Permalink
Browse files

arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Und…

…ecided type array.

https://bugs.webkit.org/show_bug.cgi?id=188065
<rdar://problem/42515726>

Reviewed by Saam Barati.

JSTests:

* stress/regress-188065.js: Added.

Source/JavaScriptCore:

* runtime/ArrayPrototype.cpp:
(JSC::clearElement):
(JSC::copyElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@234269 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information...
mark.lam@apple.com
mark.lam@apple.com committed Jul 26, 2018
1 parent 7b14937 commit b68b373dcbfbc68682ceeca8292c5c0051472071
View
@@ -1,3 +1,13 @@
2018-07-26 Mark Lam <mark.lam@apple.com>
arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Undecided type array.
https://bugs.webkit.org/show_bug.cgi?id=188065
<rdar://problem/42515726>
Reviewed by Saam Barati.
* stress/regress-188065.js: Added.
2018-07-25 Andy VanWagoner <andy@vanwagoner.family>
[INTL] Call Typed Array elements toLocaleString with locale and options
@@ -0,0 +1,8 @@
function test() {
var arr = new Array(400);
arr.concat([1.1]);
}
noInline(test);
for (var i = 0; i < 10000; i++)
test();
@@ -1,3 +1,16 @@
2018-07-26 Mark Lam <mark.lam@apple.com>
arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Undecided type array.
https://bugs.webkit.org/show_bug.cgi?id=188065
<rdar://problem/42515726>
Reviewed by Saam Barati.
* runtime/ArrayPrototype.cpp:
(JSC::clearElement):
(JSC::copyElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
2018-07-26 Andy VanWagoner <andy@vanwagoner.family>
JSC: Intl API should ignore encoding when parsing BCP 47 language tag from ISO 15897 locale string (passed via LANG)
@@ -1292,6 +1292,29 @@ static EncodedJSValue concatAppendOne(ExecState* exec, VM& vm, JSArray* first, J
}
template<typename T>
void clearElement(T& element)
{
element.clear();
}
template<>
void clearElement(double& element)
{
element = PNaN;
}
template<typename T>
ALWAYS_INLINE void copyElements(T* buffer, unsigned offset, void* source, unsigned sourceSize, IndexingType sourceType)
{
if (sourceType != ArrayWithUndecided) {
memcpy(buffer + offset, source, sizeof(JSValue) * sourceSize);
return;
}
for (unsigned i = sourceSize; i--;)
clearElement<T>(buffer[i + offset]);
};
EncodedJSValue JSC_HOST_CALL arrayProtoPrivateFuncConcatMemcpy(ExecState* exec)
{
@@ -1367,26 +1390,16 @@ EncodedJSValue JSC_HOST_CALL arrayProtoPrivateFuncConcatMemcpy(ExecState* exec)
throwOutOfMemoryError(exec, scope);
return encodedJSValue();
}
if (type == ArrayWithDouble) {
double* buffer = result->butterfly()->contiguousDouble().data();
memcpy(buffer, firstButterfly->contiguousDouble().data(), sizeof(JSValue) * firstArraySize);
memcpy(buffer + firstArraySize, secondButterfly->contiguousDouble().data(), sizeof(JSValue) * secondArraySize);
copyElements(buffer, 0, firstButterfly->contiguousDouble().data(), firstArraySize, firstType);
copyElements(buffer, firstArraySize, secondButterfly->contiguousDouble().data(), secondArraySize, secondType);
} else if (type != ArrayWithUndecided) {
WriteBarrier<Unknown>* buffer = result->butterfly()->contiguous().data();
auto copy = [&] (unsigned offset, void* source, unsigned size, IndexingType type) {
if (type != ArrayWithUndecided) {
memcpy(buffer + offset, source, sizeof(JSValue) * size);
return;
}
for (unsigned i = size; i--;)
buffer[i + offset].clear();
};
copy(0, firstButterfly->contiguous().data(), firstArraySize, firstType);
copy(firstArraySize, secondButterfly->contiguous().data(), secondArraySize, secondType);
copyElements(buffer, 0, firstButterfly->contiguous().data(), firstArraySize, firstType);
copyElements(buffer, firstArraySize, secondButterfly->contiguous().data(), secondArraySize, secondType);
}
result->butterfly()->setPublicLength(resultSize);

0 comments on commit b68b373

Please sign in to comment.