[WTF] StringBuilder should set correct m_is8Bit flag when merging
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 Apr 2019 17:48:10 +0000 (17:48 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 Apr 2019 17:48:10 +0000 (17:48 +0000)
https://bugs.webkit.org/show_bug.cgi?id=197053

Reviewed by Saam Barati.

JSTests:

* stress/merge-string-builder-in-dfg.js: Added.
(foo):

Source/WTF:

When appending StringBuilder to the other StringBuilder, we have a path that does not set m_is8Bit flag correctly.
This patch correctly sets this flag. And we also change 0 to nullptr when we are using 0 as a pointer.

* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::reserveCapacity):
(WTF::StringBuilder::appendUninitializedSlow):
(WTF::StringBuilder::append):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::append):
(WTF::StringBuilder::characters8 const):
(WTF::StringBuilder::characters16 const):
(WTF::StringBuilder::clear):

Tools:

* TestWebKitAPI/Tests/WTF/StringBuilder.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/merge-string-builder-in-dfg.js [new file with mode: 0644]
Source/WTF/ChangeLog
Source/WTF/wtf/text/StringBuilder.cpp
Source/WTF/wtf/text/StringBuilder.h
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp

index b984d75..5b16741 100644 (file)
@@ -1,3 +1,13 @@
+2019-04-18  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [WTF] StringBuilder should set correct m_is8Bit flag when merging
+        https://bugs.webkit.org/show_bug.cgi?id=197053
+
+        Reviewed by Saam Barati.
+
+        * stress/merge-string-builder-in-dfg.js: Added.
+        (foo):
+
 2019-04-16  Caitlin Potter  <caitp@igalia.com>
 
         [JSC] Filter DontEnum properties in ProxyObject::getOwnPropertyNames()
diff --git a/JSTests/stress/merge-string-builder-in-dfg.js b/JSTests/stress/merge-string-builder-in-dfg.js
new file mode 100644 (file)
index 0000000..9f60b34
--- /dev/null
@@ -0,0 +1,12 @@
+//@ runDefault("--useConcurrentJIT=0")
+const s = (10).toLocaleString();
+const r= RegExp();
+
+function foo()
+{
+    s.replace(r, s);
+}
+
+for (let i = 0; i < 100; i++) {
+    foo();
+}
index d1542f9..4c0212c 100644 (file)
@@ -1,3 +1,23 @@
+2019-04-18  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [WTF] StringBuilder should set correct m_is8Bit flag when merging
+        https://bugs.webkit.org/show_bug.cgi?id=197053
+
+        Reviewed by Saam Barati.
+
+        When appending StringBuilder to the other StringBuilder, we have a path that does not set m_is8Bit flag correctly.
+        This patch correctly sets this flag. And we also change 0 to nullptr when we are using 0 as a pointer.
+
+        * wtf/text/StringBuilder.cpp:
+        (WTF::StringBuilder::reserveCapacity):
+        (WTF::StringBuilder::appendUninitializedSlow):
+        (WTF::StringBuilder::append):
+        * wtf/text/StringBuilder.h:
+        (WTF::StringBuilder::append):
+        (WTF::StringBuilder::characters8 const):
+        (WTF::StringBuilder::characters16 const):
+        (WTF::StringBuilder::clear):
+
 2019-04-17  Tim Horton  <timothy_horton@apple.com>
 
