Handle boxed length in JSON stringify.

Here is the test that used to fail in Smi::cast: JSON.stringify(new Array(4000000000)); I am not adding the test because it takes huge amount of time before it runs out of memory. R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/247063003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Handle boxed length in JSON stringify.
Here is the test that used to fail in Smi::cast: JSON.stringify(new Array(4000000000)); I am not adding the test because it takes huge amount of time before it runs out of memory. R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/247063003 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1f53decc · jarin@chromium.org · 7e48108f · 1f53decc
Commit 1f53decc authored Apr 23, 2014 by jarin@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 7 deletions

json-stringifier.h src/json-stringifier.h +8 -7

No files found.
--- a/src/json-stringifier.h
+++ b/src/json-stringifier.h
@@ -142,7 +142,7 @@ class BasicJsonStringifier BASE_EMBEDDED {
  INLINE(Result SerializeJSArray(Handle<JSArray> object));
  INLINE(Result SerializeJSObject(Handle<JSObject> object));
-  Result SerializeJSArraySlow(Handle<JSArray> object, int length);
+  Result SerializeJSArraySlow(Handle<JSArray> object, uint32_t length);
  void SerializeString(Handle<String> object);
@@ -569,13 +569,14 @@ BasicJsonStringifier::Result BasicJsonStringifier::SerializeJSArray(
  HandleScope handle_scope(isolate_);
  Result stack_push = StackPush(object);
  if (stack_push != SUCCESS) return stack_push;
-  int length = Smi::cast(object->length())->value();
+  uint32_t length = 0;
+  CHECK(object->length()->ToArrayIndex(&length));
  Append('[');
  switch (object->GetElementsKind()) {
    case FAST_SMI_ELEMENTS: {
      Handle<FixedArray> elements(
          FixedArray::cast(object->elements()), isolate_);
-      for (int i = 0; i < length; i++) {
+      for (uint32_t i = 0; i < length; i++) {
        if (i > 0) Append(',');
        SerializeSmi(Smi::cast(elements->get(i)));
      }
@@ -584,7 +585,7 @@ BasicJsonStringifier::Result BasicJsonStringifier::SerializeJSArray(
    case FAST_DOUBLE_ELEMENTS: {
      Handle<FixedDoubleArray> elements(
          FixedDoubleArray::cast(object->elements()), isolate_);
-      for (int i = 0; i < length; i++) {
+      for (uint32_t i = 0; i < length; i++) {
        if (i > 0) Append(',');
        SerializeDouble(elements->get_scalar(i));
      }
@@ -593,7 +594,7 @@ BasicJsonStringifier::Result BasicJsonStringifier::SerializeJSArray(
    case FAST_ELEMENTS: {
      Handle<FixedArray> elements(
          FixedArray::cast(object->elements()), isolate_);
-      for (int i = 0; i < length; i++) {
+      for (uint32_t i = 0; i < length; i++) {
        if (i > 0) Append(',');
        Result result =
            SerializeElement(isolate_,
@@ -625,8 +626,8 @@ BasicJsonStringifier::Result BasicJsonStringifier::SerializeJSArray(
 BasicJsonStringifier::Result BasicJsonStringifier::SerializeJSArraySlow(
-    Handle<JSArray> object, int length) {
+    Handle<JSArray> object, uint32_t length) {
-  for (int i = 0; i < length; i++) {
+  for (uint32_t i = 0; i < length; i++) {
    if (i > 0) Append(',');
    Handle<Object> element;
    ASSIGN_RETURN_ON_EXCEPTION_VALUE(