<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[194310] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/194310">194310</a></dd>
<dt>Author</dt> <dd>akling@apple.com</dd>
<dt>Date</dt> <dd>2015-12-18 18:32:46 -0800 (Fri, 18 Dec 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Make JSString::SafeView less of a footgun.
<https://webkit.org/b/152376>
Reviewed by Darin Adler.
Remove the "operator StringView()" convenience helper on JSString::SafeString since that
made it possible to casually turn the return value from JSString::view() into an unsafe
StringView local on the stack with this pattern:
StringView view = someJSValue.toString(exec)->view(exec);
The JSString* returned by toString() above will go out of scope by the end of the statement
and does not stick around to protect itself from garbage collection.
It will now look like this instead:
JSString::SafeView view = someJSValue.toString(exec)->view(exec);
To be extra clear, the following is not safe:
StringView view = someJSValue.toString(exec)->view(exec).get();
By the end of that statement, the JSString::SafeView goes out of scope, and the JSString*
is no longer protected from GC.
I added a couple of forwarding helpers to the SafeView class, and if you need a StringView
object from it, you can call .get() just like before.
Finally I also removed the JSString::SafeView() constructor, since nobody was instantiating
empty SafeView objects anyway. This way we don't have to worry about null members.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncJoin):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::decode):
(JSC::globalFuncParseInt):
(JSC::globalFuncParseFloat):
(JSC::globalFuncEscape):
(JSC::globalFuncUnescape):
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/JSString.cpp:
(JSC::JSString::getPrimitiveNumber):
(JSC::JSString::toNumber):
* runtime/JSString.h:
(JSC::JSString::SafeView::is8Bit):
(JSC::JSString::SafeView::length):
(JSC::JSString::SafeView::characters8):
(JSC::JSString::SafeView::characters16):
(JSC::JSString::SafeView::operator[]):
(JSC::JSString::SafeView::SafeView):
(JSC::JSString::SafeView::get):
(JSC::JSString::SafeView::operator StringView): Deleted.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncNormalize):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayPrototypecpp">trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionConstructorcpp">trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntlCollatorPrototypecpp">trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectFunctionscpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSONObjectcpp">trunk/Source/JavaScriptCore/runtime/JSONObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSStringcpp">trunk/Source/JavaScriptCore/runtime/JSString.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSStringh">trunk/Source/JavaScriptCore/runtime/JSString.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStringPrototypecpp">trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -1,3 +1,68 @@
</span><ins>+2015-12-18 Andreas Kling <akling@apple.com>
+
+ Make JSString::SafeView less of a footgun.
+ <https://webkit.org/b/152376>
+
+ Reviewed by Darin Adler.
+
+ Remove the "operator StringView()" convenience helper on JSString::SafeString since that
+ made it possible to casually turn the return value from JSString::view() into an unsafe
+ StringView local on the stack with this pattern:
+
+ StringView view = someJSValue.toString(exec)->view(exec);
+
+ The JSString* returned by toString() above will go out of scope by the end of the statement
+ and does not stick around to protect itself from garbage collection.
+
+ It will now look like this instead:
+
+ JSString::SafeView view = someJSValue.toString(exec)->view(exec);
+
+ To be extra clear, the following is not safe:
+
+ StringView view = someJSValue.toString(exec)->view(exec).get();
+
+ By the end of that statement, the JSString::SafeView goes out of scope, and the JSString*
+ is no longer protected from GC.
+
+ I added a couple of forwarding helpers to the SafeView class, and if you need a StringView
+ object from it, you can call .get() just like before.
