[webkit-changes] [206886] tags/Safari-603.1.8/Source/JavaScriptCore

Thu, 06 Oct 2016 15:47:25 -0700

Title: [206886] tags/Safari-603.1.8/Source/_javascript_Core
Revision
206886
Author
[email protected]
Date
2016-10-06 15:47:47 -0700 (Thu, 06 Oct 2016)

Log Message

Merge r206885. rdar://problem/28609241


Modified Paths

Diff

Modified: tags/Safari-603.1.8/Source/_javascript_Core/ChangeLog (206885 => 206886)


--- tags/Safari-603.1.8/Source/_javascript_Core/ChangeLog	2016-10-06 22:40:37 UTC (rev 206885)
+++ tags/Safari-603.1.8/Source/_javascript_Core/ChangeLog	2016-10-06 22:47:47 UTC (rev 206886)
@@ -1,3 +1,21 @@
+2016-10-06  Matthew Hanson  <[email protected]>
+
+        Merge r206885. rdar://problem/28609241
+
+    2016-10-06  Saam Barati  <[email protected]>
+
+            HasOwnPropertyCache flattening dictionaries is causing insane memory usage with the uBlock Safari extension
+            https://bugs.webkit.org/show_bug.cgi?id=163091
+
+            Reviewed by Mark Lam.
+
+            I'm investigating a real fix for this in:
+            https://bugs.webkit.org/show_bug.cgi?id=163092
+            However, it's best to get this out of trunk for now.
+
+            * runtime/HasOwnPropertyCache.h:
+            (JSC::HasOwnPropertyCache::tryAdd):
+
 2016-10-05  Csaba Osztrogonác  <[email protected]>
 
         ARM EABI buildfix after r206778

Modified: tags/Safari-603.1.8/Source/_javascript_Core/runtime/HasOwnPropertyCache.h (206885 => 206886)


--- tags/Safari-603.1.8/Source/_javascript_Core/runtime/HasOwnPropertyCache.h	2016-10-06 22:40:37 UTC (rev 206885)
+++ tags/Safari-603.1.8/Source/_javascript_Core/runtime/HasOwnPropertyCache.h	2016-10-06 22:47:47 UTC (rev 206886)
@@ -94,9 +94,9 @@
             && structure->propertyAccessesAreCacheable()
             && (!slot.isUnset() || structure->propertyAccessesAreCacheableForAbsence())) {
             if (structure->isDictionary()) {
-                if (structure->hasBeenFlattenedBefore())
-                    return;
-                object->flattenDictionaryObject(vm);
+                // FIXME: We should be able to flatten a dictionary object again.
+                // https://bugs.webkit.org/show_bug.cgi?id=163092
+                return;
             }
 
             ASSERT(!result == slot.isUnset());

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to