorLength;
611
612 Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
613
614 return true;
615 }
616
617 bool JSArray::increaseVectorPrefixLength(unsigned newLength)
618 {
619 // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
620 // to the vector. Callers have to account for that, because they can do it more efficiently.
621
622 ArrayStorage* storage = m_storage;
623
624 unsigned vectorLength = m_vectorLength;
625 ASSERT(newLength > vectorLength);
626 ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
627 unsigned newVectorLength = getNewVectorLength(newLength);
628
629 if ((unsigned)m_indexBias > (MAX_STORAGE_VECTOR_LENGTH - newVectorLength))
630 return false;
631 void* newBaseStorage = fastMalloc(storageSize(newVectorLength + m_indexBias));
632 if (!newBaseStorage)
633 return false;
634
635 m_indexBias += newVectorLength - newLength;
636
637 m_storage = reinterpret_cast_ptr<ArrayStorage*>(static_cast<char*>(newBaseStorage) + m_indexBias * sizeof(JSValue));
638
639 memcpy(m_storage, storage, storageSize(0));
640 memcpy(&m_storage->m_vector[newLength - m_vectorLength], &storage->m_vector[0], vectorLength * sizeof(JSValue));
641
642 m_storage->m_allocBase = newBaseStorage;
643 m_vectorLength = newLength;
644
645 fastFree(storage->m_allocBase);
646 ASSERT(newLength > vectorLength);
647 unsigned delta = newLength - vectorLength;
648 for (unsigned i = 0; i < delta; i++)
649 m_storage->m_vector[i].clear();
650 Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
651
652 return true;
653 }
654
655
656 void JSArray::setLength(unsigned newLength)
657 {
658 ArrayStorage* storage = m_storage;
659
660 #if CHECK_ARRAY_CONSISTENCY
661 if (!storage->m_inCompactInitialization)
662 checkConsistency();
663 else
664 storage->m_inCompactInitialization = false;
665 #endif
666
667 unsigned length = storage->m_length;
668
669 if (newLength < length) {
670 unsigned usedVectorLength = min(length, m_vectorLength);
671 for (unsigned i = newLength; i < usedVectorLength; ++i) {
672 WriteBarrier<Unknown>& valueSlot = storage->m_vector[i];
673 bool hadValue = valueSlot;
674 valueSlot.clear();
675 storage->m_numValuesInVector -= hadValue;
676 }
677
678 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
679 SparseArrayValueMap copy = *map;
680 SparseArrayValueMap::iterator end = copy.end();
681 for (SparseArrayValueMap::iterator it = copy.begin(); it != end; ++it) {
682 if (it->first >= newLength)
683 map->remove(it->first);
684 }
685 if (map->isEmpty()) {
686 delete map;
687 storage->m_sparseValueMap = 0;
688 }
689 }
690 }
691
692 storage->m_length = newLength;
693
694 checkConsistency();
695 }
696
697 JSValue JSArray::pop()
698 {
699 checkConsistency();
700
701 ArrayStorage* storage = m_storage;
702
703 unsigned length = storage->m_length;
704 if (!length)
705 return jsUndefined();
706
707 --length;
708
709 JSValue result;
710
711 if (length < m_vectorLength) {
712 WriteBarrier<Unknown>& valueSlot = storage->m_vector[length];
713 if (valueSlot) {
714 --storage->m_numValuesInVector;
715 result = valueSlot.get();
716 valueSlot.clear();
717 } else
718 result = jsUndefined();
719 } else {
720 result = jsUndefined();
721 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
722 SparseArrayValueMap::iterator it = map->find(length);
723 if (it != map->end()) {
724 result = it->second.get();
725 map->remove(it);
726 if (map->isEmpty()) {
727 delete map;
728 storage->m_sparseValueMap = 0;
729 }
730 }
731 }
732 }
733
734 storage->m_length = length;
735
736 checkConsistency();
737
738 return result;
739 }
740
741 void JSArray::push(ExecState* exec, JSValue value)
742 {
743 checkConsistency();
744
745 ArrayStorage* storage = m_storage;
746
747 if (storage->m_length < m_vectorLength) {
748 storage->m_vector[storage->m_length].set(exec->globalData(), this, value);
749 ++storage->m_numValuesInVector;
750 ++storage->m_length;
751 checkConsistency();
752 return;
753 }
754
755 if (storage->m_length < MIN_SPARSE_ARRAY_INDEX) {
756 SparseArrayValueMap* map = storage->m_sparseValueMap;
757 if (!map || map->isEmpty()) {
758 if (increaseVectorLength(storage->m_length + 1)) {
759 storage = m_storage;
760 storage->m_vector[storage->m_length].set(exec->globalData(), this, value);
761 ++storage->m_numValuesInVector;
762 ++storage->m_length;
763 checkConsistency();
764 return;
765 }
766 checkConsistency();
767 throwOutOfMemoryError(exec);
768 return;
769 }
770 }
771
772 putSlowCase(exec, storage->m_length++, value);
773 }
774
775 void JSArray::shiftCount(ExecState* exec, int count)
776 {
777 ASSERT(count > 0);
778
779 ArrayStorage* storage = m_storage;
780
781 unsigned oldLength = storage->m_length;
782
783 if (!oldLength)
784 return;
785
786 if (oldLength != storage->m_numValuesInVector) {
787 // If m_length and m_numValuesInVector aren't the same, we have a sparse vector
788 // which means we need to go through each entry looking for the the "empty"
789 // slots and then fill them with possible properties. See ECMA spec.
790 // 15.4.4.9 steps 11 through 13.
791 for (unsigned i = count; i < oldLength; ++i) {
792 if ((i >= m_vectorLength) || (!m_storage->m_vector[i])) {
793 PropertySlot slot(this);
794 JSValue p = prototype();
795 if ((!p.isNull()) && (asObject(p)->getPropertySlot(exec, i, slot)))
796 put(exec, i, slot.getValue(exec, i));
797 }
798 }
799
800 storage = m_storage; // The put() above could have grown the vector and realloc'ed storage.
801
802 // Need to decrement numValuesInvector based on number of real entries
803 for (unsigned i = 0; i < (unsigned)count; ++i)
804 if ((i < m_vectorLength) && (storage->m_vector[i]))
805 --storage->m_numValuesInVector;
806 } else
807 storage->m_numValuesInVector -= count;
808
809 storage->m_length -= count;
810
811 if (m_vectorLength) {
812 count = min(m_vectorLength, (unsigned)count);
813
814 m_vectorLength -= count;
815
816 if (m_vectorLength) {
817 char* newBaseStorage = reinterpret_cast<char*>(storage) + count * sizeof(JSValue);
818 memmove(newBaseStorage, storage, storageSize(0));
819 m_storage = reinterpret_cast_ptr<ArrayStorage*>(newBaseStorage);
820
821 m_indexBias += count;
822 }
823 }
824 }
825
826 void JSArray::unshiftCount(ExecState* exec, int count)
827 {
828 ArrayStorage* storage = m_storage;
829
830 ASSERT(m_indexBias >= 0);
831 ASSERT(count >= 0);
832
833 unsigned length = storage->m_length;
834
835 if (length != storage->m_numValuesInVector) {
836 // If m_length and m_numValuesInVector aren't the same, we have a sparse vector
837 // which means we need to go through each entry looking for the the "empty"
838 // slots and then fill them with possible properties. See ECMA spec.
839 // 15.4.4.13 steps 8 through 10.
840 for (unsigned i = 0; i < length; ++i) {
841 if ((i >= m_vectorLength) || (!m_storage->m_vector[i])) {
842 PropertySlot slot(this);
843 JSValue p = prototype();
844 if ((!p.isNull()) && (asObject(p)->getPropertySlot(exec, i, slot)))
845 put(exec, i, slot.getValue(exec, i));
846 }
847 }
848 }
849
850 storage = m_storage; // The put() above could have grown the vector and realloc'ed storage.
