| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f
Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
corruption
Reviewed by Oliver Hunt.
When we flatten an object in dictionary mode, we compact its properties. If the object
had out-of-line storage in the form of a Butterfly prior to this compaction, and after
compaction its properties fit inline, the object's Structure "forgets" that the object
has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes
with bytes = 0, which causes all sorts of badness in CopiedSpace.
Instead, after we flatten a dictionary, if properties fit inline we should clear the
Butterfly pointer so that the GC doesn't get confused later.
This patch does this clearing, and it also adds JSObject::checkStructure, which overrides
JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned
agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check
that the number of bytes reported to SlotVisitor::copyLater is non-zero.
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/JSObject.cpp:
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::genericConvertDoubleToContiguous):
(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::setPrototype):
(JSC::JSObject::putDirectAccessor):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyStaticFunctionsForDelete):
(JSC::JSObject::removeDirect):
* runtime/JSObject.h:
(JSC::JSObject::setButterfly):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::setStructure):
(JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
Change-Id: Idfd8c22555f4373c1104316ff1ee28f5f84ef083
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154366 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |
|
|
|
|
|
| |
Importing a new snapshot of webkit.
Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.webkit.org/show_bug.cgi?id=107728
Reviewed by Filip Pizlo.
Add a bunch of assertions to array and object butterfly
usage. This should make debugging somewhat easier.
I also converted a couple of assertions to release asserts
as they were so low cost it seemed a sensible thing to do.
* runtime/JSArray.cpp:
(JSC::JSArray::sortVector):
(JSC::JSArray::compactForSorting):
* runtime/JSObject.h:
(JSC::JSObject::getHolyIndexQuickly):
Change-Id: Ie6164b837e7671b87c003de3e29fd33ef05f4362
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141029 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JSC::JSCell::classInfo is defined inline in JSDestructibleObject.h but
not all the classes that that inherit directly from JSCell include
JSDestructibleObject.h.
Move JSC::JSCell::classInfo from JSDestructibleObject.h into JSObject.h
to resolve the undefined reference errors when compiling with MinGW-w64.
JSDestructibleObject.h is already removed upstream in SVN r128851 but
the commit has a lot of other changes which don't apply cleanly.
Task-number: QTBUG-27764
Change-Id: I75b13c93dd13a346e672ca76fd7b23a616653a79
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
Reviewed-by: Alexey Pavlov <alexey.pawlow@gmail.com>
|
| |
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@135485)
Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@133952)
Revert back to an older snapshot that should build on ARM
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@134025)
New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@133733)
New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.
|
| |
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@131592)
New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well
as the previously cherry-picked changes
|
| |
|
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@131300)"
This reverts commit 5466563f4b5b6b86523e3f89bb7f77e5b5270c78.
Caused OOM issues on some CI machines :(
|
| |
|
|
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@131300)
WebKit update which introduces the QtWebKitWidgets module that contains the WK1
widgets based API. (In fact it renames QtWebKit to QtWebKitWidgets while we're
working on completing the entire split as part of
https://bugs.webkit.org/show_bug.cgi?id=99314
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@129610)
New snapshot that removes QtQuick1 support (to be moved into QtQuick1 module)
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@129485)
New snapshot that includes MingW build fixes
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@129343)
New snapshot with build fixes for latest qtbase
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@129119)
New snapshot with prospective build fix for incorrect QtWebKit master module header file creation
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@128886)
New snapshot with various build fixes
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@128608)
New snapshot that enables WebKit2 build on Windows (still some bugs) and allows for WebKit to be built with qmake && make
|
| |
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@128206)
This includes the rewrite of the configure part of the build system which should fix the QtQuick2 detection
and allow for further simplifications in the future
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@128073)
New snapshot
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@124002)
New snapshot with prospective Mountain Lion build fix
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@123477)
New snapshot that adapts to latest Qt API changes
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@122325)
New snapshot that should work with the latest Qt build system changes
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@121147)
New snapshot that includes Win32 debug build fix (use SVGAllInOne)
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@120813)
New snapshot with Windows build fixes
|
| |
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@118516)
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@117578)
Weekly snapshot
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@116736)
New snapshot to include QDeclarative* -> QQml* build fixes
|
| |
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@116286)
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@110422)
This includes build fixes for the latest qtbase/qtdeclarative as well as the final QML2 API.
|
| |
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@108790)
|
| |
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@107223)
|
| |
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@106560)
|
|
|
(http://svn.webkit.org/repository/webkit/trunk@104285)
|
