RESOLVED FIXED 80217
Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. 
https://bugs.webkit.org/show_bug.cgi?id=80217
Summary Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
Gavin Barraclough
Reported 2012-03-03 17:39:53 PST
putByIndex() provides similar behavior to put(), but for indexed property names. Many places in ArrayPrototype call putByIndex() where they really mean to call [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be calling numeric accessors (& respecting numeric read only properties) on the prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
Attachments
Fix (13.09 KB, patch)
2012-03-03 17:42 PST, Gavin Barraclough 		fpizlo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2012-03-03 17:42:26 PST
Created attachment 130012 [details] Fix No new tests – this does not yet change behavior (errors were not reachable, since ArrayPrototype is always creating new properties).
WebKit Review Bot
Comment 2 2012-03-03 17:45:26 PST
Attachment 130012 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source..." exit_code: 1 Source/JavaScriptCore/runtime/JSArray.h:168: Place brace on its own line for function definitions. [whitespace/braces] [4] Source/JavaScriptCore/runtime/JSArray.h:298: The parameter name "exec" adds no information, so it should be removed. [readability/parameter_name] [5] Source/JavaScriptCore/runtime/JSArray.h:298: The parameter name "value" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 3 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.
Gavin Barraclough
Comment 3 2012-03-03 21:56:46 PST
Fixed in r109673
Note You need to log in before you can comment on or make changes to this bug.