+
+ Finally I also removed the JSString::SafeView() constructor, since nobody was instantiating
+ empty SafeView objects anyway. This way we don't have to worry about null members.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
+ (JSC::genericTypedArrayViewProtoFuncJoin):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::decode):
+ (JSC::globalFuncParseInt):
+ (JSC::globalFuncParseFloat):
+ (JSC::globalFuncEscape):
+ (JSC::globalFuncUnescape):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/JSString.cpp:
+ (JSC::JSString::getPrimitiveNumber):
+ (JSC::JSString::toNumber):
+ * runtime/JSString.h:
+ (JSC::JSString::SafeView::is8Bit):
+ (JSC::JSString::SafeView::length):
+ (JSC::JSString::SafeView::characters8):
+ (JSC::JSString::SafeView::characters16):
+ (JSC::JSString::SafeView::operator[]):
+ (JSC::JSString::SafeView::SafeView):
+ (JSC::JSString::SafeView::get):
+ (JSC::JSString::SafeView::operator StringView): Deleted.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncCharAt):
+ (JSC::stringProtoFuncCharCodeAt):
+ (JSC::stringProtoFuncIndexOf):
+ (JSC::stringProtoFuncNormalize):
+
</ins><span class="cx"> 2015-12-18 Saam barati <sbarati@apple.com>
</span><span class="cx">
</span><span class="cx"> BytecodeGenerator::pushLexicalScopeInternal and pushLexicalScope should use enums instead of bools
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -496,7 +496,7 @@
</span><span class="cx"> JSString* separator = separatorValue.toString(exec);
</span><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><del>- return JSValue::encode(join(*exec, thisObject, separator->view(exec)));
</del><ins>+ return JSValue::encode(join(*exec, thisObject, separator->view(exec).get()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -105,13 +105,13 @@
</span><span class="cx"> builder.append('*');
</span><span class="cx"> builder.append(functionName.string());
</span><span class="cx"> builder.append('(');
</span><del>- builder.append(args.at(0).toString(exec)->view(exec));
</del><ins>+ builder.append(args.at(0).toString(exec)->view(exec).get());
</ins><span class="cx"> for (size_t i = 1; i < args.size() - 1; i++) {
</span><span class="cx"> builder.appendLiteral(", ");
</span><del>- builder.append(args.at(i).toString(exec)->view(exec));
</del><ins>+ builder.append(args.at(i).toString(exec)->view(exec).get());
</ins><span class="cx"> }
</span><span class="cx"> builder.appendLiteral(") {\n");
</span><del>- builder.append(args.at(args.size() - 1).toString(exec)->view(exec));
</del><ins>+ builder.append(args.at(args.size() - 1).toString(exec)->view(exec).get());
</ins><span class="cx"> builder.appendLiteral("\n}}");
</span><span class="cx"> program = builder.toString();
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntlCollatorPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -105,7 +105,7 @@
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx">
</span><span class="cx"> // 9. Return CompareStrings(collator, X, Y).
</span><del>- return JSValue::encode(collator->compareStrings(*state, x->view(state), y->view(state)));
</del><ins>+ return JSValue::encode(collator->compareStrings(*state, x->view(state).get(), y->view(state).get()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL IntlCollatorPrototypeGetterCompare(ExecState* state)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -182,35 +182,31 @@
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL genericTypedArrayViewProtoFuncJoin(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> // 22.2.3.14
</span><del>- ViewClass* thisObject = jsCast<ViewClass*>(exec->thisValue());
</del><ins>+ auto joinWithSeparator = [&] (StringView separator) -> EncodedJSValue {
+ ViewClass* thisObject = jsCast<ViewClass*>(exec->thisValue());
+ unsigned length = thisObject->length();
</ins><span class="cx">
</span><del>- unsigned length = thisObject->length();
</del><ins>+ JSStringJoiner joiner(*exec, separator, length);
+ if (exec->hadException())
+ return JSValue::encode(jsUndefined());
+ for (unsigned i = 0; i < length; i++) {
+ joiner.append(*exec, thisObject->getIndexQuickly(i));
+ if (exec->hadException())
+ return JSValue::encode(jsUndefined());
+ }
+ return JSValue::encode(joiner.join(*exec));
+ };
</ins><span class="cx">
</span><span class="cx"> JSValue separatorValue = exec->argument(0);
</span><del>- JSString* separatorString;
- StringView separator;
-
</del><span class="cx"> if (separatorValue.isUndefined()) {
</span><span class="cx"> const LChar* comma = reinterpret_cast<const LChar*>(",");
</span><del>- separator = { comma, 1 };
- } else {
- separatorString = separatorValue.toString(exec);
- if (exec->hadException())
- return JSValue::encode(jsUndefined());
- separator = separatorString->view(exec);
</del><ins>+ return joinWithSeparator({ comma, 1 });
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- JSStringJoiner joiner(*exec, separator, length);
</del><ins>+ JSString* separatorString = separatorValue.toString(exec);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><del>-
- for (unsigned i = 0; i < length; i++) {
- joiner.append(*exec, thisObject->getIndexQuickly(i));
- if (exec->hadException())
- return JSValue::encode(jsUndefined());
- }
-
- return JSValue::encode(joiner.join(*exec));
</del><ins>+ return joinWithSeparator(separatorString->view(exec).get());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ViewClass>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectFunctionscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -150,7 +150,7 @@
</span><span class="cx">
</span><span class="cx"> static JSValue decode(ExecState* exec, const Bitmap<256>& doNotUnescape, bool strict)
</span><span class="cx"> {
</span><del>- StringView str = exec->argument(0).toString(exec)->view(exec);
</del><ins>+ JSString::SafeView str = exec->argument(0).toString(exec)->view(exec);
</ins><span class="cx">
</span><span class="cx"> if (str.is8Bit())
</span><span class="cx"> return decode(exec, str.characters8(), str.length(), doNotUnescape, strict);
</span><span class="lines">@@ -617,16 +617,16 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // If ToString throws, we shouldn't call ToInt32.
