2010-12-09 Michael Saboff <msaboff@apple.com>
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Dec 2010 18:27:13 +0000 (18:27 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Dec 2010 18:27:13 +0000 (18:27 +0000)
commit41d4abdd0af622c69c44b1bbdfdaf158f6b4f7a8
treea432e186a75be17204502dd2ba19964d3d73f791
parent280e013a1d64e9b0adee08e1c1e360306768d1c1
2010-12-09  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Addressed the "FIXME" issues in array sort for toString() methods that
        mutate the array in either size or contents.  The change is to mark
        the temporary array contents so that they are not garbage collected
        and to make sure the array is large enough to hold the contents
        of the sorted temporary vector.
        https://bugs.webkit.org/show_bug.cgi?id=50718

        * runtime/Collector.cpp:
        (JSC::Heap::addTempSortVector):
        (JSC::Heap::removeTempSortVector):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/Collector.h:
        * runtime/JSArray.cpp:
        (JSC::JSArray::sort):
        * runtime/JSValue.h:
2010-12-09  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        New test to verify that arrays sort per the standard even it
        there is an override for toString() that modifies the array.
        https://bugs.webkit.org/show_bug.cgi?id=50718

        * fast/js/array-sort-modifying-tostring-expected.txt: Added.
        * fast/js/array-sort-modifying-tostring.html: Added.
        * fast/js/script-tests/array-sort-modifying-tostring.js: Added.
        (do_gc):
        (Item):
        (toString_Mutate):
        (test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@73623 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/runtime/Collector.cpp
JavaScriptCore/runtime/Collector.h
JavaScriptCore/runtime/JSArray.cpp
JavaScriptCore/runtime/JSValue.h
LayoutTests/ChangeLog
LayoutTests/fast/js/array-sort-modifying-tostring-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/array-sort-modifying-tostring.html [new file with mode: 0644]
LayoutTests/fast/js/script-tests/array-sort-modifying-tostring.js [new file with mode: 0644]