[Webkit-unassigned] [Bug 144000] Don't de-allocate FunctionRareData
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 21 15:51:37 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=144000
Michael Saboff <msaboff at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #251263|review? |review-
Flags| |
--- Comment #2 from Michael Saboff <msaboff at apple.com> ---
Comment on attachment 251263
--> https://bugs.webkit.org/attachment.cgi?id=251263
The patch
View in context: https://bugs.webkit.org/attachment.cgi?id=251263&action=review
r-.
Almost there.
> Source/JavaScriptCore/ChangeLog:7
> +
Please provide why you made this change and a summary of what you did.
> Source/JavaScriptCore/runtime/FunctionRareData.cpp:-82
> - Base::finishCreation(vm);
Where do we call the super class finishCreation?
> Source/JavaScriptCore/runtime/JSFunction.cpp:113
> + VM& vm = exec->vm();
Add an ASSERT that m_rareData is not set.
> Source/JavaScriptCore/runtime/JSFunction.cpp:401
> + thisObject->m_rareData->allocationProfile()->clear();
> thisObject->m_rareData->allocationProfileWatchpointSet().fireAll("Store to prototype property of a function");
Encapsulate this code in a FunctionRareData::clear() or FunctionRareData::clearAllocationProfile() method.
> Source/JavaScriptCore/runtime/JSFunction.cpp:450
> + thisObject->m_rareData->allocationProfile()->clear();
> thisObject->m_rareData->allocationProfileWatchpointSet().fireAll("Store to prototype property of a function");
Ditto.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150421/db435e6f/attachment-0001.html>
More information about the webkit-unassigned
mailing list