</span><del>- StringView s = value.toString(exec)->view(exec);
</del><ins>+ JSString::SafeView s = value.toString(exec)->view(exec);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx">
</span><del>- return JSValue::encode(jsNumber(parseInt(s, radixValue.toInt32(exec))));
</del><ins>+ return JSValue::encode(jsNumber(parseInt(s.get(), radixValue.toInt32(exec))));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL globalFuncParseFloat(ExecState* exec)
</span><span class="cx"> {
</span><del>- return JSValue::encode(jsNumber(parseFloat(exec->argument(0).toString(exec)->view(exec))));
</del><ins>+ return JSValue::encode(jsNumber(parseFloat(exec->argument(0).toString(exec)->view(exec).get())));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL globalFuncIsNaN(ExecState* exec)
</span><span class="lines">@@ -689,7 +689,7 @@
</span><span class="cx"> );
</span><span class="cx">
</span><span class="cx"> JSStringBuilder builder;
</span><del>- StringView str = exec->argument(0).toString(exec)->view(exec);
</del><ins>+ JSString::SafeView str = exec->argument(0).toString(exec)->view(exec);
</ins><span class="cx"> if (str.is8Bit()) {
</span><span class="cx"> const LChar* c = str.characters8();
</span><span class="cx"> for (unsigned k = 0; k < str.length(); k++, c++) {
</span><span class="lines">@@ -727,7 +727,7 @@
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL globalFuncUnescape(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> StringBuilder builder;
</span><del>- StringView str = exec->argument(0).toString(exec)->view(exec);
</del><ins>+ JSString::SafeView str = exec->argument(0).toString(exec)->view(exec);
</ins><span class="cx"> int k = 0;
</span><span class="cx"> int len = str.length();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSONObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSONObject.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSONObject.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/JSONObject.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -729,7 +729,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (!exec->argumentCount())
</span><span class="cx"> return throwVMError(exec, createError(exec, ASCIILiteral("JSON.parse requires at least one parameter")));
</span><del>- StringView source = exec->uncheckedArgument(0).toString(exec)->view(exec);
</del><ins>+ JSString::SafeView source = exec->uncheckedArgument(0).toString(exec)->view(exec);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsNull());
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSStringcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSString.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSString.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/JSString.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -378,13 +378,13 @@
</span><span class="cx"> bool JSString::getPrimitiveNumber(ExecState* exec, double& number, JSValue& result) const
</span><span class="cx"> {
</span><span class="cx"> result = this;
</span><del>- number = jsToNumber(view(exec));
</del><ins>+ number = jsToNumber(unsafeView(*exec));
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> double JSString::toNumber(ExecState* exec) const
</span><span class="cx"> {
</span><del>- return jsToNumber(view(exec));
</del><ins>+ return jsToNumber(unsafeView(*exec));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline StringObject* StringObject::create(VM& vm, JSGlobalObject* globalObject, JSString* string)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSStringh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSString.h (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSString.h 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/JSString.h 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -432,19 +432,23 @@
</span><span class="cx">
</span><span class="cx"> class JSString::SafeView {
</span><span class="cx"> public:
</span><del>- SafeView();
</del><span class="cx"> explicit SafeView(ExecState&, const JSString&);
</span><del>- operator StringView() const;
</del><span class="cx"> StringView get() const;
</span><span class="cx">
</span><ins>+ bool is8Bit() const { return m_string->is8Bit(); }
+ unsigned length() const { return m_string->length(); }
+ const LChar* characters8() const { return get().characters8(); }
+ const UChar* characters16() const { return get().characters16(); }
+ UChar operator[](unsigned index) const { return get()[index]; }
+
</ins><span class="cx"> private:
</span><del>- ExecState* m_state { nullptr };
</del><ins>+ ExecState& m_state;
</ins><span class="cx">
</span><span class="cx"> // The following pointer is marked "volatile" to make the compiler leave it on the stack
</span><span class="cx"> // or in a register as long as this object is alive, even after the last use of the pointer.
