commit 86ea014e835e2cdcb7ea947adce16812849457e3
author msaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Dec 09 18:27:13 2010 +0000
committer msaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Dec 09 18:27:13 2010 +0000
tree a432e186a75be17204502dd2ba19964d3d73f791
parent a97d5476b1177247c39c3b773cf24d9c6e50128b

2010-12-09  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Addressed the "FIXME" issues in array sort for toString() methods that
        mutate the array in either size or contents.  The change is to mark
        the temporary array contents so that they are not garbage collected
        and to make sure the array is large enough to hold the contents
        of the sorted temporary vector.
        https://bugs.webkit.org/show_bug.cgi?id=50718

        * runtime/Collector.cpp:
        (JSC::Heap::addTempSortVector):
        (JSC::Heap::removeTempSortVector):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/Collector.h:
        * runtime/JSArray.cpp:
        (JSC::JSArray::sort):
        * runtime/JSValue.h:
2010-12-09  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        New test to verify that arrays sort per the standard even it
        there is an override for toString() that modifies the array.
        https://bugs.webkit.org/show_bug.cgi?id=50718

        * fast/js/array-sort-modifying-tostring-expected.txt: Added.
        * fast/js/array-sort-modifying-tostring.html: Added.
        * fast/js/script-tests/array-sort-modifying-tostring.js: Added.
        (do_gc):
        (Item):
        (toString_Mutate):
        (test):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73623 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/runtime/Collector.cpp

diff --git a/JavaScriptCore/runtime/Collector.cpp b/JavaScriptCore/runtime/Collector.cpp
index 09a5fa9..f84f18c 100644
--- a/JavaScriptCore/runtime/Collector.cpp
+++ b/JavaScriptCore/runtime/Collector.cpp
@@ -960,6 +960,33 @@
     }
 }
 
+void Heap::pushTempSortVector(Vector<ValueStringPair>* tempVector)
+{
+    m_tempSortingVectors.append(tempVector);
+}
+
+void Heap::popTempSortVector(Vector<ValueStringPair>* tempVector)
+{
+    ASSERT_UNUSED(tempVector, tempVector == m_tempSortingVectors.last());
+    m_tempSortingVectors.removeLast();
+}
+    
+void Heap::markTempSortVectors(MarkStack& markStack)
+{
+    typedef Vector<Vector<ValueStringPair>* > VectorOfValueStringVectors;
+
+    VectorOfValueStringVectors::iterator end = m_tempSortingVectors.end();
+    for (VectorOfValueStringVectors::iterator it = m_tempSortingVectors.begin(); it != end; ++it) {
+        Vector<ValueStringPair>* tempSortingVector = *it;
+
+        Vector<ValueStringPair>::iterator vectorEnd = tempSortingVector->end();
+        for (Vector<ValueStringPair>::iterator vectorIt = tempSortingVector->begin(); vectorIt != vectorEnd; ++vectorIt)
+            if (vectorIt->first)
+                markStack.append(vectorIt->first);
+        markStack.drain();
+    }
+}
+    
 void Heap::clearMarkBits()
 {
     for (size_t i = 0; i < m_heap.usedBlocks; ++i)
@@ -1047,6 +1074,9 @@
 
     // Mark explicitly registered roots.
     markProtectedObjects(markStack);
+    
+    // Mark temporary vector for Array sorting
+    markTempSortVectors(markStack);
 
     // Mark misc. other roots.
     if (m_markListSet && m_markListSet->size())