#3802 — 9.4.2.2 ArrayCreate checks length is <=2^32-1, whereas everything else checks for Number.MAX_SAFE_INTEGER

bug_id: 3802
creation_ts: 2015-02-09 11:05:00 -0800
short_desc: 9.4.2.2 ArrayCreate checks length is <=2^32-1, whereas everything else checks for Number.MAX_SAFE_INTEGER
delta_ts: 2015-02-11 10:32:30 -0800
product: Draft for 6th Edition
component: technical issue
version: Rev 32: February 2, 2015 Draft
rep_platform: All
op_sys: All
bug_status: RESOLVED
resolution: INVALID
priority: Normal
bug_severity: enhancement
everconfirmed: true
reporter: Chris Toshok
assigned_to: Allen Wirfs-Brock

commentid: 12258
comment_count: 0
who: Chris Toshok
bug_when: 2015-02-09 11:05:58 -0800

everywhere else where integers are range checked before creating/modifying arrays, the check is against 2^53-1, such as

Array.prototype.concat:
7.d.iv. If n + len > 2^53-1, throw a TypeError exception.

Array.prototype.push:
7. If len + argCount ≥ 2^53-1, throw a TypeError exception.

...

But ArrayCreate checks against 2^31-1:
3. If length>2^32-1, throw a RangeError exception.

shouldn't this also be ">2^53-1" instead?

commentid: 12259
comment_count: 1
who: Allen Wirfs-Brock
bug_when: 2015-02-09 12:17:53 -0800

nope, Array's instances are explicitly limited to a length of 2^32-1 because of legacy compatibility issues.

However, the generic array methods, which can be used with non-Array instances use the larger limit. When they are applied to actual array instances they should wrap (in a legacy compatible manner) because of the ToUint32 call in the [[DefineOwnProperty]] internal method of exotic array objects.

archives

#3802 — 9.4.2.2 ArrayCreate checks length is <=2^32-1, whereas everything else checks for Number.MAX_SAFE_INTEGER