We are seeing transitions in JSGlobalObject initialization.
Created attachment 363989 [details] Patch
Comment on attachment 363989 [details] Patch Nice!
Comment on attachment 363989 [details] Patch Thanks!
Comment on attachment 363989 [details] Patch Clearing flags on attachment: 363989 Committed r242650: <https://trac.webkit.org/changeset/242650>
All reviewed patches have been landed. Closing bug.
<rdar://problem/48719776>
Comment on attachment 363989 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=363989&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1933 > + if (attributes & PropertyAttribute::ReadOnly) > + structure->setContainsReadOnlyProperties(); what would this even mean with an accessor? Perhaps this should be an assert that we're not read only? > Source/JavaScriptCore/runtime/NullSetterFunction.h:38 > + // Since NullSetterFunction is per JSGlobalObject, we use put-without-transition in InternalFunction::finishCreation. This comment confuses me. You're using WithStructureTransition below, but "without" in this comment. Can you clarify what's going on? Can we just discard this comment since it seems contradictory to what the code is doing?