Bug 112187

Summary:

Array.prototype.sort should at least try to be PTIME even when the array is in some bizarre mode

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	msaboff: review+

Filip Pizlo

Reported 2013-03-12 14:15:15 PDT

Try this: var array = []; array[1000000] = 42; array.sort(); This program will not run in PTIME. It will, in fact, likely not terminate in any sensible amount of time. Patch forthcoming.

Attachments
the patch (12.07 KB, patch) 2013-03-12 16:11 PDT, Filip Pizlo	msaboff: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2013-03-12 16:11:33 PDT

Created attachment 192831 [details] the patch

Michael Saboff

Comment 2 2013-03-12 16:34:23 PDT

Comment on attachment 192831 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=192831&action=review Any performance impact? > Source/JavaScriptCore/ChangeLog:17 > + (JSC): Remove

Gavin Barraclough

Comment 3 2013-03-12 16:58:40 PDT

Comment on attachment 192831 [details] the patch As discussed, new global object please! r is me.

Filip Pizlo

Comment 4 2013-03-12 17:20:17 PDT

Landed in http://trac.webkit.org/changeset/145628

Note You need to log in before you can comment on or make changes to this bug.