Array.prototype.concat result length (ES5.1)
brendan at mozilla.com
Thu Jul 14 13:54:58 PDT 2011
On Jul 14, 2011, at 12:35 PM, Allen Wirfs-Brock wrote:
> What about the possibility of simply eliminating the range error and the Uint32 restriction on the association between array indexed properties and the "length" property. Instead replace it with a ToInteger constraint. This is essentially how string operations are defined. Implementations could still optimize for lengths <2^32 and or any other size they deemed appropriate.
I would prefer that. Jeff may agree.
The uint32 business from ES1 days never paid off beyond allowing certain storage optimizations, and even then many (most?) engines do not optimize uint32 values. It was a flop on the optimization front, but it sure requires extra code in Array's implementation.
ToInteger matches string and makes full use of the integral domain in the number type.
The edge-case nature of this change suggests we could get away with it, even though it's an incompatible change. But we need to be careful that we're not turning errors into working code that could be exploited somehow. Again there is no memory safety issue, rather "index safety".
More information about the es-discuss