[Webkit-unassigned] [Bug 175584] We are too conservative about the effects of PushWithScope
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 15 18:18:44 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=175584
--- Comment #5 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 318210
--> https://bugs.webkit.org/attachment.cgi?id=318210
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=318210&action=review
> Source/JavaScriptCore/dfg/DFGClobberize.h:476
> + read(HeapObjectCount);
This reads more things. For example, it needs to read at least enough things to do a type check, to JSCell_typeInfo, JSCell_structureID, etc
Maybe it's good to just say read(World) for now
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170816/cbc2c524/attachment.html>
More information about the webkit-unassigned
mailing list