WebKit Bugzilla
Attachment 345853 Details for
Bug 188065
: arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Undecided type array.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch.
bug-188065.patch (text/plain), 4.43 KB, created by
Mark Lam
on 2018-07-26 11:24:32 PDT
(
hide
)
Description:
proposed patch.
Filename:
MIME Type:
Creator:
Mark Lam
Created:
2018-07-26 11:24:32 PDT
Size:
4.43 KB
patch
obsolete
>Index: JSTests/ChangeLog >=================================================================== >--- JSTests/ChangeLog (revision 234267) >+++ JSTests/ChangeLog (working copy) >@@ -1,3 +1,13 @@ >+2018-07-26 Mark Lam <mark.lam@apple.com> >+ >+ arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Undecided type array. >+ https://bugs.webkit.org/show_bug.cgi?id=188065 >+ <rdar://problem/42515726> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/regress-188065.js: Added. >+ > 2018-07-25 Andy VanWagoner <andy@vanwagoner.family> > > [INTL] Call Typed Array elements toLocaleString with locale and options >Index: JSTests/stress/regress-188065.js >=================================================================== >--- JSTests/stress/regress-188065.js (nonexistent) >+++ JSTests/stress/regress-188065.js (working copy) >@@ -0,0 +1,8 @@ >+function test() { >+ var arr = new Array(400); >+ arr.concat([1.1]); >+} >+noInline(test); >+ >+for (var i = 0; i < 10000; i++) >+ test(); >Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 234261) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,16 @@ >+2018-07-26 Mark Lam <mark.lam@apple.com> >+ >+ arrayProtoPrivateFuncConcatMemcpy() should handle copying from an Undecided type array. >+ https://bugs.webkit.org/show_bug.cgi?id=188065 >+ <rdar://problem/42515726> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * runtime/ArrayPrototype.cpp: >+ (JSC::clearElement): >+ (JSC::copyElements): >+ (JSC::arrayProtoPrivateFuncConcatMemcpy): >+ > 2018-07-26 Andy VanWagoner <andy@vanwagoner.family> > > JSC: Intl API should ignore encoding when parsing BCP 47 language tag from ISO 15897 locale string (passed via LANG) >Index: Source/JavaScriptCore/runtime/ArrayPrototype.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/ArrayPrototype.cpp (revision 234261) >+++ Source/JavaScriptCore/runtime/ArrayPrototype.cpp (working copy) >@@ -1292,6 +1292,29 @@ static EncodedJSValue concatAppendOne(Ex > > } > >+template<typename T> >+void clearElement(T& element) >+{ >+ element.clear(); >+} >+ >+template<> >+void clearElement(double& element) >+{ >+ element = PNaN; >+} >+ >+template<typename T, bool isDouble = std::is_same<T, double>::value> >+void copyElements(T* buffer, unsigned offset, void* source, unsigned sourceSize, IndexingType sourceType) >+{ >+ if (sourceType != ArrayWithUndecided) { >+ memcpy(buffer + offset, source, sizeof(JSValue) * sourceSize); >+ return; >+ } >+ >+ for (unsigned i = sourceSize; i--;) >+ clearElement<T>(buffer[i + offset]); >+}; > > EncodedJSValue JSC_HOST_CALL arrayProtoPrivateFuncConcatMemcpy(ExecState* exec) > { >@@ -1367,26 +1390,16 @@ EncodedJSValue JSC_HOST_CALL arrayProtoP > throwOutOfMemoryError(exec, scope); > return encodedJSValue(); > } >- >+ > if (type == ArrayWithDouble) { > double* buffer = result->butterfly()->contiguousDouble().data(); >- memcpy(buffer, firstButterfly->contiguousDouble().data(), sizeof(JSValue) * firstArraySize); >- memcpy(buffer + firstArraySize, secondButterfly->contiguousDouble().data(), sizeof(JSValue) * secondArraySize); >+ copyElements(buffer, 0, firstButterfly->contiguousDouble().data(), firstArraySize, firstType); >+ copyElements(buffer, firstArraySize, secondButterfly->contiguousDouble().data(), secondArraySize, secondType); >+ > } else if (type != ArrayWithUndecided) { > WriteBarrier<Unknown>* buffer = result->butterfly()->contiguous().data(); >- >- auto copy = [&] (unsigned offset, void* source, unsigned size, IndexingType type) { >- if (type != ArrayWithUndecided) { >- memcpy(buffer + offset, source, sizeof(JSValue) * size); >- return; >- } >- >- for (unsigned i = size; i--;) >- buffer[i + offset].clear(); >- }; >- >- copy(0, firstButterfly->contiguous().data(), firstArraySize, firstType); >- copy(firstArraySize, secondButterfly->contiguous().data(), secondArraySize, secondType); >+ copyElements(buffer, 0, firstButterfly->contiguous().data(), firstArraySize, firstType); >+ copyElements(buffer, firstArraySize, secondButterfly->contiguous().data(), secondArraySize, secondType); > } > > result->butterfly()->setPublicLength(resultSize);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=345853">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
saam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188065
:
345853
|
345854