<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[207861] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/207861">207861</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2016-10-25 18:15:49 -0700 (Tue, 25 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>String.prototype.replace() should throw an OutOfMemoryError when using too much memory.
https://bugs.webkit.org/show_bug.cgi?id=163996
<rdar://problem/28263117>
Reviewed by Geoffrey Garen.
JSTests:
* stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js: Added.
Source/JavaScriptCore:
String.prototype.replace() uses a Vector internally for bookkeeping work.
Currently, if this vector gets too big, we just crash on allocation failure.
While this is correct behavior, it is not too friendly.
We now detect the imminent failure, and throw a OutOfMemoryError instead.
* runtime/StringPrototype.cpp:
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::stringProtoFuncReplaceUsingRegExp):
Source/WTF:
* wtf/Vector.h:
(WTF::minCapacity>::tryConstructAndAppend):
(WTF::minCapacity>::tryConstructAndAppendSlowCase):
- Added try versions of constructAndAppend() so that we can handle the failure
to allocate more gracefully.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStringPrototypecpp">trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfVectorh">trunk/Source/WTF/wtf/Vector.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestsstressstringprototypereplaceshouldthrowoutofmemoryerrorwhenusingtoomuchmemoryjs">trunk/JSTests/stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (207860 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-10-26 01:15:36 UTC (rev 207860)
+++ trunk/JSTests/ChangeLog 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -1,5 +1,15 @@
</span><span class="cx"> 2016-10-25 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><ins>+ String.prototype.replace() should throw an OutOfMemoryError when using too much memory.
+ https://bugs.webkit.org/show_bug.cgi?id=163996
+ <rdar://problem/28263117>
+
+ Reviewed by Geoffrey Garen.
+
+ * stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js: Added.
+
+2016-10-25 Mark Lam <mark.lam@apple.com>
+
</ins><span class="cx"> JSStringJoiner::joinedLength() should limit joined string lengths to INT_MAX.
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=163937
</span><span class="cx"> <rdar://problem/28642990>
</span></span></pre></div>
<a id="trunkJSTestsstressstringprototypereplaceshouldthrowoutofmemoryerrorwhenusingtoomuchmemoryjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js (0 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-replace-should-throw-out-of-memory-error-when-using-too-much-memory.js 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+//@ runFTLNoCJIT
+//@ slow!
+//@largeHeap
+// This test should not crash or fail any assertions.
+
+function shouldEqual(testId, actual, expected) {
+ if (actual != expected) {
+ throw testId + ": ERROR: expect " + expected + ", actual " + actual;
+ }
+}
+
+var exception = undefined;
+
+s2 = 'x'.repeat(0x3fffffff);
+r0 = /((?=\S))/giy;
+
+try {
+ s2.replace(r0, '')
+} catch (e) {
+ exception = e;
+}
+
+shouldEqual(10000, exception, "Error: Out of memory");
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (207860 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-10-26 01:15:36 UTC (rev 207860)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -1,5 +1,25 @@
</span><span class="cx"> 2016-10-25 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><ins>+ String.prototype.replace() should throw an OutOfMemoryError when using too much memory.
+ https://bugs.webkit.org/show_bug.cgi?id=163996
+ <rdar://problem/28263117>
+
+ Reviewed by Geoffrey Garen.
+
+ String.prototype.replace() uses a Vector internally for bookkeeping work.
+ Currently, if this vector gets too big, we just crash on allocation failure.
+ While this is correct behavior, it is not too friendly.
+
+ We now detect the imminent failure, and throw a OutOfMemoryError instead.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::removeUsingRegExpSearch):
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
+ (JSC::stringProtoFuncReplaceUsingRegExp):
+
+2016-10-25 Mark Lam <mark.lam@apple.com>
+
</ins><span class="cx"> Rename the reject() helper function to something more meaningful.
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=163549
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStringPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp (207860 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2016-10-26 01:15:36 UTC (rev 207860)
+++ trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -433,8 +433,15 @@
</span><span class="cx"> return jsString(exec, WTFMove(impl));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#define OUT_OF_MEMORY(exec__, scope__) \
+ do { \
+ throwOutOfMemoryError(exec__, scope__); \
+ return encodedJSValue(); \
+ } while (false)
+
</ins><span class="cx"> static ALWAYS_INLINE EncodedJSValue removeUsingRegExpSearch(VM& vm, ExecState* exec, JSString* string, const String& source, RegExp* regExp)
</span><span class="cx"> {
</span><ins>+ auto scope = DECLARE_THROW_SCOPE(vm);
</ins><span class="cx"> SuperSamplerScope superSamplerScope(false);
</span><span class="cx">
</span><span class="cx"> size_t lastIndex = 0;
</span><span class="lines">@@ -449,9 +456,10 @@
</span><span class="cx"> if (!result)
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- if (lastIndex < result.start)
- sourceRanges.constructAndAppend(lastIndex, result.start - lastIndex);
-
</del><ins>+ if (lastIndex < result.start) {
+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
+ }
</ins><span class="cx"> lastIndex = result.end;
</span><span class="cx"> startPosition = lastIndex;
</span><span class="cx">
</span><span class="lines">@@ -466,9 +474,11 @@
</span><span class="cx"> if (!lastIndex)
</span><span class="cx"> return JSValue::encode(string);
</span><span class="cx">
</span><del>- if (static_cast<unsigned>(lastIndex) < sourceLen)
- sourceRanges.constructAndAppend(lastIndex, sourceLen - lastIndex);
-
</del><ins>+ if (static_cast<unsigned>(lastIndex) < sourceLen) {
+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, sourceLen - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
+ }
+ scope.release();
</ins><span class="cx"> return JSValue::encode(jsSpliceSubstrings(exec, string, source, sourceRanges.data(), sourceRanges.size()));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -490,8 +500,10 @@
</span><span class="cx"> regExpObject->setLastIndex(exec, 0);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx">
</span><del>- if (callType == CallType::None && !replacementString.length())
</del><ins>+ if (callType == CallType::None && !replacementString.length()) {
+ scope.release();
</ins><span class="cx"> return removeUsingRegExpSearch(vm, exec, string, source, regExp);
</span><ins>+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // FIXME: This is wrong because we may be called directly from the FTL.
</span><span class="lines">@@ -518,7 +530,8 @@
</span><span class="cx"> if (!result)
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- sourceRanges.constructAndAppend(lastIndex, result.start - lastIndex);
</del><ins>+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
</ins><span class="cx">
</span><span class="cx"> unsigned i = 0;
</span><span class="cx"> for (; i < regExp->numSubpatterns() + 1; ++i) {
</span><span class="lines">@@ -556,7 +569,8 @@
</span><span class="cx"> if (!result)
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- sourceRanges.constructAndAppend(lastIndex, result.start - lastIndex);
</del><ins>+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
</ins><span class="cx">
</span><span class="cx"> unsigned i = 0;
</span><span class="cx"> for (; i < regExp->numSubpatterns() + 1; ++i) {
</span><span class="lines">@@ -596,7 +610,8 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> if (callType != CallType::None) {
</span><del>- sourceRanges.constructAndAppend(lastIndex, result.start - lastIndex);
</del><ins>+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer args;
</span><span class="cx">
</span><span class="lines">@@ -620,7 +635,8 @@
</span><span class="cx"> } else {
</span><span class="cx"> int replLen = replacementString.length();
</span><span class="cx"> if (lastIndex < result.start || replLen) {
</span><del>- sourceRanges.constructAndAppend(lastIndex, result.start - lastIndex);
</del><ins>+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
</ins><span class="cx">
</span><span class="cx"> if (replLen)
</span><span class="cx"> replacements.append(substituteBackreferences(replacementString, source, ovector, regExp));
</span><span class="lines">@@ -644,9 +660,10 @@
</span><span class="cx"> if (!lastIndex && replacements.isEmpty())
</span><span class="cx"> return JSValue::encode(string);
</span><span class="cx">
</span><del>- if (static_cast<unsigned>(lastIndex) < sourceLen)
- sourceRanges.constructAndAppend(lastIndex, sourceLen - lastIndex);
-
</del><ins>+ if (static_cast<unsigned>(lastIndex) < sourceLen) {
+ if (UNLIKELY(!sourceRanges.tryConstructAndAppend(lastIndex, sourceLen - lastIndex)))
+ OUT_OF_MEMORY(exec, scope);
+ }
</ins><span class="cx"> return JSValue::encode(jsSpliceSubstringsWithSeparators(exec, string, source, sourceRanges.data(), sourceRanges.size(), replacements.data(), replacements.size()));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -662,11 +679,13 @@
</span><span class="cx"> // ES5.1 15.5.4.10 step 8.a.
</span><span class="cx"> searchValue->setLastIndex(exec, 0);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><ins>+ scope.release();
</ins><span class="cx"> return removeUsingRegExpSearch(vm, exec, thisValue, thisValue->value(exec), regExp);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> CallData callData;
</span><span class="cx"> String replacementString = emptyString();
</span><ins>+ scope.release();
</ins><span class="cx"> return replaceUsingRegExpSearch(
</span><span class="cx"> vm, exec, thisValue, searchValue, callData, CallType::None, replacementString, JSValue());
</span><span class="cx"> }
</span><span class="lines">@@ -695,6 +714,7 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ scope.release();
</ins><span class="cx"> return replaceUsingRegExpSearch(
</span><span class="cx"> vm, exec, string, searchValue, callData, callType, replacementString, replaceValue);
</span><span class="cx"> }
</span><span class="lines">@@ -832,6 +852,7 @@
</span><span class="cx"> if (!searchValue.inherits(RegExpObject::info()))
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx">
</span><ins>+ scope.release();
</ins><span class="cx"> return replaceUsingRegExpSearch(exec->vm(), exec, string, searchValue, exec->argument(1));
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (207860 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2016-10-26 01:15:36 UTC (rev 207860)
+++ trunk/Source/WTF/ChangeLog 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-10-25 Mark Lam <mark.lam@apple.com>
+
+ String.prototype.replace() should throw an OutOfMemoryError when using too much memory.
+ https://bugs.webkit.org/show_bug.cgi?id=163996
+ <rdar://problem/28263117>
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/Vector.h:
+ (WTF::minCapacity>::tryConstructAndAppend):
+ (WTF::minCapacity>::tryConstructAndAppendSlowCase):
+ - Added try versions of constructAndAppend() so that we can handle the failure
+ to allocate more gracefully.
+
</ins><span class="cx"> 2016-10-25 Konstantin Tokarev <annulen@yandex.ru>
</span><span class="cx">
</span><span class="cx"> Non-specialized version of deleteObject should not have template argument
</span></span></pre></div>
<a id="trunkSourceWTFwtfVectorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/Vector.h (207860 => 207861)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/Vector.h 2016-10-26 01:15:36 UTC (rev 207860)
+++ trunk/Source/WTF/wtf/Vector.h 2016-10-26 01:15:49 UTC (rev 207861)
</span><span class="lines">@@ -722,6 +722,7 @@
</span><span class="cx"> void append(ValueType&& value) { append<ValueType>(std::forward<ValueType>(value)); }
</span><span class="cx"> template<typename U> void append(U&&);
</span><span class="cx"> template<typename... Args> void constructAndAppend(Args&&...);
</span><ins>+ template<typename... Args> bool tryConstructAndAppend(Args&&...);
</ins><span class="cx">
</span><span class="cx"> void uncheckedAppend(ValueType&& value) { uncheckedAppend<ValueType>(std::forward<ValueType>(value)); }
</span><span class="cx"> template<typename U> void uncheckedAppend(U&&);
</span><span class="lines">@@ -785,6 +786,7 @@
</span><span class="cx"> template<typename U> U* expandCapacity(size_t newMinCapacity, U*);
</span><span class="cx"> template<typename U> void appendSlowCase(U&&);
</span><span class="cx"> template<typename... Args> void constructAndAppendSlowCase(Args&&...);
</span><ins>+ template<typename... Args> bool tryConstructAndAppendSlowCase(Args&&...);
</ins><span class="cx">
</span><span class="cx"> void asanSetInitialBufferSizeTo(size_t);
</span><span class="cx"> void asanSetBufferSizeToFullCapacity();
</span><span class="lines">@@ -1225,6 +1227,19 @@
</span><span class="cx"> constructAndAppendSlowCase(std::forward<Args>(args)...);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename T, size_t inlineCapacity, typename OverflowHandler, size_t minCapacity> template<typename... Args>
+ALWAYS_INLINE bool Vector<T, inlineCapacity, OverflowHandler, minCapacity>::tryConstructAndAppend(Args&&... args)
+{
+ if (size() != capacity()) {
+ asanBufferSizeWillChangeTo(m_size + 1);
+ new (NotNull, end()) T(std::forward<Args>(args)...);
+ ++m_size;
+ return true;
+ }
+
+ return tryConstructAndAppendSlowCase(std::forward<Args>(args)...);
+}
+
</ins><span class="cx"> template<typename T, size_t inlineCapacity, typename OverflowHandler, size_t minCapacity> template<typename U>
</span><span class="cx"> void Vector<T, inlineCapacity, OverflowHandler, minCapacity>::appendSlowCase(U&& value)
</span><span class="cx"> {
</span><span class="lines">@@ -1252,6 +1267,21 @@
</span><span class="cx"> ++m_size;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename T, size_t inlineCapacity, typename OverflowHandler, size_t minCapacity> template<typename... Args>
+bool Vector<T, inlineCapacity, OverflowHandler, minCapacity>::tryConstructAndAppendSlowCase(Args&&... args)
+{
+ ASSERT(size() == capacity());
+
+ if (UNLIKELY(!tryExpandCapacity(size() + 1)))
+ return false;
+ ASSERT(begin());
+
+ asanBufferSizeWillChangeTo(m_size + 1);
+ new (NotNull, end()) T(std::forward<Args>(args)...);
+ ++m_size;
+ return true;
+}
+
</ins><span class="cx"> // This version of append saves a branch in the case where you know that the
</span><span class="cx"> // vector's capacity is large enough for the append to succeed.
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>