[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 12:33:38 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 0ef5abd38c59ea61b0f3ddb381af637e1fb484a5
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Aug 25 11:03:26 2010 +0000
2010-08-25 Michael Saboff <msaboff at apple.com>
Reviewed by Geoffrey Garen.
Changed the initial and subsequent allocation of vector storage to
Array()s. The changes are to limit sparse arrays to 100000 entries
and fixed the sparse map to vector storage conversion to use the
minimum amount of memory needed to store the current number of entries.
These changes address https://bugs.webkit.org/show_bug.cgi?id=43707
* runtime/JSArray.cpp:
(JSC::JSArray::putSlowCase):
(JSC::JSArray::getNewVectorLength):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66004 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 28fc29d..327753c 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-08-25 Michael Saboff <msaboff at apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Changed the initial and subsequent allocation of vector storage to
+ Array()s. The changes are to limit sparse arrays to 100000 entries
+ and fixed the sparse map to vector storage conversion to use the
+ minimum amount of memory needed to store the current number of entries.
+ These changes address https://bugs.webkit.org/show_bug.cgi?id=43707
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::getNewVectorLength):
+
2010-08-16 Gabor Loki <loki at webkit.org>
Reviewed by Gavin Barraclough.
diff --git a/JavaScriptCore/runtime/JSArray.cpp b/JavaScriptCore/runtime/JSArray.cpp
index 9c3570b..55aa327 100644
--- a/JavaScriptCore/runtime/JSArray.cpp
+++ b/JavaScriptCore/runtime/JSArray.cpp
@@ -421,9 +421,10 @@ NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue valu
if (i >= MIN_SPARSE_ARRAY_INDEX)
newNumValuesInVector -= map->contains(i);
if (isDenseEnoughForVector(newVectorLength, newNumValuesInVector)) {
+ unsigned needLength = max(i + 1, storage->m_length);
unsigned proposedNewNumValuesInVector = newNumValuesInVector;
// If newVectorLength is already the maximum - MAX_STORAGE_VECTOR_LENGTH - then do not attempt to grow any further.
- while (newVectorLength < MAX_STORAGE_VECTOR_LENGTH) {
+ while ((newVectorLength < needLength) && (newVectorLength < MAX_STORAGE_VECTOR_LENGTH)) {
unsigned proposedNewVectorLength = getNewVectorLength(newVectorLength + 1);
for (unsigned j = max(newVectorLength, MIN_SPARSE_ARRAY_INDEX); j < proposedNewVectorLength; ++j)
proposedNewNumValuesInVector += map->contains(j);
@@ -553,10 +554,10 @@ ALWAYS_INLINE unsigned JSArray::getNewVectorLength(unsigned desiredLength)
ASSERT(desiredLength <= MAX_STORAGE_VECTOR_LENGTH);
unsigned increasedLength;
- unsigned length = m_storage->m_length;
+ unsigned maxInitLength = min(m_storage->m_length, 100000U);
- if (desiredLength < length)
- increasedLength = length;
+ if (desiredLength < maxInitLength)
+ increasedLength = maxInitLength;
else if (!m_vectorLength)
increasedLength = max(desiredLength, lastArraySize);
else {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list