Commit c1fb8e4e authored by ggaren@apple.com's avatar ggaren@apple.com

2010-01-08 Geoffrey Garen <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Memory use grows grows possibly unbounded in this JavaScript Array test case
        https://bugs.webkit.org/show_bug.cgi?id=31675

        This fixes one observed bug in this test case, which is that
        arrays don't report extra cost for the sparse value maps.

        SunSpider reports a small speedup.

        * runtime/JSArray.cpp:
        (JSC::JSArray::putSlowCase): Report extra memory cost for
        the sparse value map.
        * runtime/JSArray.h: 


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53025 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 6905bc76
2010-01-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Memory use grows grows possibly unbounded in this JavaScript Array test case
https://bugs.webkit.org/show_bug.cgi?id=31675
This fixes one observed bug in this test case, which is that
arrays don't report extra cost for the sparse value maps.
SunSpider reports a small speedup.
* runtime/JSArray.cpp:
(JSC::JSArray::putSlowCase): Report extra memory cost for
the sparse value map.
* runtime/JSArray.h:
2010-01-08 Yong Li <yoli@rim.com>
Reviewed by Darin Adler.
......
......@@ -329,13 +329,24 @@ NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue valu
}
// We miss some cases where we could compact the storage, such as a large array that is being filled from the end
// (which will only be compacted as we reach indices that are less than cutoff) - but this makes the check much faster.
// (which will only be compacted as we reach indices that are less than MIN_SPARSE_ARRAY_INDEX) - but this makes the check much faster.
if ((i > MAX_STORAGE_VECTOR_INDEX) || !isDenseEnoughForVector(i + 1, storage->m_numValuesInVector + 1)) {
if (!map) {
map = new SparseArrayValueMap;
storage->m_sparseValueMap = map;
}
map->set(i, value);
pair<SparseArrayValueMap::iterator, bool> result = map->add(i, value);
if (!result.second) { // pre-existing entry
result.first->second = value;
return;
}
size_t capacity = map->capacity();
if (capacity != storage->reportedMapCapacity) {
Heap::heap(this)->reportExtraMemoryCost((capacity - storage->reportedMapCapacity) * (sizeof(unsigned) + sizeof(JSValue)));
storage->reportedMapCapacity = capacity;
}
return;
}
}
......
......@@ -32,6 +32,7 @@ namespace JSC {
unsigned m_numValuesInVector;
SparseArrayValueMap* m_sparseValueMap;
void* lazyCreationData; // A JSArray subclass can use this to fill the vector lazily.
size_t reportedMapCapacity;
JSValue m_vector[1];
};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment