RESOLVED FIXED 97530
Regression, freeze applied to numeric properties of non-array objects 
https://bugs.webkit.org/show_bug.cgi?id=97530
Summary Regression, freeze applied to numeric properties of non-array objects
Gavin Barraclough
Reported 2012-09-24 23:28:41 PDT
Object.freeze has a fast implementation in JSObject, but this hasn't been updated to take into account numeric properties in butterflies. For now, just fall back to the generic implementation if the object has numeric properties.
Attachments
Fix (3.87 KB, patch)
2012-09-24 23:32 PDT, Gavin Barraclough 		fpizlo: review-
DetailsFormatted DiffDiff
v2 (4.08 KB, patch)
2012-09-24 23:42 PDT, Gavin Barraclough 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2012-09-24 23:32:29 PDT
Created attachment 165530 [details] Fix
Filip Pizlo
Comment 2 2012-09-24 23:38:06 PDT
Comment on attachment 165530 [details] Fix View in context: https://bugs.webkit.org/attachment.cgi?id=165530&action=review > Source/JavaScriptCore/runtime/ObjectConstructor.cpp:407 > + if (isJSFinalObject(object) && !object->getVectorLength()) { What if the object has gone into sparse mode? Then vector length will be zero even though there are indexed properties. I think what you wanted is: hasIndexedProperties(object->structure()->indexingType())
Gavin Barraclough
Comment 3 2012-09-24 23:42:26 PDT
Created attachment 165533 [details] v2 You're right – added a 2nd test case that covers this.
Gavin Barraclough
Comment 4 2012-09-25 00:05:22 PDT
Fixed in r129461
Note You need to log in before you can comment on or make changes to this bug.