[webkit-reviews] review denied: [Bug 84648] Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray : [Attachment 138492] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 23 21:16:34 PDT 2012
Geoffrey Garen <ggaren at apple.com> has denied Mark Hahnenberg
<mhahnenberg at apple.com>'s request for review:
Bug 84648: Failure to allocate ArrayStorage in emit_op_new_array leads to
poisonous JSArray
https://bugs.webkit.org/show_bug.cgi?id=84648
Attachment 138492: Patch
https://bugs.webkit.org/attachment.cgi?id=138492&action=review
------- Additional Comments from Geoffrey Garen <ggaren at apple.com>
(1) Regression test, please.
(2) A better fix is to allocate the backing store first. That way, no special
branching, and no zombie JSArray.
(3) Please re-verify that this inlining is still a performance win. It's a bit
odd to have an optimization only in the slow JIT.
More information about the webkit-reviews
mailing list