There are two reasons type set will enter this mode: 1. It hits some arbitrary limit when it sees too many StructureShapes. This limit needs to be set due to memory pressure. We don't want to willy nilly profile thousands of objects for one line of JavaScript code. 2. It sees a Structure that is in dictionary mode. When this happens, TypeSet/StructureShape can no longer efficiently reason about the fields in an object because they may change inline in the Structure object. This means that a Structure may mutate its fields between successive log process calls, which means we may not see the entire picture of a Structure's transformations. - When this mode is entered, there needs to be a way to show this in the UI for type profiling in the Web Inspector. - I think a good UI would be to display constructor names, but not fields. Or maybe show some fields that we know are there, with a "..." or something indicating that type profiling doesn't know the complete picture. Maybe just showing Constructor names is enough here because I think it'll be very rare for this mode to be entered in most programs that people will be debugging. - I think that both triggers into this mode should look the same in the UI in the Web Inspector because they are effectively communicating the same message to developers.
Created attachment 237882 [details] patch
landed in: http://trac.webkit.org/changeset/173469
Comment on attachment 237882 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=237882&action=review > Source/JavaScriptCore/runtime/TypeProfiler.cpp:109 > + json.append(","); > + > + json.append("\"isOverflown\":"); StringBuilder has some better methods you can use: StringBuilder::append(char) - for single character appends StringBuilder::appendLiteral - for string literals with the length provided at compile time You could use both of these within this method.