[Webkit-unassigned] [Bug 54524] Allow JSObject to fully utilize cell's capacity for inline storage.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 16 12:08:50 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=54524
Geoffrey Garen <ggaren at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #82592|review? |review-
Flag| |
--- Comment #5 from Geoffrey Garen <ggaren at apple.com> 2011-02-16 12:08:50 PST ---
(From update of attachment 82592)
View in context: https://bugs.webkit.org/attachment.cgi?id=82592&action=review
r=me if you fix the build.
> Source/JavaScriptCore/ChangeLog:17
> + and only allows construction through JSFinalObject::create().
I think you should mention the reason for this change -- now all objects have a direct pointer to their storage, and lea shenanigans are not required.
> Source/JavaScriptCore/runtime/JSObject.h:298
> +COMPILE_ASSERT((JSFinalObject_inlineStorageCapacity >= JSNonFinalObject_inlineStorageCapacity), vanilla_storage_is_at_least_as_large_as_non_vanilla);
s/vanilla/final/
> Source/JavaScriptCore/runtime/JSTypeInfo.h:73
> + unsigned isVanilla() const { return m_flags2 && (IsJSFinalObject >> 8); }
s/Vanilla/Final/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list