JSStringJoiner::joinedLength() should limit joined string lengths to INT_MAX.
[WebKit-https.git] / Source / JavaScriptCore / runtime / JSString.cpp
1 /*
2  *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
3  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
4  *  Copyright (C) 2004, 2007-2008, 2015-2016 Apple Inc. All rights reserved.
5  *
6  *  This library is free software; you can redistribute it and/or
7  *  modify it under the terms of the GNU Library General Public
8  *  License as published by the Free Software Foundation; either
9  *  version 2 of the License, or (at your option) any later version.
10  *
11  *  This library is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  *  Library General Public License for more details.
15  *
16  *  You should have received a copy of the GNU Library General Public License
17  *  along with this library; see the file COPYING.LIB.  If not, write to
18  *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
19  *  Boston, MA 02110-1301, USA.
20  *
21  */
22
23 #include "config.h"
24 #include "JSString.h"
25
26 #include "JSGlobalObject.h"
27 #include "JSGlobalObjectFunctions.h"
28 #include "JSObject.h"
29 #include "JSCInlines.h"
30 #include "StringObject.h"
31 #include "StringPrototype.h"
32 #include "StrongInlines.h"
33
34 namespace JSC {
35     
36 const ClassInfo JSString::s_info = { "string", 0, 0, CREATE_METHOD_TABLE(JSString) };
37
38 Structure* JSString::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
39 {
40     return Structure::create(vm, globalObject, proto, TypeInfo(StringType, StructureFlags), info());
41 }
42
43 void JSRopeString::RopeBuilder::expand()
44 {
45     ASSERT(m_index == JSRopeString::s_maxInternalRopeLength);
46     JSString* jsString = m_jsString;
47     RELEASE_ASSERT(jsString);
48     m_jsString = jsStringBuilder(&m_vm);
49     m_index = 0;
50     append(jsString);
51 }
52
53 void JSString::destroy(JSCell* cell)
54 {
55     JSString* thisObject = static_cast<JSString*>(cell);
56     thisObject->JSString::~JSString();
57 }
58
59 void JSString::dumpToStream(const JSCell* cell, PrintStream& out)
60 {
61     const JSString* thisObject = jsCast<const JSString*>(cell);
62     out.printf("<%p, %s, [%u], ", thisObject, thisObject->className(), thisObject->length());
63     if (thisObject->isRope())
64         out.printf("[rope]");
65     else {
66         WTF::StringImpl* ourImpl = thisObject->m_value.impl();
67         if (ourImpl->is8Bit())
68             out.printf("[8 %p]", ourImpl->characters8());
69         else
70             out.printf("[16 %p]", ourImpl->characters16());
71     }
72     out.printf(">");
73 }
74
75 bool JSString::equalSlowCase(ExecState* exec, JSString* other) const
76 {
77     VM& vm = exec->vm();
78     auto scope = DECLARE_THROW_SCOPE(vm);
79     String str1 = value(exec);
80     String str2 = other->value(exec);
81     RETURN_IF_EXCEPTION(scope, false);
82     return WTF::equal(*str1.impl(), *str2.impl());
83 }
84
85 size_t JSString::estimatedSize(JSCell* cell)
86 {
87     JSString* thisObject = jsCast<JSString*>(cell);
88     if (thisObject->isRope())
89         return Base::estimatedSize(cell);
90     return Base::estimatedSize(cell) + thisObject->m_value.impl()->costDuringGC();
91 }
92
93 void JSString::visitChildren(JSCell* cell, SlotVisitor& visitor)
94 {
95     JSString* thisObject = jsCast<JSString*>(cell);
96     Base::visitChildren(thisObject, visitor);
97     
98     if (thisObject->isRope())
99         static_cast<JSRopeString*>(thisObject)->visitFibers(visitor);
100     else {
101         StringImpl* impl = thisObject->m_value.impl();
102         ASSERT(impl);
103         visitor.reportExtraMemoryVisited(impl->costDuringGC());
104     }
105 }
106
107 void JSRopeString::visitFibers(SlotVisitor& visitor)
108 {
109     if (isSubstring()) {
110         visitor.append(&substringBase());
111         return;
112     }
113     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i)
114         visitor.append(&fiber(i));
115 }
116
117 static const unsigned maxLengthForOnStackResolve = 2048;
118
119 void JSRopeString::resolveRopeInternal8(LChar* buffer) const
120 {
121     if (isSubstring()) {
122         StringImpl::copyChars(
123             buffer, substringBase()->m_value.characters8() + substringOffset(), length());
124         return;
125     }
126     
127     resolveRopeInternal8NoSubstring(buffer);
128 }
129
130 void JSRopeString::resolveRopeInternal8NoSubstring(LChar* buffer) const
131 {
132     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i) {
133         if (fiber(i)->isRope()) {
134             resolveRopeSlowCase8(buffer);
135             return;
136         }
137     }
138
139     LChar* position = buffer;
140     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i) {
141         const StringImpl& fiberString = *fiber(i)->m_value.impl();
142         unsigned length = fiberString.length();
143         StringImpl::copyChars(position, fiberString.characters8(), length);
144         position += length;
145     }
146     ASSERT((buffer + length()) == position);
147 }
148
149 void JSRopeString::resolveRopeInternal16(UChar* buffer) const
150 {
151     if (isSubstring()) {
152         StringImpl::copyChars(
153             buffer, substringBase()->m_value.characters16() + substringOffset(), length());
154         return;
155     }
156     
157     resolveRopeInternal16NoSubstring(buffer);
158 }
159
160 void JSRopeString::resolveRopeInternal16NoSubstring(UChar* buffer) const
161 {
162     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i) {
163         if (fiber(i)->isRope()) {
164             resolveRopeSlowCase(buffer);
165             return;
166         }
167     }
168
169     UChar* position = buffer;
170     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i) {
171         const StringImpl& fiberString = *fiber(i)->m_value.impl();
172         unsigned length = fiberString.length();
173         if (fiberString.is8Bit())
174             StringImpl::copyChars(position, fiberString.characters8(), length);
175         else
176             StringImpl::copyChars(position, fiberString.characters16(), length);
177         position += length;
178     }
179     ASSERT((buffer + length()) == position);
180 }
181
182 void JSRopeString::resolveRopeToAtomicString(ExecState* exec) const
183 {
184     if (length() > maxLengthForOnStackResolve) {
185         resolveRope(exec);
186         m_value = AtomicString(m_value);
187         setIs8Bit(m_value.impl()->is8Bit());
188         return;
189     }
190
191     if (is8Bit()) {
192         LChar buffer[maxLengthForOnStackResolve];
193         resolveRopeInternal8(buffer);
194         m_value = AtomicString(buffer, length());
195         setIs8Bit(m_value.impl()->is8Bit());
196     } else {
197         UChar buffer[maxLengthForOnStackResolve];
198         resolveRopeInternal16(buffer);
199         m_value = AtomicString(buffer, length());
200         setIs8Bit(m_value.impl()->is8Bit());
201     }
202
203     clearFibers();
204
205     // If we resolved a string that didn't previously exist, notify the heap that we've grown.
206     if (m_value.impl()->hasOneRef())
207         Heap::heap(this)->reportExtraMemoryAllocated(m_value.impl()->cost());
208 }
209
210 void JSRopeString::clearFibers() const
211 {
212     for (size_t i = 0; i < s_maxInternalRopeLength; ++i)
213         u[i].number = 0;
214 }
215
216 RefPtr<AtomicStringImpl> JSRopeString::resolveRopeToExistingAtomicString(ExecState* exec) const
217 {
218     if (length() > maxLengthForOnStackResolve) {
219         resolveRope(exec);
220         if (RefPtr<AtomicStringImpl> existingAtomicString = AtomicStringImpl::lookUp(m_value.impl())) {
221             m_value = *existingAtomicString;
222             setIs8Bit(m_value.impl()->is8Bit());
223             clearFibers();
224             return existingAtomicString;
225         }
226         return nullptr;
227     }
228     
229     if (is8Bit()) {
230         LChar buffer[maxLengthForOnStackResolve];
231         resolveRopeInternal8(buffer);
232         if (RefPtr<AtomicStringImpl> existingAtomicString = AtomicStringImpl::lookUp(buffer, length())) {
233             m_value = *existingAtomicString;
234             setIs8Bit(m_value.impl()->is8Bit());
235             clearFibers();
236             return existingAtomicString;
237         }
238     } else {
239         UChar buffer[maxLengthForOnStackResolve];
240         resolveRopeInternal16(buffer);