851
852 if (m_indexBias >= count) {
853 m_indexBias -= count;
854 char* newBaseStorage = reinterpret_cast<char*>(storage) - count * sizeof(JSValue);
855 memmove(newBaseStorage, storage, storageSize(0));
856 m_storage = reinterpret_cast_ptr<ArrayStorage*>(newBaseStorage);
857 m_vectorLength += count;
858 } else if ((unsigned)count > (MAX_STORAGE_VECTOR_LENGTH - m_vectorLength)
859 || !increaseVectorPrefixLength(m_vectorLength + count)) {
860 throwOutOfMemoryError(exec);
861 return;
862 }
863
864 WriteBarrier<Unknown>* vector = m_storage->m_vector;
865 for (int i = 0; i < count; i++)
866 vector[i].clear();
867 }
868
869 void JSArray::visitChildren(SlotVisitor& visitor)
870 {
871 ASSERT_GC_OBJECT_INHERITS(this, &s_info);
872 COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag);
873 ASSERT(structure()->typeInfo().overridesVisitChildren());
874 visitChildrenDirect(visitor);
875 }
876
877 static int compareNumbersForQSort(const void* a, const void* b)
878 {
879 double da = static_cast<const JSValue*>(a)->uncheckedGetNumber();
880 double db = static_cast<const JSValue*>(b)->uncheckedGetNumber();
881 return (da > db) - (da < db);
882 }
883
884 static int compareByStringPairForQSort(const void* a, const void* b)
885 {
886 const ValueStringPair* va = static_cast<const ValueStringPair*>(a);
887 const ValueStringPair* vb = static_cast<const ValueStringPair*>(b);
888 return codePointCompare(va->second, vb->second);
889 }
890
891 void JSArray::sortNumeric(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
892 {
893 ArrayStorage* storage = m_storage;
894
895 unsigned lengthNotIncludingUndefined = compactForSorting();
896 if (storage->m_sparseValueMap) {
897 throwOutOfMemoryError(exec);
898 return;
899 }
900
901 if (!lengthNotIncludingUndefined)
902 return;
903
904 bool allValuesAreNumbers = true;
905 size_t size = storage->m_numValuesInVector;
906 for (size_t i = 0; i < size; ++i) {
907 if (!storage->m_vector[i].isNumber()) {
908 allValuesAreNumbers = false;
909 break;
910 }
911 }
912
913 if (!allValuesAreNumbers)
914 return sort(exec, compareFunction, callType, callData);
915
916 // For numeric comparison, which is fast, qsort is faster than mergesort. We
917 // also don't require mergesort's stability, since there's no user visible
918 // side-effect from swapping the order of equal primitive values.
919 qsort(storage->m_vector, size, sizeof(JSValue), compareNumbersForQSort);
920
921 checkConsistency(SortConsistencyCheck);
922 }
923
924 void JSArray::sort(ExecState* exec)
925 {
926 ArrayStorage* storage = m_storage;
927
928 unsigned lengthNotIncludingUndefined = compactForSorting();
929 if (storage->m_sparseValueMap) {
930 throwOutOfMemoryError(exec);
931 return;
932 }
933
934 if (!lengthNotIncludingUndefined)
935 return;
936
937 // Converting JavaScript values to strings can be expensive, so we do it once up front and sort based on that.
938 // This is a considerable improvement over doing it twice per comparison, though it requires a large temporary
939 // buffer. Besides, this protects us from crashing if some objects have custom toString methods that return
940 // random or otherwise changing results, effectively making compare function inconsistent.
941
942 Vector<ValueStringPair> values(lengthNotIncludingUndefined);
943 if (!values.begin()) {
944 throwOutOfMemoryError(exec);
945 return;
946 }
947
948 Heap::heap(this)->pushTempSortVector(&values);
949
950 for (size_t i = 0; i < lengthNotIncludingUndefined; i++) {
951 JSValue value = storage->m_vector[i].get();
952 ASSERT(!value.isUndefined());
953 values[i].first = value;
954 }
955
956 // FIXME: The following loop continues to call toString on subsequent values even after
957 // a toString call raises an exception.
958
959 for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
960 values[i].second = values[i].first.toString(exec);
961
962 if (exec->hadException()) {
963 Heap::heap(this)->popTempSortVector(&values);
964 return;
965 }
966
967 // FIXME: Since we sort by string value, a fast algorithm might be to use a radix sort. That would be O(N) rather
968 // than O(N log N).
969
970 #if HAVE(MERGESORT)
971 mergesort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
972 #else
973 // FIXME: The qsort library function is likely to not be a stable sort.
974 // ECMAScript-262 does not specify a stable sort, but in practice, browsers perform a stable sort.
975 qsort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
976 #endif
977
978 // If the toString function changed the length of the array or vector storage,
979 // increase the length to handle the orignal number of actual values.
980 if (m_vectorLength < lengthNotIncludingUndefined)
981 increaseVectorLength(lengthNotIncludingUndefined);
982 if (storage->m_length < lengthNotIncludingUndefined)
983 storage->m_length = lengthNotIncludingUndefined;
984
985 JSGlobalData& globalData = exec->globalData();
986 for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
987 storage->m_vector[i].set(globalData, this, values[i].first);
988
989 Heap::heap(this)->popTempSortVector(&values);
990
991 checkConsistency(SortConsistencyCheck);
992 }
993
994 struct AVLTreeNodeForArrayCompare {
995 JSValue value;
996
997 // Child pointers. The high bit of gt is robbed and used as the
998 // balance factor sign. The high bit of lt is robbed and used as
999 // the magnitude of the balance factor.
