-
barraclough@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=80217 Reviewed by Filip Pizlo. putByIndex() provides similar behavior to put(), but for indexed property names. Many places in ArrayPrototype call putByIndex() where they really mean to call [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be calling numeric accessors (& respecting numeric read only properties) on the prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncConcat): (JSC::arrayProtoFuncSlice): (JSC::arrayProtoFuncFilter): (JSC::arrayProtoFuncMap): * runtime/JSArray.cpp: (JSC): (JSC::reject): (JSC::SparseArrayValueMap::putDirect): (JSC::JSArray::defineOwnNumericProperty): (JSC::JSArray::putByIndexBeyondVectorLength): (JSC::JSArray::putDirectIndexBeyondVectorLength): * runtime/JSArray.h: (SparseArrayValueMap): (JSArray): (JSC::JSArray::putDirectIndex): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
cd37404e