| Summary: | Allow anonymous storage inside JSObject | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Oliver Hunt <oliver> | ||||
| Component: | JavaScriptCore | Assignee: | Oliver Hunt <oliver> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | ggaren | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | PC | ||||||
| OS: | OS X 10.5 | ||||||
| Attachments: |
|
||||||
|
Description
Oliver Hunt
2009-09-10 22:06:07 PDT
Created attachment 39411 [details]
Patch v1
+size_t Structure::put(unsigned count)
+{
+ m_propertyTable->anonymousSlotCount += count;
+ return m_propertyTable->keyCount + m_propertyTable->anonymousSlotCount;
+}
This API seems really weird to me.
First, it has a return value, which its only client doesn't use.
Second, its name implies that it "puts" a value, but it doesn't take a value as an argument.
Third, it increments anonymousSlotCount, but I don't see anonymousSlotCount initialized anywhere.
Fourth, m_anonymousSlotsInPrevious gets set directly in Structure::addAnonymousSlotsTransition, so what's special about anonymousSlotCount that it needs a helper function?
I think createPropertyMapHashTable needs to initialize anonymousSlotCount to 0. Then, I think addAnonymousSlotsTransition should just directly set anonymousSlotCount, like it directly sets m_anonymousSlotsInPrevious.
r- because I'm worried that anonymousSlotCount is uninitialized.
|