[Webkit-unassigned] [Bug 41920] Avoid slow-path for put() in Array.splice()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 12 16:55:12 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41920
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #61290|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #11 from Darin Adler <darin at apple.com> 2010-07-12 16:55:12 PST ---
(From update of attachment 61290)
> + if (creationMode == CreateInitialized) {
> + JSValue* vector = m_storage->m_vector;
> + for (size_t i = 0; i < initialCapacity; ++i)
> + vector[i] = JSValue();
> + m_storage->m_numValuesInVector = 0;
> + } else
> + m_storage->m_numValuesInVector = initialCapacity;
It's not safe to leave the vector uninitialized. Garbage collection could happen if one of the calls to getProperty does any object allocation, which can definitely happen in many ways, including getters and DOM objects. And if garbage collection does happen, we will need to survive a call to the markChildren function.
> + enum ArrayCreationMode { CreateCompactUninitialized, CreateInitialized };
While it is nice to scope the enum to the class, it makes the call sites too ugly. I think it's fine to define this at namespace scope instead.
> + void uncheckedSetIndex(unsigned i, JSValue v)
> + {
> + m_storage->m_vector[i] = v;
> + }
You could put assertions in here to make it clearer what those things are that are not checked.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list