-
barraclough@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=75610 Reviewed by Sam Weinig. Array object commonly store data in a vector, consisting of a portion that is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and the current algorithm for increaseVectorLength (used by push, or [[Put]]) will never shrink the pre-capacity, so a push/shift fifo may consume an inordinate amount of memory, whilst having a relatively small active length. * runtime/JSArray.cpp: (JSC::JSArray::increaseVectorLength): - If m_indexBias is non-zero, decay it over time. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104184 268f45cc-cd09-0410-ab3c-d52691b4dbfc
a4c41fd7