241         if (RefPtr<AtomicStringImpl> existingAtomicString = AtomicStringImpl::lookUp(buffer, length())) {
242             m_value = *existingAtomicString;
243             setIs8Bit(m_value.impl()->is8Bit());
244             clearFibers();
245             return existingAtomicString;
246         }
247     }
248
249     return nullptr;
250 }
251
252 void JSRopeString::resolveRope(ExecState* exec) const
253 {
254     ASSERT(isRope());
255     
256     if (isSubstring()) {
257         ASSERT(!substringBase()->isRope());
258         m_value = substringBase()->m_value.substringSharingImpl(substringOffset(), length());
259         substringBase().clear();
260         return;
261     }
262     
263     if (is8Bit()) {
264         LChar* buffer;
265         if (auto newImpl = StringImpl::tryCreateUninitialized(length(), buffer)) {
266             Heap::heap(this)->reportExtraMemoryAllocated(newImpl->cost());
267             m_value = WTFMove(newImpl);
268         } else {
269             outOfMemory(exec);
270             return;
271         }
272         resolveRopeInternal8NoSubstring(buffer);
273         clearFibers();
274         ASSERT(!isRope());
275         return;
276     }
277
278     UChar* buffer;
279     if (auto newImpl = StringImpl::tryCreateUninitialized(length(), buffer)) {
280         Heap::heap(this)->reportExtraMemoryAllocated(newImpl->cost());
281         m_value = WTFMove(newImpl);
282     } else {
283         outOfMemory(exec);
284         return;
285     }
286
287     resolveRopeInternal16NoSubstring(buffer);
288     clearFibers();
289     ASSERT(!isRope());
290 }
291
292 // Overview: These functions convert a JSString from holding a string in rope form
293 // down to a simple String representation. It does so by building up the string
294 // backwards, since we want to avoid recursion, we expect that the tree structure
295 // representing the rope is likely imbalanced with more nodes down the left side
296 // (since appending to the string is likely more common) - and as such resolving
297 // in this fashion should minimize work queue size.  (If we built the queue forwards
298 // we would likely have to place all of the constituent StringImpls into the
299 // Vector before performing any concatenation, but by working backwards we likely
300 // only fill the queue with the number of substrings at any given level in a
301 // rope-of-ropes.)    
302 void JSRopeString::resolveRopeSlowCase8(LChar* buffer) const
303 {
304     LChar* position = buffer + length(); // We will be working backwards over the rope.
305     Vector<JSString*, 32, UnsafeVectorOverflow> workQueue; // Putting strings into a Vector is only OK because there are no GC points in this method.
306     
307     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i)
308         workQueue.append(fiber(i).get());
309
310     while (!workQueue.isEmpty()) {
311         JSString* currentFiber = workQueue.last();
312         workQueue.removeLast();
313
314         const LChar* characters;
315         
316         if (currentFiber->isRope()) {
317             JSRopeString* currentFiberAsRope = static_cast<JSRopeString*>(currentFiber);
318             if (!currentFiberAsRope->isSubstring()) {
319                 for (size_t i = 0; i < s_maxInternalRopeLength && currentFiberAsRope->fiber(i); ++i)
320                     workQueue.append(currentFiberAsRope->fiber(i).get());
321                 continue;
322             }
323             ASSERT(!currentFiberAsRope->substringBase()->isRope());
324             characters =
325                 currentFiberAsRope->substringBase()->m_value.characters8() +
326                 currentFiberAsRope->substringOffset();
327         } else
328             characters = currentFiber->m_value.characters8();
329         
330         unsigned length = currentFiber->length();
331         position -= length;
332         StringImpl::copyChars(position, characters, length);
333     }
334
335     ASSERT(buffer == position);
336 }
337
338 void JSRopeString::resolveRopeSlowCase(UChar* buffer) const
339 {
340     UChar* position = buffer + length(); // We will be working backwards over the rope.
341     Vector<JSString*, 32, UnsafeVectorOverflow> workQueue; // These strings are kept alive by the parent rope, so using a Vector is OK.
