Structure::flattenDictionary() should clear unused property slots.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Mar 2019 16:18:10 +0000 (16:18 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Mar 2019 16:18:10 +0000 (16:18 +0000)
commitc60b6029d02828e541981701347afb5d86587637
tree48516be67f8074dbea4fc8c17c87294616116d9e
parent3453a2da63c638c99aae2494253af2338c2bcac9
Structure::flattenDictionary() should clear unused property slots.
https://bugs.webkit.org/show_bug.cgi?id=195871
<rdar://problem/48959497>

Reviewed by Michael Saboff.

JSTests:

* stress/structure-flattenDictionary-should-clear-unused-property-slots.js: Added.

Source/JavaScriptCore:

It currently attempts to do this but fails because it's actually clearing up the
preCapacity region instead.  The fix is simply to account for the preCapacity
when computing the start address of the property slots.

* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/structure-flattenDictionary-should-clear-unused-property-slots.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/Structure.cpp