From 9de2366d28135c90a917dc161c0064d5b557a495 Mon Sep 17 00:00:00 2001 From: "darin@apple.com" Date: Fri, 13 Feb 2009 23:56:43 +0000 Subject: [PATCH] 2009-02-13 Darin Adler Reviewed by Mark Rowe. Fix broken tokenizer regression test that reflected a lifetime bug in the document.write optimization. The test failure was trivial to reproduce in COLLECT_ON_EVERY_ALLOCATION mode. * bindings/js/JSHTMLDocumentCustom.cpp: (WebCore::documentWrite): Convert strings to String rather than passing the pointer and length to SegmentedString. The optimization is thus mostly gone. However, there are two ways to bring it back: 1) Apply the patch that makes UString and String share the same buffers. 2) Add a UString feature to SegmentedString; simple to do but might risk slowing down normal document parsing. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@40994 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- WebCore/ChangeLog | 16 ++++++++++++++++ WebCore/bindings/js/JSHTMLDocumentCustom.cpp | 7 ++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index 5ad1122..7adb8c3 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -1,3 +1,19 @@ +2009-02-13 Darin Adler + + Reviewed by Mark Rowe. + + Fix broken tokenizer regression test that reflected a lifetime bug + in the document.write optimization. The test failure was trivial to + reproduce in COLLECT_ON_EVERY_ALLOCATION mode. + + * bindings/js/JSHTMLDocumentCustom.cpp: + (WebCore::documentWrite): Convert strings to String rather than passing + the pointer and length to SegmentedString. The optimization is thus + mostly gone. However, there are two ways to bring it back: 1) Apply + the patch that makes UString and String share the same buffers. + 2) Add a UString feature to SegmentedString; simple to do but might + risk slowing down normal document parsing. + 2009-02-13 Adam Treat Caught by Darin Adler. diff --git a/WebCore/bindings/js/JSHTMLDocumentCustom.cpp b/WebCore/bindings/js/JSHTMLDocumentCustom.cpp index 6b34bca..1bc40ff 100644 --- a/WebCore/bindings/js/JSHTMLDocumentCustom.cpp +++ b/WebCore/bindings/js/JSHTMLDocumentCustom.cpp @@ -136,17 +136,14 @@ static inline void documentWrite(ExecState* exec, const ArgList& args, HTMLDocum size_t size = args.size(); UString firstString = args.at(exec, 0).toString(exec); - SegmentedString segmentedString(firstString.data(), firstString.size()); - Vector subsequentStrings; // Keeps strings alive until Tokenizer::write is called on them. + SegmentedString segmentedString = String(firstString); if (size != 1) { if (!size) segmentedString.clear(); else { - subsequentStrings.reserveInitialCapacity(size - 1); for (size_t i = 1; i < size; ++i) { UString subsequentString = args.at(exec, i).toString(exec); - segmentedString.append(SegmentedString(subsequentString.data(), subsequentString.size())); - subsequentStrings.append(subsequentString); + segmentedString.append(SegmentedString(String(subsequentString))); } } } -- 1.8.3.1