[JSC] jsSubstring should resolve rope before calling JSRopeString::create
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Mar 2019 17:50:41 +0000 (17:50 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Mar 2019 17:50:41 +0000 (17:50 +0000)
commit1d7c90fc691e9f9f1e4123ca4bca9b356f9fd957
tree1dc4e832891cc53a5a67b9b1cf0f72d7f93c9585
parent5bd5ce75d3c5cc0ca0357af6b5071f03aef4192f
[JSC] jsSubstring should resolve rope before calling JSRopeString::create
https://bugs.webkit.org/show_bug.cgi?id=195840

Reviewed by Geoffrey Garen.

jsSubstring always ends up resolving rope of the base string because substring JSRopeString only accepts non-rope JSString
as its base. Instead of resolving ropes in finishCreationSubstring, we should resolve before passing it to JSRopeString.
So that, we can access string data before creating JSRopeString, and we can introduce optimizations like avoiding creation
of single character substrings.

We can find that a lot of substrings for length = 1 are allocated in RAMification regexp tests. This patch avoids creation of these
strings to save memory.

This patch also strengthen error checks caused by rope resolution for base of substrings. Previously we sometimes miss this checks.

* dfg/DFGOperations.cpp:
* runtime/JSString.cpp:
(JSC::JSString::dumpToStream):
* runtime/JSString.h:
(JSC::jsSubstring):
(JSC::jsSubstringOfResolved):
(JSC::jsSingleCharacterString):
* runtime/RegExpCachedResult.cpp:
(JSC::RegExpCachedResult::lastResult): We no longer need to have length = 0 path since jsSubstring returns an empty string if length == 0.
(JSC::RegExpCachedResult::leftContext):
(JSC::RegExpCachedResult::rightContext):
(JSC::RegExpCachedResult::setInput):
* runtime/RegExpGlobalData.cpp:
(JSC::RegExpGlobalData::getBackref):
(JSC::RegExpGlobalData::getLastParen):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::replaceUsingStringSearch):
(JSC::stringProtoFuncSlice):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
Some `const String& value = string->value(exec)` is dangerous if GC happens later. Changed to getting `String` instead of `const String&` here.

* runtime/StringPrototypeInlines.h:
(JSC::stringSlice):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243081 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/runtime/JSString.cpp
Source/JavaScriptCore/runtime/JSString.h
Source/JavaScriptCore/runtime/RegExpCachedResult.cpp
Source/JavaScriptCore/runtime/RegExpGlobalData.cpp
Source/JavaScriptCore/runtime/StringObject.h
Source/JavaScriptCore/runtime/StringPrototype.cpp
Source/JavaScriptCore/runtime/StringPrototypeInlines.h