[webkit-changes] [206885] trunk/Source/JavaScriptCore

[sbarati]

Title: [206885] trunk/Source/_javascript_Core

Revision

206885

Author

sbar...@apple.com

Date

2016-10-06 15:40:37 -0700 (Thu, 06 Oct 2016)

Log Message

HasOwnPropertyCache flattening dictionaries is causing insane memory usage with the uBlock Safari extension
https://bugs.webkit.org/show_bug.cgi?id=163091

Reviewed by Mark Lam.

I'm investigating a real fix for this in:
https://bugs.webkit.org/show_bug.cgi?id=163092
However, it's best to get this out of trunk for now.

* runtime/HasOwnPropertyCache.h:
(JSC::HasOwnPropertyCache::tryAdd):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/HasOwnPropertyCache.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (206884 => 206885)

--- trunk/Source/_javascript_Core/ChangeLog	2016-10-06 21:40:38 UTC (rev 206884)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-10-06 22:40:37 UTC (rev 206885)
@@ -1,3 +1,17 @@
+2016-10-06  Saam Barati  <sbar...@apple.com>
+
+        HasOwnPropertyCache flattening dictionaries is causing insane memory usage with the uBlock Safari extension
+        https://bugs.webkit.org/show_bug.cgi?id=163091
+
+        Reviewed by Mark Lam.
+
+        I'm investigating a real fix for this in:
+        https://bugs.webkit.org/show_bug.cgi?id=163092
+        However, it's best to get this out of trunk for now.
+
+        * runtime/HasOwnPropertyCache.h:
+        (JSC::HasOwnPropertyCache::tryAdd):
+
 2016-10-06  Keith Miller  <keith_mil...@apple.com>
 
         getInternalObjcObject should validate the JSManagedObject's value.

Modified: trunk/Source/_javascript_Core/runtime/HasOwnPropertyCache.h (206884 => 206885)

--- trunk/Source/_javascript_Core/runtime/HasOwnPropertyCache.h	2016-10-06 21:40:38 UTC (rev 206884)
+++ trunk/Source/_javascript_Core/runtime/HasOwnPropertyCache.h	2016-10-06 22:40:37 UTC (rev 206885)
@@ -94,9 +94,9 @@
             && structure->propertyAccessesAreCacheable()
             && (!slot.isUnset() || structure->propertyAccessesAreCacheableForAbsence())) {
             if (structure->isDictionary()) {
-                if (structure->hasBeenFlattenedBefore())
-                    return;
-                object->flattenDictionaryObject(vm);
+                // FIXME: We should be able to flatten a dictionary object again.
+                // https://bugs.webkit.org/show_bug.cgi?id=163092
+                return;
             }
 
             ASSERT(!result == slot.isUnset());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes