Array length property wrap-around

Jeff Walden
Fri Dec 12 17:22:23 PST 2008

I've been looking at the implementation of arrays in SpiderMonkey lately to fix some edge-case bugs in them, and I think there might be simplifications we could make to our code if what's suggested here were codified in ES3.1 or similar.  In particular it would be good not to be forced to represent array indexes as doubles (we currently have some of the same bugs as webkit does because of this), or at least to be able to fail before the first [[Put]] that exceeds the array index limit.  I can see no problems with what has been suggested, although I think ArrayLengthLimit should remain at 2**32-1 to make a uint32_t optimization possible.

What's the next step to see these suggestions, with the modifications noted thereafter, into the next spec draft?