</span><span class="cx"> // That's needed to prevent garbage collecting the string and possibly deleting the block
</span><span class="cx"> // with the characters in it, and then using the StringView after that.
</span><del>- const JSString* volatile m_string { nullptr };
</del><ins>+ const JSString* volatile m_string;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE JSString* jsStringWithCacheSlowCase(VM&, StringImpl&);
</span><span class="lines">@@ -707,24 +711,15 @@
</span><span class="cx"> return isRope() && static_cast<const JSRopeString*>(this)->isSubstring();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline JSString::SafeView::SafeView()
-{
-}
-
</del><span class="cx"> inline JSString::SafeView::SafeView(ExecState& state, const JSString& string)
</span><del>- : m_state(&state)
</del><ins>+ : m_state(state)
</ins><span class="cx"> , m_string(&string)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline JSString::SafeView::operator StringView() const
-{
- return m_string->unsafeView(*m_state);
-}
-
</del><span class="cx"> inline StringView JSString::SafeView::get() const
</span><span class="cx"> {
</span><del>- return *this;
</del><ins>+ return m_string->unsafeView(m_state);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE JSString::SafeView JSString::view(ExecState* exec) const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStringPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp (194309 => 194310)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2015-12-19 02:07:57 UTC (rev 194309)
+++ trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2015-12-19 02:32:46 UTC (rev 194310)
</span><span class="lines">@@ -798,7 +798,7 @@
</span><span class="cx"> JSValue thisValue = exec->thisValue();
</span><span class="cx"> if (!checkObjectCoercible(thisValue))
</span><span class="cx"> return throwVMTypeError(exec);
</span><del>- StringView string = thisValue.toString(exec)->view(exec);
</del><ins>+ JSString::SafeView string = thisValue.toString(exec)->view(exec);
</ins><span class="cx"> JSValue a0 = exec->argument(0);
</span><span class="cx"> if (a0.isUInt32()) {
</span><span class="cx"> uint32_t i = a0.asUInt32();
</span><span class="lines">@@ -817,7 +817,7 @@
</span><span class="cx"> JSValue thisValue = exec->thisValue();
</span><span class="cx"> if (!checkObjectCoercible(thisValue))
</span><span class="cx"> return throwVMTypeError(exec);
</span><del>- StringView string = thisValue.toString(exec)->view(exec);
</del><ins>+ JSString::SafeView string = thisValue.toString(exec)->view(exec);
</ins><span class="cx"> JSValue a0 = exec->argument(0);
</span><span class="cx"> if (a0.isUInt32()) {
</span><span class="cx"> uint32_t i = a0.asUInt32();
</span><span class="lines">@@ -909,7 +909,7 @@
</span><span class="cx"> if (thisJSString->length() < otherJSString->length() + pos)
</span><span class="cx"> return JSValue::encode(jsNumber(-1));
</span><span class="cx">
</span><del>- size_t result = thisJSString->view(exec).get().find(otherJSString->view(exec), pos);
</del><ins>+ size_t result = thisJSString->view(exec).get().find(otherJSString->view(exec).get(), pos);
</ins><span class="cx"> if (result == notFound)
</span><span class="cx"> return JSValue::encode(jsNumber(-1));
</span><span class="cx"> return JSValue::encode(jsNumber(result));
</span><span class="lines">@@ -1930,7 +1930,7 @@
</span><span class="cx"> JSValue thisValue = exec->thisValue();
</span><span class="cx"> if (!checkObjectCoercible(thisValue))
</span><span class="cx"> return throwVMTypeError(exec);
</span><del>- StringView source = thisValue.toString(exec)->view(exec);
</del><ins>+ JSString::SafeView source = thisValue.toString(exec)->view(exec);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx">
</span><span class="lines">@@ -1953,7 +1953,7 @@
</span><span class="cx"> return throwVMError(exec, createRangeError(exec, ASCIILiteral("argument does not match any normalization form")));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- return JSValue::encode(normalize(exec, source.upconvertedCharacters(), source.length(), form));
</del><ins>+ return JSValue::encode(normalize(exec, source.get().upconvertedCharacters(), source.length(), form));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre>
</div>
</div>
</body>
</html>