Mercurial > mozreview > gecko / changeset / 87df57e996e3e440b43ddd98d8bd8afffe26c88b
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1310744: Don't enter in the fast path for DeleteArrayElement for frozen arrays. r?nbp draft
authorEmilio Cobos Álvarez <ecoal95@gmail.com>
Wed, 19 Oct 2016 21:04:51 +0200
changeset 427483 87df57e996e3e440b43ddd98d8bd8afffe26c88b
parent 427482 dc493a55b5b459c48b100202ffd62724d69c55a9
child 427484 4f0f64b1b20a629c6f4ed37c2177d7709e0a4c64
child 427491 6d74ed024323f088aa7f862621a14a722306159e
push id33026
push userbmo:ecoal95@gmail.com
push dateThu, 20 Oct 2016 12:41:55 +0000
reviewersnbp
bugs1310744
milestone52.0a1
Bug 1310744: Don't enter in the fast path for DeleteArrayElement for frozen arrays. r?nbp MozReview-Commit-ID: 6NuJICFchMr
js/src/jsarray.cpp file | annotate | diff | comparison | revisions 
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -425,17 +425,19 @@ SetArrayElement(JSContext* cx, HandleObj
  * non-configurable, but proxies may implement different semantics.)
  */
 static bool
 DeleteArrayElement(JSContext* cx, HandleObject obj, double index, ObjectOpResult& result)
 {
     MOZ_ASSERT(index >= 0);
     MOZ_ASSERT(floor(index) == index);
 
-    if (obj->is<ArrayObject>() && !obj->isIndexed()) {
+    if (obj->is<ArrayObject>() && !obj->isIndexed() &&
+        !obj->as<NativeObject>().denseElementsAreFrozen())
+    {
         ArrayObject* aobj = &obj->as<ArrayObject>();
         if (index <= UINT32_MAX) {
             uint32_t idx = uint32_t(index);
             if (idx < aobj->getDenseInitializedLength()) {
                 if (!aobj->maybeCopyElementsForWrite(cx))
                     return false;
                 if (idx+1 == aobj->getDenseInitializedLength()) {
                     aobj->setDenseInitializedLength(idx);
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.