Changeset 31807 in webkit for trunk/JavaScriptCore/kjs

Timestamp:

Apr 11, 2008, 12:37:33 AM (17 years ago)

Author:

[email protected]

Message:

Reviewed by Geoff.

​https://bugs.webkit.org/show_bug.cgi?id=18402
REGRESSION: visited element handling is incorrect in nested join/toString calls

No change on SunSpider total, possibly a tiny improvement (about 0.1%).

Test: fast/js/array-tostring-and-join.html

• kjs/JSGlobalObject.h: (KJS::JSGlobalObject::visitedElements): Store visited elements HashSet here, making it common to toString/toLocalizedString/join again.

• kjs/array_object.cpp: (KJS::arrayProtoFuncToString): (KJS::arrayProtoFuncToLocaleString): (KJS::arrayProtoFuncJoin): Got rid of static variables. Replaced UString with Vector to avoid O(n^{2) behavior and regain performance.}

• wtf/Vector.h: (WTF::::resize): (WTF::::grow): (WTF::::reserveCapacity): (WTF::::append): (WTF::::insert): Added null checks, so that Vector methods don't crash when out of memory. The caller should check that data pointer is not null before proceeding.

Location:

trunk/JavaScriptCore/kjs

Files:

• JSGlobalObject.h (modified) (2 diffs)
• array_object.cpp (modified) (8 diffs)

trunk/JavaScriptCore/kjs/JSGlobalObject.h

@@ -138 +138 @@
             ActivationStackNode* activations;
             size_t activationCount;
+
+            OwnPtr<HashSet<JSObject*> > arrayVisitedElements; // Global data shared by array prototype functions.
         };
 
@@ -242 +244 @@
         ExecStateStack& activeExecStates() const { return d()->activeExecStates; }
 
+        HashSet<JSObject*>& arrayVisitedElements() { if (!d()->arrayVisitedElements) d()->arrayVisitedElements.set(new HashSet<JSObject*>); return *d()->arrayVisitedElements; }
+
     private:
         void init();

trunk/JavaScriptCore/kjs/array_object.cpp

@@ -93 +93 @@
         return throwError(exec, TypeError);
 
-    static HashSet<JSObject*> visitedElems;
-    static const UString* empty = new UString("");
-    static const UString* comma = new UString(",");
-    bool alreadyVisited = !visitedElems.add(thisObj).second;
+    bool alreadyVisited = !exec->dynamicGlobalObject()->arrayVisitedElements().add(thisObj).second;
+    Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
-        return jsString(*empty);
-    UString separator = *comma;
-    UString str = *empty;
+        return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
 
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
     for (unsigned k = 0; k < length; k++) {
         if (k >= 1)
-            str += separator;
-        if (str.isNull()) {
+            strBuffer.append(',');
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -116 +112 @@
             continue;
 
-        str += element->toString(exec);
-
-        if (str.isNull()) {
+        UString str = element->toString(exec);
+        strBuffer.append(str.data(), str.size());
+
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -126 +123 @@
             break;
     }
-    visitedElems.remove(thisObj);
-    return jsString(str);
+    exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
+    return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
 }
 
@@ -135 +132 @@
         return throwError(exec, TypeError);
 
-    static HashSet<JSObject*> visitedElems;
-    static const UString* empty = new UString("");
-    static const UString* comma = new UString(",");
-    bool alreadyVisited = !visitedElems.add(thisObj).second;
+    bool alreadyVisited = !exec->dynamicGlobalObject()->arrayVisitedElements().add(thisObj).second;
+    Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
-        return jsString(*empty);
-    UString separator = *comma;
-    UString str = *empty;
+        return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
 
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
     for (unsigned k = 0; k < length; k++) {
         if (k >= 1)
-            str += separator;
-        if (str.isNull()) {
+            strBuffer.append(',');
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -160 +153 @@
         JSObject* o = element->toObject(exec);
         JSValue* conversionFunction = o->get(exec, exec->propertyNames().toLocaleString);
+        UString str;
         if (conversionFunction->isObject() && static_cast<JSObject*>(conversionFunction)->implementsCall())
-            str += static_cast<JSObject*>(conversionFunction)->call(exec, o, exec->emptyList())->toString(exec);
+            str = static_cast<JSObject*>(conversionFunction)->call(exec, o, exec->emptyList())->toString(exec);
         else
-            str += element->toString(exec);
-
-        if (str.isNull()) {
+            str = element->toString(exec);
+        strBuffer.append(str.data(), str.size());
+
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -173 +168 @@
             break;
     }
-    visitedElems.remove(thisObj);
-    return jsString(str);
+    exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
+    return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
 }
 
 JSValue* arrayProtoFuncJoin(ExecState* exec, JSObject* thisObj, const List& args)
 {
-    static HashSet<JSObject*> visitedElems;
-    static const UString* empty = new UString("");
-    static const UString* comma = new UString(",");
-    bool alreadyVisited = !visitedElems.add(thisObj).second;
+    bool alreadyVisited = !exec->dynamicGlobalObject()->arrayVisitedElements().add(thisObj).second;
+    Vector<UChar, 256> strBuffer;
     if (alreadyVisited)
-        return jsString(*empty);
-    UString separator = *comma;
-    UString str = *empty;
-
-    if (!args[0]->isUndefined())
-        separator = args[0]->toString(exec);
+        return jsString(UString(0, 0)); // return an empty string, avoding infinite recursion.
+
+    UChar comma = ',';
+    UString separator = args[0]->isUndefined() ? UString(&comma, 1) : args[0]->toString(exec);
 
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
     for (unsigned k = 0; k < length; k++) {
         if (k >= 1)
-            str += separator;
-        if (str.isNull()) {
+            strBuffer.append(separator.data(), separator.size());
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -205 +196 @@
             continue;
 
-        str += element->toString(exec);
-
-        if (str.isNull()) {
+        UString str = element->toString(exec);
+        strBuffer.append(str.data(), str.size());
+
+        if (!strBuffer.data()) {
             JSObject* error = Error::create(exec, GeneralError, "Out of memory");
             exec->setException(error);
@@ -215 +207 @@
             break;
     }
-    visitedElems.remove(thisObj);
-    return jsString(str);
+    exec->dynamicGlobalObject()->arrayVisitedElements().remove(thisObj);
+    return jsString(UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
 }