Add sanity checks when storing the global VTables. When linking statically, some aggressive compilers might optimize out the vtable from JSArray and friends if it can statically resolve all function calls. In this case, the assumption that the first data member in the class points to the VTable is wrong. To catch those cases early on, a few ASSERTs were added.
Created attachment 83464 [details] the patch
Comment on attachment 83464 [details] the patch r=me
Comment on attachment 83464 [details] the patch Looks like this patch does not apply. Since I don't think Harald is a committer, marking cq+ (but I expect it will fail).
Comment on attachment 83464 [details] the patch Rejecting attachment 83464 [details] from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=eseidel-cq-sl', 'ap..." exit_code: 2 Last 500 characters of output: svn-apply', u'--reviewer', u'Geoffrey Garen', u'--force']" exit_code: 1 Parsed 2 diffs from patch file(s). patching file Source/JavaScriptCore/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/JavaScriptCore/runtime/JSGlobalData.cpp Hunk #1 FAILED at 84. 1 out of 1 hunk FAILED -- saving rejects to file Source/JavaScriptCore/runtime/JSGlobalData.cpp.rej Failed to run "[u'/Projects/CommitQueue/Tools/Scripts/svn-apply', u'--reviewer', u'Geoffrey Garen', u'--force']" exit_code: 1 Full output: http://queues.webkit.org/results/7986549
Comment on attachment 83464 [details] the patch Need a new vresion of this patch that applies.
I think this bug is now redundant. Not a bad idea at the time, but JS objects no longer have vptrs!