1000 int32_t gt;
1001 int32_t lt;
1002 };
1003
1004 struct AVLTreeAbstractorForArrayCompare {
1005 typedef int32_t handle; // Handle is an index into m_nodes vector.
1006 typedef JSValue key;
1007 typedef int32_t size;
1008
1009 Vector<AVLTreeNodeForArrayCompare> m_nodes;
1010 ExecState* m_exec;
1011 JSValue m_compareFunction;
1012 CallType m_compareCallType;
1013 const CallData* m_compareCallData;
1014 JSValue m_globalThisValue;
1015 OwnPtr<CachedCall> m_cachedCall;
1016
1017 handle get_less(handle h) { return m_nodes[h].lt & 0x7FFFFFFF; }
1018 void set_less(handle h, handle lh) { m_nodes[h].lt &= 0x80000000; m_nodes[h].lt |= lh; }
1019 handle get_greater(handle h) { return m_nodes[h].gt & 0x7FFFFFFF; }
1020 void set_greater(handle h, handle gh) { m_nodes[h].gt &= 0x80000000; m_nodes[h].gt |= gh; }
1021
1022 int get_balance_factor(handle h)
1023 {
1024 if (m_nodes[h].gt & 0x80000000)
1025 return -1;
1026 return static_cast<unsigned>(m_nodes[h].lt) >> 31;
1027 }
1028
1029 void set_balance_factor(handle h, int bf)
1030 {
1031 if (bf == 0) {
1032 m_nodes[h].lt &= 0x7FFFFFFF;
1033 m_nodes[h].gt &= 0x7FFFFFFF;
1034 } else {
1035 m_nodes[h].lt |= 0x80000000;
1036 if (bf < 0)
1037 m_nodes[h].gt |= 0x80000000;
1038 else
1039 m_nodes[h].gt &= 0x7FFFFFFF;
1040 }
1041 }
1042
1043 int compare_key_key(key va, key vb)
1044 {
1045 ASSERT(!va.isUndefined());
1046 ASSERT(!vb.isUndefined());
1047
1048 if (m_exec->hadException())
1049 return 1;
1050
1051 double compareResult;
1052 if (m_cachedCall) {
1053 m_cachedCall->setThis(m_globalThisValue);
1054 m_cachedCall->setArgument(0, va);
1055 m_cachedCall->setArgument(1, vb);
1056 compareResult = m_cachedCall->call().toNumber(m_cachedCall->newCallFrame(m_exec));
1057 } else {
1058 MarkedArgumentBuffer arguments;
1059 arguments.append(va);
1060 arguments.append(vb);
1061 compareResult = call(m_exec, m_compareFunction, m_compareCallType, *m_compareCallData, m_globalThisValue, arguments).toNumber(m_exec);
1062 }
1063 return (compareResult < 0) ? -1 : 1; // Not passing equality through, because we need to store all values, even if equivalent.
1064 }
1065
1066 int compare_key_node(key k, handle h) { return compare_key_key(k, m_nodes[h].value); }
1067 int compare_node_node(handle h1, handle h2) { return compare_key_key(m_nodes[h1].value, m_nodes[h2].value); }
1068
1069 static handle null() { return 0x7FFFFFFF; }
1070 };
1071
1072 void JSArray::sort(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
1073 {
1074 checkConsistency();
1075
1076 ArrayStorage* storage = m_storage;
1077
1078 // FIXME: This ignores exceptions raised in the compare function or in toNumber.
1079
1080 // The maximum tree depth is compiled in - but the caller is clearly up to no good
1081 // if a larger array is passed.