         Adopt different scroll view flashing SPI
index 1489adf..e3d3542 100644 (file)
@@ -220,7 +220,7 @@ void StringBuilder::reserveCapacity(unsigned newCapacity)
         unsigned length = m_length.unsafeGet();
         if (newCapacity > length) {
             if (!length) {
-                LChar* nullPlaceholder = 0;
+                LChar* nullPlaceholder = nullptr;
                 allocateBuffer(nullPlaceholder, newCapacity);
             } else if (m_string.is8Bit())
                 allocateBuffer(m_string.characters8(), newCapacity);
@@ -273,7 +273,7 @@ CharType* StringBuilder::appendUninitializedSlow(unsigned requiredLength)
         reallocateBuffer<CharType>(expandedCapacity(capacity(), requiredLength));
     } else {
         ASSERT(m_string.length() == m_length.unsafeGet<unsigned>());
-        allocateBuffer(m_length ? m_string.characters<CharType>() : 0, expandedCapacity(capacity(), requiredLength));
+        allocateBuffer(m_length ? m_string.characters<CharType>() : nullptr, expandedCapacity(capacity(), requiredLength));
     }
     if (UNLIKELY(hasOverflowed()))
         return nullptr;
@@ -310,7 +310,7 @@ void StringBuilder::append(const UChar* characters, unsigned length)
             allocateBufferUpConvert(m_buffer->characters8(), expandedCapacity(capacity(), requiredLength.unsafeGet()));
         } else {
             ASSERT(m_string.length() == m_length.unsafeGet<unsigned>());
-            allocateBufferUpConvert(m_string.isNull() ? 0 : m_string.characters8(), expandedCapacity(capacity(), requiredLength.unsafeGet()));
+            allocateBufferUpConvert(m_string.isNull() ? nullptr : m_string.characters8(), expandedCapacity(capacity(), requiredLength.unsafeGet()));
         }
         if (UNLIKELY(hasOverflowed()))
             return;
index da8ad26..1f508bc 100644 (file)
@@ -115,6 +115,7 @@ public:
         if (!m_length && !m_buffer && !other.m_string.isNull()) {
             m_string = other.m_string;
             m_length = other.m_length;
+            m_is8Bit = other.m_is8Bit;
             return;
         }
 
@@ -312,7 +313,7 @@ public:
     {
         ASSERT(m_is8Bit);
         if (!m_length)
-            return 0;
+            return nullptr;
         if (!m_string.isNull())
             return m_string.characters8();
         ASSERT(m_buffer);
@@ -323,7 +324,7 @@ public:
     {
         ASSERT(!m_is8Bit);
         if (!m_length)
-            return 0;
+            return nullptr;
         if (!m_string.isNull())
             return m_string.characters16();
         ASSERT(m_buffer);
@@ -337,7 +338,7 @@ public:
         m_length = 0;
         m_string = String();
         m_buffer = nullptr;
-        m_bufferCharacters8 = 0;
+        m_bufferCharacters8 = nullptr;
         m_is8Bit = true;
     }
 
index dbbe60a..1e7641f 100644 (file)
@@ -1,3 +1,13 @@
+2019-04-18  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [WTF] StringBuilder should set correct m_is8Bit flag when merging
+        https://bugs.webkit.org/show_bug.cgi?id=197053
+
+        Reviewed by Saam Barati.
+
+        * TestWebKitAPI/Tests/WTF/StringBuilder.cpp:
+        (TestWebKitAPI::TEST):
+
 2019-04-17  Tim Horton  <timothy_horton@apple.com>
 
         [iOS Sim Debug] REGRESSION (r244151) TestWebKitAPI.WebKit.OverrideViewportArguments is failing (197028)
index 6b8e05c..7c9df6c 100644 (file)
@@ -99,6 +99,21 @@ TEST(StringBuilderTest, Append)
     ASSERT_EQ(3U, builderForUChar32Append.length());
     const UChar resultArray[] = { U16_LEAD(frakturAChar), U16_TRAIL(frakturAChar), 'A' };
     expectBuilderContent(String(resultArray, WTF_ARRAY_LENGTH(resultArray)), builderForUChar32Append);
+    {
+        StringBuilder builder;
+        StringBuilder builder2;
+        UChar32 frakturAChar = 0x1D504;
+        const UChar data[] = { U16_LEAD(frakturAChar), U16_TRAIL(frakturAChar) };
+        builder2.append(data, 2);
+        ASSERT_EQ(2U, builder2.length());
+        String result2 = builder2.toString();
+        ASSERT_EQ(2U, result2.length());
+        builder.append(builder2);
+        builder.append(data, 2);
+        ASSERT_EQ(4U, builder.length());
+        const UChar resultArray[] = { U16_LEAD(frakturAChar), U16_TRAIL(frakturAChar), U16_LEAD(frakturAChar), U16_TRAIL(frakturAChar) };
+        expectBuilderContent(String(resultArray, WTF_ARRAY_LENGTH(resultArray)), builder);
+    }
 }
 
 TEST(StringBuilderTest, ToString)