Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 172ece169a8045a8239dd635d8d0000b3032708c
https://github.com/WebKit/WebKit/commit/172ece169a8045a8239dd635d8d0000b3032708c
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2025-03-07 (Fri, 07 Mar 2025)
Changed paths:
M Source/JavaScriptCore/runtime/ArrayPrototype.cpp
M Source/JavaScriptCore/runtime/JSArray.cpp
M Source/JavaScriptCore/runtime/JSArray.h
Log Message:
-----------
[JSC] Array#concat should first create a butterfly before result array
https://bugs.webkit.org/show_bug.cgi?id=289391
rdar://146520816
Reviewed by Sosuke Suzuki.
We should just first allocate a butterfly, copying content, and then
create an array from that since copying does not cause any GC and
butterfly's content is coming from the other arrays which is under GC
management. So in this case, we do not need to use GCSafe ops since
these butterflies are not scanned until it gets set to an array, which
will be done after setting everything.
* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::concatAppendArray):
* Source/JavaScriptCore/runtime/JSArray.cpp:
(JSC::tryCloneArrayFromFast):
* Source/JavaScriptCore/runtime/JSArray.h:
(JSC::copyArrayElements):
Canonical link: https://commits.webkit.org/291828@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