1082 ASSERT(storage->m_length <= static_cast<unsigned>(std::numeric_limits<int>::max()));
1083 if (storage->m_length > static_cast<unsigned>(std::numeric_limits<int>::max()))
1084 return;
1085
1086 unsigned usedVectorLength = min(storage->m_length, m_vectorLength);
1087 unsigned nodeCount = usedVectorLength + (storage->m_sparseValueMap ? storage->m_sparseValueMap->size() : 0);
1088
1089 if (!nodeCount)
1090 return;
1091
1092 AVLTree<AVLTreeAbstractorForArrayCompare, 44> tree; // Depth 44 is enough for 2^31 items
1093 tree.abstractor().m_exec = exec;
1094 tree.abstractor().m_compareFunction = compareFunction;
1095 tree.abstractor().m_compareCallType = callType;
1096 tree.abstractor().m_compareCallData = &callData;
1097 tree.abstractor().m_globalThisValue = exec->globalThisValue();
1098 tree.abstractor().m_nodes.grow(nodeCount);
1099
1100 if (callType == CallTypeJS)
1101 tree.abstractor().m_cachedCall = adoptPtr(new CachedCall(exec, asFunction(compareFunction), 2));
1102
1103 if (!tree.abstractor().m_nodes.begin()) {
1104 throwOutOfMemoryError(exec);
1105 return;
1106 }
1107
1108 // FIXME: If the compare function modifies the array, the vector, map, etc. could be modified
1109 // right out from under us while we're building the tree here.
1110
1111 unsigned numDefined = 0;
1112 unsigned numUndefined = 0;
1113
1114 // Iterate over the array, ignoring missing values, counting undefined ones, and inserting all other ones into the tree.
1115 for (; numDefined < usedVectorLength; ++numDefined) {
1116 JSValue v = storage->m_vector[numDefined].get();
1117 if (!v || v.isUndefined())
1118 break;
1119 tree.abstractor().m_nodes[numDefined].value = v;
1120 tree.insert(numDefined);
1121 }
1122 for (unsigned i = numDefined; i < usedVectorLength; ++i) {
1123 JSValue v = storage->m_vector[i].get();
1124 if (v) {
1125 if (v.isUndefined())
1126 ++numUndefined;
1127 else {
1128 tree.abstractor().m_nodes[numDefined].value = v;
1129 tree.insert(numDefined);
1130 ++numDefined;
1131 }
1132 }
1133 }
1134
1135 unsigned newUsedVectorLength = numDefined + numUndefined;
1136
1137 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
1138 newUsedVectorLength += map->size();
1139 if (newUsedVectorLength > m_vectorLength) {
1140 // Check that it is possible to allocate an array large enough to hold all the entries.
1141 if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength)) {
1142 throwOutOfMemoryError(exec);
1143 return;
1144 }
1145 }
1146
1147 storage = m_storage;
1148
1149 SparseArrayValueMap::iterator end = map->end();
1150 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it) {
1151 tree.abstractor().m_nodes[numDefined].value = it->second.get();
1152 tree.insert(numDefined);
1153 ++numDefined;
1154 }
1155
1156 delete map;
1157 storage->m_sparseValueMap = 0;
1158 }
1159
1160 ASSERT(tree.abstractor().m_nodes.size() >= numDefined);
1161
1162 // FIXME: If the compare function changed the length of the array, the following might be
1163 // modifying the vector incorrectly.
1164
1165 // Copy the values back into m_storage.
1166 AVLTree<AVLTreeAbstractorForArrayCompare, 44>::Iterator iter;
1167 iter.start_iter_least(tree);
1168 JSGlobalData& globalData = exec->globalData();
1169 for (unsigned i = 0; i < numDefined; ++i) {
1170 storage->m_vector[i].set(globalData, this, tree.abstractor().m_nodes[*iter].value);
1171 ++iter;
1172 }
1173
1174 // Put undefined values back in.
1175 for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
1176 storage->m_vector[i].setUndefined();
1177
1178 // Ensure that unused values in the vector are zeroed out.
