Properly support shrinking arrays in CopyDictionaryToObjectElements.

src/elements.cc

Index: src/elements.cc
diff --git a/src/elements.cc b/src/elements.cc
index 0fc3c539acef86284868548c0a18bec6df849717..26d3dc135cdd9c9b99a1e1921adc671dd405b600 100644
--- a/src/elements.cc
+++ b/src/elements.cc
@@ -199,10 +199,13 @@ static void CopyDictionaryToObjectElements(SeededNumberDictionary* from,
     }
 #endif
   }
-  ASSERT((copy_size + static_cast<int>(to_start)) <= to->length());
   ASSERT(to != from);
   ASSERT(to_kind == FAST_ELEMENTS || to_kind == FAST_SMI_ONLY_ELEMENTS);
   if (copy_size == 0) return;
+  uint32_t to_length = to->length();
+  if (to_start + copy_size > to_length) {

[Michael Starzinger, 2012/04/03 08:13:18]

I suspect that without the cast this will lead to warnings on VSC++. But I am
unsure, so I would just let it run through the buildbots.

+    copy_size = to_length - to_start;
+  }
   for (int i = 0; i < copy_size; i++) {
     int entry = from->FindEntry(i + from_start);
     if (entry != SeededNumberDictionary::kNotFound) {
@@ -356,8 +359,11 @@ static void CopyDictionaryToDoubleElements(SeededNumberDictionary* from,
       }
     }
   }
-  ASSERT(copy_size + static_cast<int>(to_start) <= to->length());
   if (copy_size == 0) return;
+  uint32_t to_length = to->length();
+  if (to_start + copy_size > to_length) {
+    copy_size = to_length - to_start;
+  }
   for (int i = 0; i < copy_size; i++) {
     int entry = from->FindEntry(i + from_start);
     if (entry != SeededNumberDictionary::kNotFound) {