WebKit Bugzilla
Attachment 361213 Details for
Bug 193912
: [JSC] Repeat string created from Array.prototype.join() take too much memory
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193912-20190205220724.patch (text/plain), 4.47 KB, created by
Guillaume Emont
on 2019-02-05 13:07:25 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Guillaume Emont
Created:
2019-02-05 13:07:25 PST
Size:
4.47 KB
patch
obsolete
>Subversion Revision: 240582 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 848e889ac20541dcc52507926021e50433e5b8bf..d8ed900f02de7850b82e43c7856d6f2958205503 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,20 @@ >+2019-02-04 Guillaume Emont <guijemont@igalia.com> >+ >+ [JSC] Repeat string created from Array.prototype.join() take too much memory >+ https://bugs.webkit.org/show_bug.cgi?id=193912 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Added a fast case in Array.prototype.join when the array is >+ uninitialized. >+ >+ * runtime/ArrayPrototype.cpp: >+ (JSC::canUseFastJoin): >+ (JSC::fastJoin): >+ * runtime/JSStringInlines.h: >+ (JSC::repeatCharacter): moved from StringPrototype.cpp >+ * runtime/StringPrototype.cpp: >+ > 2018-12-15 Darin Adler <darin@apple.com> > > Replace many uses of String::format with more type-safe alternatives >diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >index c37389aa857f89ce217d773f73d663ba2ea1728b..4707dc820f7f05a910fa04f21fbaf7118901c1c6 100644 >--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >@@ -390,6 +390,7 @@ inline bool canUseFastJoin(const JSObject* thisObject) > case ALL_CONTIGUOUS_INDEXING_TYPES: > case ALL_INT32_INDEXING_TYPES: > case ALL_DOUBLE_INDEXING_TYPES: >+ case ALL_UNDECIDED_INDEXING_TYPES: > return true; > default: > break; >@@ -503,6 +504,22 @@ inline JSValue fastJoin(ExecState& state, JSObject* thisObject, StringView separ > } > RELEASE_AND_RETURN(scope, joiner.join(state)); > } >+ case ALL_UNDECIDED_INDEXING_TYPES: { >+ switch (separator.length()) { >+ case 0: >+ RELEASE_AND_RETURN(scope, jsEmptyString(&state)); >+ case 1: { >+ if (length <= 1) >+ RELEASE_AND_RETURN(scope, jsEmptyString(&state)); >+ if (holesMustForwardToPrototype(vm, thisObject)) >+ goto generalCase; >+ if (separator.is8Bit()) >+ RELEASE_AND_RETURN(scope, repeatCharacter(state, separator.characters8()[0], length - 1)); >+ else >+ RELEASE_AND_RETURN(scope, repeatCharacter(state, separator.characters16()[0], length - 1)); >+ } >+ } >+ } > } > > generalCase: >diff --git a/Source/JavaScriptCore/runtime/JSStringInlines.h b/Source/JavaScriptCore/runtime/JSStringInlines.h >index 19d4756e0c1a9bcee73bb8a5b0cae6e03373074c..a27cf50670f18054876891e359700c6775b1bb1e 100644 >--- a/Source/JavaScriptCore/runtime/JSStringInlines.h >+++ b/Source/JavaScriptCore/runtime/JSStringInlines.h >@@ -54,4 +54,22 @@ inline JSValue jsMakeNontrivialString(ExecState* exec, StringType&& string, Stri > return jsNontrivialString(exec, WTFMove(result)); > } > >+template <typename CharacterType> >+inline JSString* repeatCharacter(ExecState& exec, CharacterType character, unsigned repeatCount) >+{ >+ VM& vm = exec.vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); >+ >+ CharacterType* buffer = nullptr; >+ auto impl = StringImpl::tryCreateUninitialized(repeatCount, buffer); >+ if (!impl) { >+ throwOutOfMemoryError(&exec, scope); >+ return nullptr; >+ } >+ >+ std::fill_n(buffer, repeatCount, character); >+ >+ RELEASE_AND_RETURN(scope, jsString(&exec, WTFMove(impl))); >+} >+ > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/StringPrototype.cpp b/Source/JavaScriptCore/runtime/StringPrototype.cpp >index 240ba5ef549a623c4d4fd256d09bc0ccc102c85c..eb51e41c230c951d0183cee21b76c6f5a97b0ca3 100644 >--- a/Source/JavaScriptCore/runtime/StringPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/StringPrototype.cpp >@@ -832,24 +832,6 @@ static inline bool checkObjectCoercible(JSValue thisValue) > return true; > } > >-template <typename CharacterType> >-static inline JSString* repeatCharacter(ExecState& exec, CharacterType character, unsigned repeatCount) >-{ >- VM& vm = exec.vm(); >- auto scope = DECLARE_THROW_SCOPE(vm); >- >- CharacterType* buffer = nullptr; >- auto impl = StringImpl::tryCreateUninitialized(repeatCount, buffer); >- if (!impl) { >- throwOutOfMemoryError(&exec, scope); >- return nullptr; >- } >- >- std::fill_n(buffer, repeatCount, character); >- >- RELEASE_AND_RETURN(scope, jsString(&exec, WTFMove(impl))); >-} >- > EncodedJSValue JSC_HOST_CALL stringProtoFuncRepeatCharacter(ExecState* exec) > { > VM& vm = exec->vm();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361213">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193912
:
360761
|
361132
|
361157
|
361213
|
361705
|
362913