1179 for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
1180 storage->m_vector[i].clear();
1181
1182 storage->m_numValuesInVector = newUsedVectorLength;
1183
1184 checkConsistency(SortConsistencyCheck);
1185 }
1186
1187 void JSArray::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
1188 {
1189 ArrayStorage* storage = m_storage;
1190
1191 WriteBarrier<Unknown>* vector = storage->m_vector;
1192 unsigned vectorEnd = min(storage->m_length, m_vectorLength);
1193 unsigned i = 0;
1194 for (; i < vectorEnd; ++i) {
1195 WriteBarrier<Unknown>& v = vector[i];
1196 if (!v)
1197 break;
1198 args.append(v.get());
1199 }
1200
1201 for (; i < storage->m_length; ++i)
1202 args.append(get(exec, i));
1203 }
1204
1205 void JSArray::copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize)
1206 {
1207 ASSERT(m_storage->m_length >= maxSize);
1208 UNUSED_PARAM(maxSize);
1209 WriteBarrier<Unknown>* vector = m_storage->m_vector;
1210 unsigned vectorEnd = min(maxSize, m_vectorLength);
1211 unsigned i = 0;
1212 for (; i < vectorEnd; ++i) {
1213 WriteBarrier<Unknown>& v = vector[i];
1214 if (!v)
1215 break;
1216 buffer[i] = v.get();
1217 }
1218
1219 for (; i < maxSize; ++i)
1220 buffer[i] = get(exec, i);
1221 }
1222
1223 unsigned JSArray::compactForSorting()
1224 {
1225 checkConsistency();
1226
1227 ArrayStorage* storage = m_storage;
1228
1229 unsigned usedVectorLength = min(storage->m_length, m_vectorLength);
1230
1231 unsigned numDefined = 0;
1232 unsigned numUndefined = 0;
1233
1234 for (; numDefined < usedVectorLength; ++numDefined) {
1235 JSValue v = storage->m_vector[numDefined].get();
1236 if (!v || v.isUndefined())
1237 break;
1238 }
1239
1240 for (unsigned i = numDefined; i < usedVectorLength; ++i) {
1241 JSValue v = storage->m_vector[i].get();
1242 if (v) {
1243 if (v.isUndefined())
1244 ++numUndefined;
1245 else
1246 storage->m_vector[numDefined++].setWithoutWriteBarrier(v);
1247 }
1248 }
1249
1250 unsigned newUsedVectorLength = numDefined + numUndefined;
1251
1252 if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
1253 newUsedVectorLength += map->size();
1254 if (newUsedVectorLength > m_vectorLength) {
1255 // Check that it is possible to allocate an array large enough to hold all the entries - if not,
1256 // exception is thrown by caller.
1257 if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength))
1258 return 0;
1259
1260 storage = m_storage;
1261 }
1262
1263 SparseArrayValueMap::iterator end = map->end();
1264 for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
1265 storage->m_vector[numDefined++].setWithoutWriteBarrier(it->second.get());
1266
1267 delete map;
1268 storage->m_sparseValueMap = 0;
1269 }
1270
1271 for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
1272 storage->m_vector[i].setUndefined();
1273 for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
1274 storage->m_vector[i].clear();
1275
1276 storage->m_numValuesInVector = newUsedVectorLength;
1277
1278 checkConsistency(SortConsistencyCheck);
1279
1280 return numDefined;
1281 }
1282
1283 void* JSArray::subclassData() const
1284 {
1285 return m_storage->subclassData;
1286 }
1287
1288 void JSArray::setSubclassData(void* d)
1289 {
1290 m_storage->subclassData = d;
1291 }
1292
1293 #if CHECK_ARRAY_CONSISTENCY
1294
1295 void JSArray::checkConsistency(ConsistencyCheckType type)
1296 {
1297 ArrayStorage* storage = m_storage;
1298
1299 ASSERT(storage);
1300 if (type == SortConsistencyCheck)
1301 ASSERT(!storage->m_sparseValueMap);
1302
1303 unsigned numValuesInVector = 0;
1304 for (unsigned i = 0; i < m_vectorLength; ++i) {
1305 if (JSValue value = storage->m_vector[i]) {
1306 ASSERT(i < storage->m_length);
1307 if (type != DestructorConsistencyCheck)
1308 value.isUndefined(); // Likely to crash if the object was deallocated.
1309 ++numValuesInVector;
1310 } else {
1311 if (type == SortConsistencyCheck)
1312 ASSERT(i >= storage->m_numValuesInVector);
1313 }
1314 }
1315 ASSERT(numValuesInVector == storage->m_numValuesInVector);
1316 ASSERT(numValuesInVector <= storage->m_length);
1317
1318 if (storage->m_sparseValueMap) {
1319 SparseArrayValueMap::iterator end = storage->m_sparseValueMap->end();
1320 for (SparseArrayValueMap::iterator it = storage->m_sparseValueMap->begin(); it != end; ++it) {
1321 unsigned index = it->first;
1322 ASSERT(index < storage->m_length);
1323 ASSERT(index >= storage->m_vectorLength);
1324 ASSERT(index <= MAX_ARRAY_INDEX);
1325 ASSERT(it->second);
1326 if (type != DestructorConsistencyCheck)
1327 it->second.isUndefined(); // Likely to crash if the object was deallocated.
1328 }
1329 }
1330 }
1331
1332 #endif
1333
1334 } // namespace JSC
mirror of JavaScriptCore