X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/fb8617cde5834786bd4e4afd579883e4acf5666e..b80e619319b1def83d1e8b4f84042b661be1be7f:/runtime/JSArray.cpp?ds=sidebyside diff --git a/runtime/JSArray.cpp b/runtime/JSArray.cpp index 5ec43c7..eb778ed 100644 --- a/runtime/JSArray.cpp +++ b/runtime/JSArray.cpp @@ -151,7 +151,7 @@ JSArray::JSArray(NonNullPassRefPtr structure, unsigned initialLength) m_vectorLength = initialCapacity; m_storage->m_numValuesInVector = 0; m_storage->m_sparseValueMap = 0; - m_storage->lazyCreationData = 0; + m_storage->subclassData = 0; m_storage->reportedMapCapacity = 0; JSValue* vector = m_storage->m_vector; @@ -173,7 +173,7 @@ JSArray::JSArray(NonNullPassRefPtr structure, const ArgList& list) m_vectorLength = initialCapacity; m_storage->m_numValuesInVector = initialCapacity; m_storage->m_sparseValueMap = 0; - m_storage->lazyCreationData = 0; + m_storage->subclassData = 0; m_storage->reportedMapCapacity = 0; size_t i = 0; @@ -643,8 +643,6 @@ static int compareNumbersForQSort(const void* a, const void* b) return (da > db) - (da < db); } -typedef std::pair ValueStringPair; - static int compareByStringPairForQSort(const void* a, const void* b) { const ValueStringPair* va = static_cast(a); @@ -704,6 +702,8 @@ void JSArray::sort(ExecState* exec) throwOutOfMemoryError(exec); return; } + + Heap::heap(this)->pushTempSortVector(&values); for (size_t i = 0; i < lengthNotIncludingUndefined; i++) { JSValue value = m_storage->m_vector[i]; @@ -711,17 +711,16 @@ void JSArray::sort(ExecState* exec) values[i].first = value; } - // FIXME: While calling these toString functions, the array could be mutated. - // In that case, objects pointed to by values in this vector might get garbage-collected! - // FIXME: The following loop continues to call toString on subsequent values even after // a toString call raises an exception. for (size_t i = 0; i < lengthNotIncludingUndefined; i++) values[i].second = values[i].first.toString(exec); - if (exec->hadException()) + if (exec->hadException()) { + Heap::heap(this)->popTempSortVector(&values); return; + } // FIXME: Since we sort by string value, a fast algorithm might be to use a radix sort. That would be O(N) rather // than O(N log N). @@ -734,12 +733,18 @@ void JSArray::sort(ExecState* exec) qsort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort); #endif - // FIXME: If the toString function changed the length of the array, this might be - // modifying the vector incorrectly. - + // If the toString function changed the length of the array or vector storage, + // increase the length to handle the orignal number of actual values. + if (m_vectorLength < lengthNotIncludingUndefined) + increaseVectorLength(lengthNotIncludingUndefined); + if (m_storage->m_length < lengthNotIncludingUndefined) + m_storage->m_length = lengthNotIncludingUndefined; + for (size_t i = 0; i < lengthNotIncludingUndefined; i++) m_storage->m_vector[i] = values[i].first; + Heap::heap(this)->popTempSortVector(&values); + checkConsistency(SortConsistencyCheck); } @@ -1022,14 +1027,14 @@ unsigned JSArray::compactForSorting() return numDefined; } -void* JSArray::lazyCreationData() +void* JSArray::subclassData() const { - return m_storage->lazyCreationData; + return m_storage->subclassData; } -void JSArray::setLazyCreationData(void* d) +void JSArray::setSubclassData(void* d) { - m_storage->lazyCreationData = d; + m_storage->subclassData = d; } #if CHECK_ARRAY_CONSISTENCY