<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><span class="vcard"><a class="email" href="mailto:msaboff&#64;apple.com" title="Michael Saboff &lt;msaboff&#64;apple.com&gt;"> <span class="fn">Michael Saboff</span></a>
</span> changed
              <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Don't de-allocate FunctionRareData"
   href="https://bugs.webkit.org/show_bug.cgi?id=144000">bug 144000</a>
        <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Attachment #251263 Flags</td>
           <td>review?
           </td>
           <td>review-
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Don't de-allocate FunctionRareData"
   href="https://bugs.webkit.org/show_bug.cgi?id=144000#c2">Comment # 2</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Don't de-allocate FunctionRareData"
   href="https://bugs.webkit.org/show_bug.cgi?id=144000">bug 144000</a>
              from <span class="vcard"><a class="email" href="mailto:msaboff&#64;apple.com" title="Michael Saboff &lt;msaboff&#64;apple.com&gt;"> <span class="fn">Michael Saboff</span></a>
</span></b>
        <pre>Comment on <span class=""><a href="attachment.cgi?id=251263&amp;action=diff" name="attach_251263" title="The patch">attachment 251263</a> <a href="attachment.cgi?id=251263&amp;action=edit" title="The patch">[details]</a></span>
The patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=251263&amp;action=review">https://bugs.webkit.org/attachment.cgi?id=251263&amp;action=review</a>

r-.
Almost there.

<span class="quote">&gt; Source/JavaScriptCore/ChangeLog:7
&gt; +</span >

Please provide why you made this change and a summary of what you did.

<span class="quote">&gt; Source/JavaScriptCore/runtime/FunctionRareData.cpp:-82
&gt; -    Base::finishCreation(vm);</span >

Where do we call the super class finishCreation?

<span class="quote">&gt; Source/JavaScriptCore/runtime/JSFunction.cpp:113
&gt; +    VM&amp; vm = exec-&gt;vm();</span >

Add an ASSERT that m_rareData is not set.

<span class="quote">&gt; Source/JavaScriptCore/runtime/JSFunction.cpp:401
&gt; +            thisObject-&gt;m_rareData-&gt;allocationProfile()-&gt;clear();
&gt;              thisObject-&gt;m_rareData-&gt;allocationProfileWatchpointSet().fireAll(&quot;Store to prototype property of a function&quot;);</span >

Encapsulate this code in a FunctionRareData::clear() or FunctionRareData::clearAllocationProfile() method.

<span class="quote">&gt; Source/JavaScriptCore/runtime/JSFunction.cpp:450
&gt; +            thisObject-&gt;m_rareData-&gt;allocationProfile()-&gt;clear();
&gt;              thisObject-&gt;m_rareData-&gt;allocationProfileWatchpointSet().fireAll(&quot;Store to prototype property of a function&quot;);</span >

Ditto.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>