[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
ggaren at apple.com
ggaren at apple.com
Thu Apr 8 00:59:02 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit c1fb8e4e81060825ab274bbdd8dc51db65de4182
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jan 9 01:02:38 2010 +0000
2010-01-08 Geoffrey Garen <ggaren at apple.com>
Reviewed by Oliver Hunt.
Memory use grows grows possibly unbounded in this JavaScript Array test case
https://bugs.webkit.org/show_bug.cgi?id=31675
This fixes one observed bug in this test case, which is that
arrays don't report extra cost for the sparse value maps.
SunSpider reports a small speedup.
* runtime/JSArray.cpp:
(JSC::JSArray::putSlowCase): Report extra memory cost for
the sparse value map.
* runtime/JSArray.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53025 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index c4e93c9..5ce704c 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-01-08 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Memory use grows grows possibly unbounded in this JavaScript Array test case
+ https://bugs.webkit.org/show_bug.cgi?id=31675
+
+ This fixes one observed bug in this test case, which is that
+ arrays don't report extra cost for the sparse value maps.
+
+ SunSpider reports a small speedup.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase): Report extra memory cost for
+ the sparse value map.
+ * runtime/JSArray.h:
+
2010-01-08 Yong Li <yoli at rim.com>
Reviewed by Darin Adler.
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp
index 597609b..2f1141d 100644
--- a/JavaScriptCore/runtime/JSArray.cpp
+++ b/JavaScriptCore/runtime/JSArray.cpp
@@ -329,13 +329,24 @@ NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue valu
}
// We miss some cases where we could compact the storage, such as a large array that is being filled from the end
- // (which will only be compacted as we reach indices that are less than cutoff) - but this makes the check much faster.
+ // (which will only be compacted as we reach indices that are less than MIN_SPARSE_ARRAY_INDEX) - but this makes the check much faster.
if ((i > MAX_STORAGE_VECTOR_INDEX) || !isDenseEnoughForVector(i + 1, storage->m_numValuesInVector + 1)) {
if (!map) {
map = new SparseArrayValueMap;
storage->m_sparseValueMap = map;
}
- map->set(i, value);
+
+ pair<SparseArrayValueMap::iterator, bool> result = map->add(i, value);
+ if (!result.second) { // pre-existing entry
+ result.first->second = value;
+ return;
+ }
+
+ size_t capacity = map->capacity();
+ if (capacity != storage->reportedMapCapacity) {
+ Heap::heap(this)->reportExtraMemoryCost((capacity - storage->reportedMapCapacity) * (sizeof(unsigned) + sizeof(JSValue)));
+ storage->reportedMapCapacity = capacity;
+ }
return;
}
}
diff --git a/JavaScriptCore/runtime/JSArray.h b/JavaScriptCore/runtime/JSArray.h
index 8c22451..635b142 100644
--- a/JavaScriptCore/runtime/JSArray.h
+++ b/JavaScriptCore/runtime/JSArray.h
@@ -32,6 +32,7 @@ namespace JSC {
unsigned m_numValuesInVector;
SparseArrayValueMap* m_sparseValueMap;
void* lazyCreationData; // A JSArray subclass can use this to fill the vector lazily.
+ size_t reportedMapCapacity;
JSValue m_vector[1];
};
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list