Skip to site navigation (Press enter)

[webkit-changes] [97291] trunk/Source/JavaScriptCore

oliver Wed, 12 Oct 2011 12:50:47 -0700

Title: [97291] trunk/Source/_javascript_Core

Revision: 97291
Author: [email protected]
Date: 2011-10-12 12:51:46 -0700 (Wed, 12 Oct 2011)

Log Message

Global stringStructure caches its prototype chain, abandoning a web page
https://bugs.webkit.org/show_bug.cgi?id=69952


Reviewed by Filip Pizlo.

When visiting a structure, we don't keep the prototype chain
alive if we're not the structure for an object type.

* runtime/Structure.cpp:
(JSC::Structure::visitChildren):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/Structure.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (97290 => 97291)


--- trunk/Source/_javascript_Core/ChangeLog	2011-10-12 19:47:47 UTC (rev 97290)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-10-12 19:51:46 UTC (rev 97291)
@@ -1,3 +1,16 @@
+2011-10-12  Oliver Hunt  <[email protected]>
+
+        Global stringStructure caches its prototype chain, abandoning a web page
+        https://bugs.webkit.org/show_bug.cgi?id=69952
+
+        Reviewed by Filip Pizlo.
+
+        When visiting a structure, we don't keep the prototype chain
+        alive if we're not the structure for an object type.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::visitChildren):
+
 2011-10-12  Yuqiang Xian  <[email protected]>
 
         DFG JIT 32_64 - Fix ArrayPop

Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (97290 => 97291)


--- trunk/Source/_javascript_Core/runtime/Structure.cpp	2011-10-12 19:47:47 UTC (rev 97290)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp	2011-10-12 19:51:46 UTC (rev 97291)
@@ -739,10 +739,14 @@
     JSCell::visitChildren(thisObject, visitor);
     if (thisObject->m_globalObject)
         visitor.append(&thisObject->m_globalObject);
-    if (thisObject->m_prototype)
-        visitor.append(&thisObject->m_prototype);
-    if (thisObject->m_cachedPrototypeChain)
-        visitor.append(&thisObject->m_cachedPrototypeChain);
+    if (!thisObject->isObject())
+        thisObject->m_cachedPrototypeChain.clear();
+    else {
+        if (thisObject->m_prototype)
+            visitor.append(&thisObject->m_prototype);
+        if (thisObject->m_cachedPrototypeChain)
+            visitor.append(&thisObject->m_cachedPrototypeChain);
+    }
     if (thisObject->m_previous)
         visitor.append(&thisObject->m_previous);
     if (thisObject->m_specificValueInPrevious)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes