Closed
Bug 457920
Opened 16 years ago
Closed 16 years ago
regexp-dna.js and generality want JSOP_GETELEM(dense array, "0")
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9.1
People
(Reporter: brendan, Assigned: brendan)
Details
(Keywords: verified1.9.1)
Attachments
(2 files)
17.33 KB,
patch
|
gal
:
review+
mrbkap
:
review+
|
Details | Diff | Splinter Review |
13.80 KB,
patch
|
Details | Diff | Splinter Review |
And so on -- for-in loops produce string property names, not uints, but array_getProperty can cope. So must TM. /be
Assignee | ||
Comment 1•16 years ago
|
||
This patch guards on holes in dense arrays. We can't see through them, except in the general case of obj[str] = foo where obj is a dense array -- in that case the Array_dense_setelem built-in, like the interpreter's JSOP_SETELEM case, will test the new runtime-wide anyArrayProtoHasElement flag and cope. On the up side, this uses LIR_ult to combine two guards into one under guardDenseArrayIndex. /be
Attachment #341340 -
Flags: review?(gal)
Assignee | ||
Comment 2•16 years ago
|
||
Correctness issues discovered and patched here, needed for b2. /be
Flags: blocking1.9.1?
Priority: -- → P1
Updated•16 years ago
|
Attachment #341340 -
Flags: review?(mrbkap)
Comment 3•16 years ago
|
||
Comment on attachment 341340 [details] [diff] [review] proposed fix Need a 2nd pair of eyes for the interpreter side of things. Blake?
Updated•16 years ago
|
Attachment #341340 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 4•16 years ago
|
||
Comment 5•16 years ago
|
||
Comment on attachment 341340 [details] [diff] [review] proposed fix I am unsure about this part: - guard(false, lir->ins_eq0(dslots_ins), MISMATCH_EXIT); Maybe you could add a code comment why thats not necessary.
Attachment #341340 -
Flags: review?(gal) → review+
Assignee | ||
Comment 6•16 years ago
|
||
Commented and committed, but I didn't check for orange first! Something committed before 21:02:51 seems to have turned the TraceMonkey Windows box orange. http://hg.mozilla.org/tracemonkey/rev/98d37f459fef /be
Assignee | ||
Comment 7•16 years ago
|
||
Orange looks like sync xhr test flapping, went green again. Hope it's gone when we update from m-c next. /be
Assignee | ||
Comment 8•16 years ago
|
||
Fixed on m-c: http://hg.mozilla.org/mozilla-central/rev/98d37f459fef /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Keywords: fixed1.9.1
Comment 9•15 years ago
|
||
Seeing as there hasn't been any discussions about this bug for 5 months, I'm guessing there aren't any residual issues. I'm moving this to verified as a result. If anyone has any qualms, feel free to bring them up.
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•