342
343     for (size_t i = 0; i < s_maxInternalRopeLength && fiber(i); ++i)
344         workQueue.append(fiber(i).get());
345
346     while (!workQueue.isEmpty()) {
347         JSString* currentFiber = workQueue.last();
348         workQueue.removeLast();
349
350         if (currentFiber->isRope()) {
351             JSRopeString* currentFiberAsRope = static_cast<JSRopeString*>(currentFiber);
352             if (currentFiberAsRope->isSubstring()) {
353                 ASSERT(!currentFiberAsRope->substringBase()->isRope());
354                 StringImpl* string = static_cast<StringImpl*>(
355                     currentFiberAsRope->substringBase()->m_value.impl());
356                 unsigned offset = currentFiberAsRope->substringOffset();
357                 unsigned length = currentFiberAsRope->length();
358                 position -= length;
359                 if (string->is8Bit())
360                     StringImpl::copyChars(position, string->characters8() + offset, length);
361                 else
362                     StringImpl::copyChars(position, string->characters16() + offset, length);
363                 continue;
364             }
365             for (size_t i = 0; i < s_maxInternalRopeLength && currentFiberAsRope->fiber(i); ++i)
366                 workQueue.append(currentFiberAsRope->fiber(i).get());
367             continue;
368         }
369
370         StringImpl* string = static_cast<StringImpl*>(currentFiber->m_value.impl());
371         unsigned length = string->length();
372         position -= length;
373         if (string->is8Bit())
374             StringImpl::copyChars(position, string->characters8(), length);
375         else
376             StringImpl::copyChars(position, string->characters16(), length);
377     }
378
379     ASSERT(buffer == position);
380 }
381
382 void JSRopeString::outOfMemory(ExecState* exec) const
383 {
384     VM& vm = exec->vm();
385     auto scope = DECLARE_THROW_SCOPE(vm);
386
387     clearFibers();
388     ASSERT(isRope());
389     ASSERT(m_value.isNull());
390     if (exec)
391         throwOutOfMemoryError(exec, scope);
392 }
393
394 JSValue JSString::toPrimitive(ExecState*, PreferredPrimitiveType) const
395 {
396     return const_cast<JSString*>(this);
397 }
398
399 bool JSString::getPrimitiveNumber(ExecState* exec, double& number, JSValue& result) const
400 {
401     result = this;
402     number = jsToNumber(unsafeView(*exec));
403     return false;
404 }
405
406 double JSString::toNumber(ExecState* exec) const
407 {
408     return jsToNumber(unsafeView(*exec));
409 }
410
411 inline StringObject* StringObject::create(VM& vm, JSGlobalObject* globalObject, JSString* string)
412 {
413     StringObject* object = new (NotNull, allocateCell<StringObject>(vm.heap)) StringObject(vm, globalObject->stringObjectStructure());
414     object->finishCreation(vm, string);
415     return object;
416 }
417
418 JSObject* JSString::toObject(ExecState* exec, JSGlobalObject* globalObject) const
419 {
420     return StringObject::create(exec->vm(), globalObject, const_cast<JSString*>(this));
421 }
422
423 JSValue JSString::toThis(JSCell* cell, ExecState* exec, ECMAMode ecmaMode)
424 {
425     if (ecmaMode == StrictMode)
426         return cell;
427     return StringObject::create(exec->vm(), exec->lexicalGlobalObject(), jsCast<JSString*>(cell));
428 }
429
430 bool JSString::getStringPropertyDescriptor(ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor)
431 {
432     if (propertyName == exec->propertyNames().length) {
433         descriptor.setDescriptor(jsNumber(length()), DontEnum | DontDelete | ReadOnly);
434         return true;
435     }
436     
437     Optional<uint32_t> index = parseIndex(propertyName);
438     if (index && index.value() < length()) {
439         descriptor.setDescriptor(getIndex(exec, index.value()), DontDelete | ReadOnly);
440         return true;
441     }
442     
443     return false;
444 }
445
446 JSString* jsStringWithCacheSlowCase(VM& vm, StringImpl& stringImpl)
447 {
448     if (JSString* string = vm.stringCache.get(&stringImpl))
449         return string;
450
451     JSString* string = jsString(&vm, String(stringImpl));
452     vm.lastCachedString.set(vm, string);
453     return string;
454 }
455
456 } // namespace JSC