RESOLVED FIXED 25477
[ES5] Sorting a non-array creates propreties (spec-violation) 
https://bugs.webkit.org/show_bug.cgi?id=25477
Summary [ES5] Sorting a non-array creates propreties (spec-violation)
Lasse Reichstein Holst Nielsen
Reported 2009-04-29 23:57:01 PDT
Sorting a sparse non-array object will create properties with the value "undefined" instead of deleting existing properties. Example: [].sort.call({length:5,2:42}).hasOwnProperty(2) The resulting object has the form {length:5, 0:42, 2:undefined}. According to the specification, the "2" property should not exist.
Attachments
Fix (4.20 KB, patch)
2012-09-23 00:10 PDT, Gavin Barraclough 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2009-05-01 03:51:56 PDT
Do we also disagree with IE and/or Firefox here?
Lasse Reichstein Holst Nielsen
Comment 2 2009-05-01 04:38:57 PDT
IE 7 and Firefox 3.08 both give "false" on the example expression (the expected result), where JSC gives "true". It is probably an articfact of the handling of objects with inherited array indices in Array.prototype.sort.
Gavin Barraclough
Comment 3 2012-09-23 00:10:49 PDT
Created attachment 165283 [details] Fix
Sam Weinig
Comment 4 2012-09-23 00:13:12 PDT
Comment on attachment 165283 [details] Fix Tests?
Oliver Hunt
Comment 5 2012-09-23 12:04:14 PDT
Comment on attachment 165283 [details] Fix r+ but are we repeatedly retrieving the methodTable? It seems like we could retrieve it just once and be done...
Geoffrey Garen
Comment 6 2012-09-23 15:00:52 PDT
/me agrees with Sam Weinig.
Gavin Barraclough
Comment 7 2012-09-23 15:29:12 PDT
(In reply to comment #5) > (From update of attachment 165283 [details]) > r+ but are we repeatedly retrieving the methodTable? It seems like we could retrieve it just once and be done... Ugh, I'm going to ignore that. :-) (1) It goes against the direction I'd like us to go for methodTable() access - we should be able to add wrappers to JSCell that automatically call via the method table, to avoid the code duplication everywhere. (2) That may not matter – the C compiler may alias the loads. We should only manually fold the methodTable() accesses if profiling indicates this is important. (3) This is array::sort applied to a non-array object – if performance matters we should throw away the internet and start again. :-) You're right, might be a useful optimization in some places – I hope not though.
Gavin Barraclough
Comment 8 2012-09-23 15:29:49 PDT
(In reply to comment #4) > (From update of attachment 165283 [details]) > Tests? Ooops, I did add a couple of tests, they seem not to be in the patch I added. Oh well, they'll be there when I land. :-)
Gavin Barraclough
Comment 9 2012-09-23 22:34:23 PDT
Fixed in r129317
Note You need to log in before you can comment on or make changes to this bug.