[Webkit-unassigned] [Bug 194338] New: [JSC] JSSegmentedVariableObject should have the similar layout to JSDestructibleObject to be allocated in destructibleObjectSpace
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 6 02:58:32 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=194338
Bug ID: 194338
Summary: [JSC] JSSegmentedVariableObject should have the
similar layout to JSDestructibleObject to be allocated
in destructibleObjectSpace
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ysuzuki at apple.com
What we want is putting m_classInfo to the same place to JSDestrucitbleObject.
To make it possible, my idea is
1. JSScope has empty pointer size slot just after the header.
2. The subclasses leverage this empty slot.
3. JSSegmentedVariableObject should inherit JSScope directly
4. JSSegmentedVariableObject puts classInfo for this empty slot
5. We get the classInfo in the same place toone in JSDestructibleObject.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190206/d0ea15ce/attachment-0001.html>
More information about the webkit-unassigned
mailing list