Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog (181946 => 181947)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog 2015-03-25 11:06:41 UTC (rev 181946)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog 2015-03-25 11:19:12 UTC (rev 181947)
@@ -1,3 +1,20 @@
+2015-03-21 Andreas Kling <[email protected]>
+
+ Make UnlinkedFunctionExecutable fit in a 128-byte cell.
+ <https://webkit.org/b/142939>
+
+ Reviewed by Mark Hahnenberg.
+
+ Re-arrange the members of UnlinkedFunctionExecutable so it can fit inside
+ a 128-byte heap cell instead of requiring a 256-byte one.
+
+ Threw in a static_assert to catch anyone pushing it over the limit again.
+
+ * bytecode/UnlinkedCodeBlock.cpp:
+ (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+ * bytecode/UnlinkedCodeBlock.h:
+ (JSC::UnlinkedFunctionExecutable::functionMode):
+
2015-03-20 Yusuke Suzuki <[email protected]>
REGRESSION (r179429): Potential Use after free in _javascript_Core`WTF::StringImpl::ref + 83
Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp (181946 => 181947)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2015-03-25 11:06:41 UTC (rev 181946)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2015-03-25 11:19:12 UTC (rev 181947)
@@ -42,6 +42,8 @@
namespace JSC {
+static_assert(sizeof(UnlinkedFunctionExecutable) <= 128, "UnlinkedFunctionExecutable should fit in a 128-byte cell.");
+
const ClassInfo UnlinkedFunctionExecutable::s_info = { "UnlinkedFunctionExecutable", 0, 0, CREATE_METHOD_TABLE(UnlinkedFunctionExecutable) };
const ClassInfo UnlinkedCodeBlock::s_info = { "UnlinkedCodeBlock", 0, 0, CREATE_METHOD_TABLE(UnlinkedCodeBlock) };
const ClassInfo UnlinkedGlobalCodeBlock::s_info = { "UnlinkedGlobalCodeBlock", &Base::s_info, 0, CREATE_METHOD_TABLE(UnlinkedGlobalCodeBlock) };
@@ -81,9 +83,6 @@
UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM* vm, Structure* structure, const SourceCode& source, FunctionBodyNode* node, UnlinkedFunctionKind kind)
: Base(*vm, structure)
- , m_isInStrictContext(node->isInStrictContext())
- , m_hasCapturedVariables(false)
- , m_isBuiltinFunction(kind == UnlinkedBuiltinFunction)
, m_name(node->ident())
, m_inferredName(node->inferredName())
, m_parameters(node->parameters())
@@ -97,6 +96,9 @@
, m_typeProfilingStartOffset(node->functionKeywordStart())
, m_typeProfilingEndOffset(node->startStartOffset() + node->source().length() - 1)
, m_features(0)
+ , m_isInStrictContext(node->isInStrictContext())
+ , m_hasCapturedVariables(false)
+ , m_isBuiltinFunction(kind == UnlinkedBuiltinFunction)
, m_functionMode(node->functionMode())
{
}
Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h (181946 => 181947)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h 2015-03-25 11:06:41 UTC (rev 181946)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h 2015-03-25 11:19:12 UTC (rev 181947)
@@ -108,7 +108,7 @@
}
size_t parameterCount() const;
bool isInStrictContext() const { return m_isInStrictContext; }
- FunctionMode functionMode() const { return m_functionMode; }
+ FunctionMode functionMode() const { return static_cast<FunctionMode>(m_functionMode); }
JSParserStrictness toStrictness() const
{
if (m_isBuiltinFunction)
@@ -166,10 +166,6 @@
WriteBarrier<UnlinkedFunctionCodeBlock> m_codeBlockForCall;
WriteBarrier<UnlinkedFunctionCodeBlock> m_codeBlockForConstruct;
- bool m_isInStrictContext : 1;
- bool m_hasCapturedVariables : 1;
- bool m_isBuiltinFunction : 1;
-
Identifier m_name;
Identifier m_inferredName;
WriteBarrier<JSString> m_nameValue;
@@ -188,7 +184,10 @@
CodeFeatures m_features;
- FunctionMode m_functionMode;
+ unsigned m_isInStrictContext : 1;
+ unsigned m_hasCapturedVariables : 1;
+ unsigned m_isBuiltinFunction : 1;
+ unsigned m_functionMode : 1; // FunctionMode
protected:
void finishCreation(VM& vm)
