Move data members specific to ElementRareData out of NodeRareData #11131
Conversation
cdumez
added
the
WebCore Misc.
|
EWS run on current version of this PR (hash a40448e) |
| @@ -263,7 +263,7 @@ class NodeRareData { | |||
| { | |||
| } | |||
|
|
|||
| bool isElementRareData() { return m_isElementRareData; } | |||
| bool isElementRareData() const { return m_isElementRareData; } | |||
There was a problem hiding this comment.
Why do we need this? Don't we already know if it's an Element because of a flag in Node?
There was a problem hiding this comment.
It's true that Node has a NodeFlag that indicates whether the Node is an Element or not. I think you're right that we could probably infer wether the the NodeRareData is an ElementRareData. I'll look into it.
There was a problem hiding this comment.
So we use this flag in NodeRareData's operator delete() to make sure we delete ElementRareData data members too, since we don't use virtual inheritance (likely as an optimization).
Node knows whether it is NodeRareData or an ElementRareData. However, NodeRareData doesn't have a reference to its Node and doesn't know if it is an ElementRareData without this flag.
One way I guess would be to have Node to manual memory management and explicitly cast to the subclass before calling delete. However, this would be more error prone.
There was a problem hiding this comment.
That's precisely why we have that boolean. The type information needs to be stored in the object whose type is determined by it. Otherwise, the type & type info can get out of sync and may lead to an exploitable type confusion bug.
https://bugs.webkit.org/show_bug.cgi?id=253461 Reviewed by Darin Adler. Move data members specific to ElementRareData out of NodeRareData. Those were put in NodeRareData for better packing but we can achieve the same packing by reordering data members. I have verified that sizeof(NodeRareData)=32 and sizeof(ElementRareDate)=232 before and after my change. * Source/WebCore/dom/ElementRareData.cpp: * Source/WebCore/dom/ElementRareData.h: (WebCore::ElementRareData::useTypes const): * Source/WebCore/dom/NodeRareData.cpp: * Source/WebCore/dom/NodeRareData.h: (WebCore::NodeRareData::isElementRareData const): (WebCore::NodeRareData::useTypes const): (WebCore::NodeRareData::isElementRareData): Deleted. Canonical link: https://commits.webkit.org/261308@main
webkit-commit-queue
force-pushed
the
253461_NodeRareData_data_members
branch
from
a40448e
to
11ece51
Compare
|
Committed 261308@main (11ece51): https://commits.webkit.org/261308@main Reviewed commits have been landed. Closing PR #11131 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
11ece51
a40448e
π§ͺ mac-wk2-stress