https://bugs.webkit.org/show_bug.cgi?id=194649
<rdar://problem/
48072386>
Reviewed by Saam Barati.
JSTests:
* stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added.
* stress/type-profiler-with-double-quote-in-constructor-name.js: Added.
* stress/type-profiler-with-double-quote-in-field-name.js: Added.
* stress/type-profiler-with-double-quote-in-optional-field-name.js: Added.
Source/JavaScriptCore:
Ditto for TypeSet::toJSONString() and TypeSet::toJSONString().
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::stackTracesAsJSON):
* runtime/TypeSet.cpp:
(JSC::TypeSet::toJSONString const):
(JSC::StructureShape::toJSONString const):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241615
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2019-02-15 Mark Lam <mark.lam@apple.com>
+
+ SamplingProfiler::stackTracesAsJSON() should escape strings.
+ https://bugs.webkit.org/show_bug.cgi?id=194649
+ <rdar://problem/48072386>
+
+ Reviewed by Saam Barati.
+
+ * stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added.
+ * stress/type-profiler-with-double-quote-in-constructor-name.js: Added.
+ * stress/type-profiler-with-double-quote-in-field-name.js: Added.
+ * stress/type-profiler-with-double-quote-in-optional-field-name.js: Added.
+
2019-02-15 Robin Morisset <rmorisset@apple.com>
CodeBlock::jettison should clear related watchpoints
https://bugs.webkit.org/show_bug.cgi?id=194544
--- /dev/null
+//@ runDefault("--useConcurrentJIT=false")
+
+function foo() {
+ let obj = {};
+ for (let i = 0; i < 10; ++i)
+ obj[i + 'p'] = i;
+}
+noInline(foo);
+
+function test() {
+ for (let i = 0; i < 1000; ++i) {
+ foo();
+ let stacktraces = samplingProfilerStackTraces();
+ for (let stackTrace of stacktraces) { }
+ }
+}
+
+startSamplingProfiler();
+foo.displayName = '"';
+test();
--- /dev/null
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper(x) {
+ class Base {
+ constructor() { }
+ };
+
+ var baseInstance = new Base;
+ Base.displayName = '"';
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "baseInstance = new Base");
+JSON.stringify(types)
+
--- /dev/null
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper(x) {
+ class Base {
+ constructor() {
+ this['"'] = true;
+ }
+ };
+
+ var baseInstance = new Base;
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "baseInstance = new Base");
+JSON.stringify(types)
--- /dev/null
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper() {
+ var x;
+ var Proto = function() {};
+ var oldProto;
+ for (var i = 0; i < 100; i++) {
+ // Make sure we get a new prototype chain on each assignment to x because objects with shared prototype chains will be merged.
+ x = new Proto;
+ x['"' + i + '"'] = 20;
+ x = x
+ oldProto = Proto;
+ Proto = function() {};
+ Proto.prototype.__proto__ = oldProto.prototype;
+ }
+ x = {};
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "x;");
+JSON.stringify(types);
+2019-02-15 Mark Lam <mark.lam@apple.com>
+
+ SamplingProfiler::stackTracesAsJSON() should escape strings.
+ https://bugs.webkit.org/show_bug.cgi?id=194649
+ <rdar://problem/48072386>
+
+ Reviewed by Saam Barati.
+
+ Ditto for TypeSet::toJSONString() and TypeSet::toJSONString().
+
+ * runtime/SamplingProfiler.cpp:
+ (JSC::SamplingProfiler::stackTracesAsJSON):
+ * runtime/TypeSet.cpp:
+ (JSC::TypeSet::toJSONString const):
+ (JSC::StructureShape::toJSONString const):
+
2019-02-15 Robin Morisset <rmorisset@apple.com>
CodeBlock::jettison should clear related watchpoints
/*
- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
loopedOnce = false;
for (StackFrame& stackFrame : stackTrace.frames) {
comma();
- json.append('"');
- json.append(stackFrame.displayNameForJSONTests(m_vm));
- json.append('"');
+ json.appendQuotedJSONString(stackFrame.displayNameForJSONTests(m_vm));
loopedOnce = true;
}
json.append(']');
/*
- * Copyright (C) 2014, 2015 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
json.append('{');
json.appendLiteral("\"displayTypeName\":");
- json.append('"');
- json.append(displayName());
- json.append('"');
+ json.appendQuotedJSONString(displayName());
json.append(',');
json.appendLiteral("\"primitiveTypeNames\":");
json.append('{');
json.appendLiteral("\"constructorName\":");
- json.append('"');
- json.append(m_constructorName);
- json.append('"');
+ json.appendQuotedJSONString(m_constructorName);
json.append(',');
json.appendLiteral("\"isInDictionaryMode\":");
hasAnItem = true;
String fieldName((*it).get());
- json.append('"');
- json.append(fieldName);
- json.append('"');
+ json.appendQuotedJSONString(fieldName);
}
json.append(']');
json.append(',');
hasAnItem = true;
String fieldName((*it).get());
- json.append('"');
- json.append(fieldName);
- json.append('"');
+ json.appendQuotedJSONString(fieldName);
}
json.append(']');
json.append(',');
git://git.webkit.org / WebKit-https.git / commitdiff