[Webkit-unassigned] [Bug 30372] Make typeinfo flags default to false
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 20 02:26:27 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30372
Gabor Loki <loki at inf.u-szeged.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #41491| |review?
Flag| |
--- Comment #8 from Gabor Loki <loki at inf.u-szeged.hu> 2009-10-20 02:26:26 PDT ---
Created an attachment (id=41491)
--> (https://bugs.webkit.org/attachment.cgi?id=41491)
Move OverridesMarkChildren flag from DatePrototype to its parent class
The following simple JS fails on ARM JIT (JSValue32):
---
[new Date()]
gc()
---
It looks like JSWrapperObject::markChildren was called for DateInstance in
JSArray, but the m_internalValue was already on anonymous slots.
The attached patch fixes this issue by moving OverridesMarkChildren flag from
DatePrototype to DateInstance.
BTW, is there any delivered class which should still use
JSWrapperObject::markChildren?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list