57986 – Stop JSObject::isUsingInlineStorage() from using the structure

Bug 57986 - Stop JSObject::isUsingInlineStorage() from using the structure

Summary: Stop JSObject::isUsingInlineStorage() from using the structure

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Other OS X 10.5

Importance:	P2 Normal
Assignee:	Oliver Hunt

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-04-06 15:02 PDT by Oliver Hunt
Modified:	2011-06-30 16:40 PDT (History)
CC List:	0 users

See Also:

Attachments
Patch (1.99 KB, patch) 2011-04-06 15:03 PDT, Oliver Hunt	barraclough: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Hunt 2011-04-06 15:02:14 PDT

Stop JSObject::isUsingInlineStorage() from using the structure

Comment 1 Oliver Hunt 2011-04-06 15:03:54 PDT

Created attachment 88521 [details]
Patch

Comment 2 Oliver Hunt 2011-04-06 15:15:57 PDT

Committed r83107: <http://trac.webkit.org/changeset/83107>

Comment 3 Darin Adler 2011-06-30 16:40:58 PDT

Comment on attachment 88521 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=88521&action=review

> Source/JavaScriptCore/runtime/JSObject.h:223
> +        bool isUsingInlineStorage() const { return static_cast<const void*>(m_propertyStorage) == static_cast<const void*>(this + 1); }

You should only have to cast one of these two to const void*.

> Source/JavaScriptCore/runtime/JSObject.h:404
> +    ASSERT(static_cast<void*>(inlineStorage) == static_cast<void*>(this + 1));

You should only have to cast one of these two to void*.