From f486d19d62f1bc33246748b14b14a9dfa617b57f Mon Sep 17 00:00:00 2001
From: Iain Merrick <husky@google.com>
Date: Thu, 19 Aug 2010 17:55:56 +0100
Subject: Merge WebKit at r65615 : Initial merge by git.

Change-Id: Ifbf384f4531e3b58475a662e38195c2d9152ae79
---
 JavaScriptCore/runtime/JSArray.h | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'JavaScriptCore/runtime/JSArray.h')

diff --git a/JavaScriptCore/runtime/JSArray.h b/JavaScriptCore/runtime/JSArray.h
index f718d7e..9e155d8 100644
--- a/JavaScriptCore/runtime/JSArray.h
+++ b/JavaScriptCore/runtime/JSArray.h
@@ -236,7 +236,7 @@ namespace JSC {
                 current.m_values++;
 
                 JSCell* cell;
-                if (!value || !value.isCell() || Heap::isCellMarked(cell = value.asCell())) {
+                if (!value || !value.isCell() || Heap::checkMarkCell(cell = value.asCell())) {
                     if (current.m_values == end) {
                         m_markSets.removeLast();
                         continue;
@@ -244,7 +244,6 @@ namespace JSC {
                     goto findNextUnmarkedNullValue;
                 }
 
-                Heap::markCell(cell);
                 if (cell->structure()->typeInfo().type() < CompoundType) {
                     if (current.m_values == end) {
                         m_markSets.removeLast();
@@ -262,7 +261,17 @@ namespace JSC {
                 markChildren(m_values.removeLast());
         }
     }
-    
+
+    // Rule from ECMA 15.2 about what an array index is.
+    // Must exactly match string form of an unsigned integer, and be less than 2^32 - 1.
+    inline unsigned Identifier::toArrayIndex(bool& ok) const
+    {
+        unsigned i = toUInt32(ok);
+        if (ok && i >= 0xFFFFFFFFU)
+            ok = false;
+        return i;
+    }
+
 } // namespace JSC
 
 #endif // JSArray_h
-- 
cgit v1.1