Bug 112187

Summary:

Array.prototype.sort should at least try to be PTIME even when the array is in some bizarre mode

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	msaboff: review+

Description Filip Pizlo 2013-03-12 14:15:15 PDT

Try this:

var array = [];
array[1000000] = 42;
array.sort();

This program will not run in PTIME.  It will, in fact, likely not terminate in any sensible amount of time.

Patch forthcoming.

Comment 1 Filip Pizlo 2013-03-12 16:11:33 PDT

Created attachment 192831 [details]
the patch

Comment 2 Michael Saboff 2013-03-12 16:34:23 PDT

Comment on attachment 192831 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192831&action=review

Any performance impact?

> Source/JavaScriptCore/ChangeLog:17
> +        (JSC):

Remove

Comment 3 Gavin Barraclough 2013-03-12 16:58:40 PDT

Comment on attachment 192831 [details]
the patch

As discussed, new global object please! r is me.

Comment 4 Filip Pizlo 2013-03-12 17:20:17 PDT

Landed in http://trac.webkit.org/changeset/145628