https://bugs.webkit.org/show_bug.cgi?id=75610

Reviewed by Sam Weinig.

Array object commonly store data in a vector, consisting of a portion that is
in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
amount of memory, whilst having a relatively small active length.

* runtime/JSArray.cpp:
(JSC::JSArray::increaseVectorLength):
    - If m_indexBias is non-zero, decay it over time.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104184 268f45cc-cd09-0410-ab3c-d52691b4dbfc