putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Feb 2018 05:07:07 +0000 (05:07 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Feb 2018 05:07:07 +0000 (05:07 +0000)
commitd876ae950755ebaaac240c3b0e69b854f96a5fdd
tree08fa713a7c5420444f1e2e8a5117fcc381f450e6
parentbdaaaaebdea52de91aae0da9402f48d1b2368a28
putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode always if attributes are present
https://bugs.webkit.org/show_bug.cgi?id=182755
<rdar://problem/37080864>

Reviewed by Keith Miller.

JSTests:

* stress/always-enter-dictionary-indexing-mode-with-getter.js: Added.
(test1.o.get 10005):
(test1):
(test2.o.get 1000):
(test2):

Source/JavaScriptCore:

putDirectIndexSlowOrBeyondVectorLength with non-zero attributes only converted
the object in question to a dictionary indexing mode when the index is less than
the vector length. This makes no sense. If we're defining a getter, setter, or read
only property, we must always enter the dictionary indexing mode irrespective
of the index in relation to the vector length.

* runtime/JSObject.cpp:
(JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228454 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/always-enter-dictionary-indexing-mode-with-getter.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSObject.cpp