Skip to site navigation (Press enter)

[webkit-changes] [139094] trunk

fpizlo Tue, 08 Jan 2013 12:19:53 -0800

Title: [139094] trunk

Revision: 139094
Author: fpi...@apple.com
Date: 2013-01-08 12:21:36 -0800 (Tue, 08 Jan 2013)

Log Message

If array allocation profiling causes a new_array to allocate double arrays, then the holes should end up being correctly initialized
https://bugs.webkit.org/show_bug.cgi?id=106363


Reviewed by Mark Hahnenberg.

Source/_javascript_Core: 

* runtime/JSArray.h:
(JSC::JSArray::tryCreateUninitialized):

LayoutTests: 

* fast/js/jsc-test-list:
* fast/js/new-array-double-with-holes-expected.txt: Added.
* fast/js/new-array-double-with-holes.html: Added.
* fast/js/script-tests/new-array-double-with-holes.js: Added.
(foo):

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/fast/js/jsc-test-list
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/JSArray.h

Added Paths

trunk/LayoutTests/fast/js/new-array-double-with-holes-expected.txt
trunk/LayoutTests/fast/js/new-array-double-with-holes.html
trunk/LayoutTests/fast/js/script-tests/new-array-double-with-holes.js

Diff

Modified: trunk/LayoutTests/ChangeLog (139093 => 139094)


--- trunk/LayoutTests/ChangeLog	2013-01-08 20:12:49 UTC (rev 139093)
+++ trunk/LayoutTests/ChangeLog	2013-01-08 20:21:36 UTC (rev 139094)
@@ -1,3 +1,16 @@
+2013-01-08  Filip Pizlo  <fpi...@apple.com>
+
+        If array allocation profiling causes a new_array to allocate double arrays, then the holes should end up being correctly initialized
+        https://bugs.webkit.org/show_bug.cgi?id=106363
+
+        Reviewed by Mark Hahnenberg.
+
+        * fast/js/jsc-test-list:
+        * fast/js/new-array-double-with-holes-expected.txt: Added.
+        * fast/js/new-array-double-with-holes.html: Added.
+        * fast/js/script-tests/new-array-double-with-holes.js: Added.
+        (foo):
+
 2013-01-08  Ryosuke Niwa  <rn...@webkit.org>
 
         Add a crashing test expectation to a test added in r139029.

Modified: trunk/LayoutTests/fast/js/jsc-test-list (139093 => 139094)


--- trunk/LayoutTests/fast/js/jsc-test-list	2013-01-08 20:12:49 UTC (rev 139093)
+++ trunk/LayoutTests/fast/js/jsc-test-list	2013-01-08 20:21:36 UTC (rev 139094)
@@ -248,6 +248,7 @@
 fast/js/multiline-comment-newline
 fast/js/named-function-_expression_
 fast/js/nested-functions
+fast/js/new-array-double-with-holes
 fast/js/no-semi-insertion-at-end-of-script
 fast/js/number-cell-reuse
 fast/js/number-toExponential

Added: trunk/LayoutTests/fast/js/new-array-double-with-holes-expected.txt (0 => 139094)


--- trunk/LayoutTests/fast/js/new-array-double-with-holes-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/js/new-array-double-with-holes-expected.txt	2013-01-08 20:21:36 UTC (rev 139094)
@@ -0,0 +1,109 @@
+Tests that if array allocation profiling causes a new_array to allocate double arrays, then the holes end up being correctly initialized.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS foo([, 1.5], 0) is void 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/js/new-array-double-with-holes.html (0 => 139094)


--- trunk/LayoutTests/fast/js/new-array-double-with-holes.html	                        (rev 0)
+++ trunk/LayoutTests/fast/js/new-array-double-with-holes.html	2013-01-08 20:21:36 UTC (rev 139094)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Added: trunk/LayoutTests/fast/js/script-tests/new-array-double-with-holes.js (0 => 139094)


--- trunk/LayoutTests/fast/js/script-tests/new-array-double-with-holes.js	                        (rev 0)
+++ trunk/LayoutTests/fast/js/script-tests/new-array-double-with-holes.js	2013-01-08 20:21:36 UTC (rev 139094)
@@ -0,0 +1,11 @@
+description(
+"Tests that if array allocation profiling causes a new_array to allocate double arrays, then the holes end up being correctly initialized."
+);
+
+function foo(array, i) {
+    return array[i];
+}
+
+for (var i = 0; i < 100; ++i)
+    shouldBe("foo([, 1.5], 0)", "void 0");
+

Modified: trunk/Source/_javascript_Core/ChangeLog (139093 => 139094)


--- trunk/Source/_javascript_Core/ChangeLog	2013-01-08 20:12:49 UTC (rev 139093)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-01-08 20:21:36 UTC (rev 139094)
@@ -1,3 +1,13 @@
+2013-01-08  Filip Pizlo  <fpi...@apple.com>
+
+        If array allocation profiling causes a new_array to allocate double arrays, then the holes should end up being correctly initialized
+        https://bugs.webkit.org/show_bug.cgi?id=106363
+
+        Reviewed by Mark Hahnenberg.
+
+        * runtime/JSArray.h:
+        (JSC::JSArray::tryCreateUninitialized):
+
 2013-01-07  Filip Pizlo  <fpi...@apple.com>
 
         DFG should backwards-propagate NodeUsedAsValue for Phantom

Modified: trunk/Source/_javascript_Core/runtime/JSArray.h (139093 => 139094)


--- trunk/Source/_javascript_Core/runtime/JSArray.h	2013-01-08 20:12:49 UTC (rev 139093)
+++ trunk/Source/_javascript_Core/runtime/JSArray.h	2013-01-08 20:21:36 UTC (rev 139094)
@@ -245,6 +245,10 @@
         butterfly = Butterfly::fromBase(temp, 0, 0);
         butterfly->setVectorLength(vectorLength);
         butterfly->setPublicLength(initialLength);
+        if (hasDouble(structure->indexingType())) {
+            for (unsigned i = initialLength; i < vectorLength; ++i)
+                butterfly->contiguousDouble()[i] = QNaN;
+        }
     } else {
         void* temp;
         if (!globalData.heap.tryAllocateStorage(Butterfly::totalSize(0, 0, true, ArrayStorage::sizeFor(vectorLength)), &temp))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes