Context Navigation

← Previous Changeset
Next Changeset →

Changeset 54736 in webkit

Timestamp:

Feb 12, 2010 2:22:09 PM (14 years ago)

Author:

barraclough@apple.com

Message:

https://bugs.webkit.org/show_bug.cgi?id=33731
Remove uses of PtrAndFlags from WebCore::StringImpl.

Reviewed by Sam Weinig.

These break the OS X Leaks tool. Use a bits stolen from the refCount to hold the
'InTable' and 'HasTerminatingNullCharacter' flags, along with the string type
(fixes a leak where the string data is allocated at the address (this + 1), and is
misinterpreted as being an internal buffer).

WebCore.base.exp:
platform/text/StringImpl.cpp:

(WebCore::StringImpl::StringImpl):
(WebCore::StringImpl::~StringImpl):
(WebCore::StringImpl::create):
(WebCore::StringImpl::createWithTerminatingNullCharacter):
(WebCore::StringImpl::crossThreadString):
(WebCore::StringImpl::sharedBuffer):

platform/text/StringImpl.h:

(WebCore::StringImpl::):
(WebCore::StringImpl::hasTerminatingNullCharacter):
(WebCore::StringImpl::inTable):
(WebCore::StringImpl::setInTable):
(WebCore::StringImpl::ref):
(WebCore::StringImpl::deref):
(WebCore::StringImpl::hasOneRef):
(WebCore::StringImpl::operator new):
(WebCore::StringImpl::bufferOwnership):

storage/OriginUsageRecord.cpp:

(WebCore::OriginUsageRecord::addDatabase):
(WebCore::OriginUsageRecord::markDatabase):

Location:

trunk/WebCore

Files:

: 5 edited

ChangeLog (modified) (1 diff)
WebCore.base.exp (modified) (1 diff)
platform/text/StringImpl.cpp (modified) (7 diffs)
platform/text/StringImpl.h (modified) (7 diffs)
storage/OriginUsageRecord.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/WebCore/ChangeLog

-                      r54735
+                      r54736
+-02-12  Gavin Barraclough  <barraclough@apple.com>
+        Reviewed by Sam Weinig.
+        https://bugs.webkit.org/show_bug.cgi?id=33731
+        Remove uses of PtrAndFlags from WebCore::StringImpl.
+        These break the OS X Leaks tool.  Use a bits stolen from the refCount to hold the
+        'InTable' and 'HasTerminatingNullCharacter' flags, along with the string type
+        (fixes a leak where the string data is allocated at the address (this + 1), and is
+        misinterpreted as being an internal buffer).
+        * WebCore.base.exp:
+        * platform/text/StringImpl.cpp:
+        (WebCore::StringImpl::StringImpl):
+        (WebCore::StringImpl::~StringImpl):
+        (WebCore::StringImpl::create):
+        (WebCore::StringImpl::createWithTerminatingNullCharacter):
+        (WebCore::StringImpl::crossThreadString):
+        (WebCore::StringImpl::sharedBuffer):
+        * platform/text/StringImpl.h:
+        (WebCore::StringImpl::):
+        (WebCore::StringImpl::hasTerminatingNullCharacter):
+        (WebCore::StringImpl::inTable):
+        (WebCore::StringImpl::setInTable):
+        (WebCore::StringImpl::ref):
+        (WebCore::StringImpl::deref):
+        (WebCore::StringImpl::hasOneRef):
+        (WebCore::StringImpl::operator new):
+        (WebCore::StringImpl::bufferOwnership):
+        * storage/OriginUsageRecord.cpp:
+        (WebCore::OriginUsageRecord::addDatabase):
+        (WebCore::OriginUsageRecord::markDatabase):
 -02-12  Nikolas Zimmermann  <nzimmermann@rim.com>

trunk/WebCore/WebCore.base.exp

r54663	r54736
145	145	__ZN7WebCore10StringImplD1Ev
146	146	__ZN7WebCore10StringImplcvP8NSStringEv
147		~~__ZN7WebCore10StringImpldlEPv~~
148	147	__ZN7WebCore10handCursorEv
149	148	__ZN7WebCore10setCookiesEPNS_8DocumentERKNS_4KURLERKNS_6StringE

trunk/WebCore/platform/text/StringImpl.cpp

-                      r54460
+                      r54736
+}
-static inline void deleteUCharVector(const UChar* p)
+{
-    fastFree(const_cast<UChar*>(p));
+}
-// Some of the factory methods create buffers using fastMalloc.
-// We must ensure that all allocations of StringImpl are allocated using
-// fastMalloc so that we don't have mis-matched frees. We accomplish
-// this by overriding the new and delete operators.
-void* StringImpl::operator new(size_t size, void* address)
+{
-    if (address)
-        return address;  // Allocating using an internal buffer
-    return fastMalloc(size);
+}
-void* StringImpl::operator new(size_t size)
+{
-    return fastMalloc(size);
+}
-void StringImpl::operator delete(void* address)
+{
-    fastFree(address);
+}
 // This constructor is used only to create the empty string.
 StringImpl::StringImpl()
     : m_data(0)
+    , m_sharedBuffer(0)
     , m_length(0)
+    , m_refCountAndFlags(s_refCountIncrement | BufferInternal)
     , m_hash(0)
+{
 …
+}
+inline StringImpl::StringImpl(unsigned length)
+    : m_data(reinterpret_cast<const UChar*>(this + 1))
+    , m_sharedBuffer(0)
+    , m_length(length)
+    , m_refCountAndFlags(s_refCountIncrement | BufferInternal)
+    , m_hash(0)
+{
+    ASSERT(m_data);
+    ASSERT(m_length);
+}
 inline StringImpl::StringImpl(const UChar* characters, unsigned length)
     : m_data(characters)
+    , m_sharedBuffer(0)
     , m_length(length)
+    , m_refCountAndFlags(s_refCountIncrement | BufferOwned)
     , m_hash(0)
+{
     ASSERT(characters);
     ASSERT(length);
+    ASSERT(!bufferIsInternal());
+}
 inline StringImpl::StringImpl(unsigned length)
     : m_data(reinterpret_cast<const UChar*>(this + 1))
+    ASSERT(m_data);
+    ASSERT(m_length);
+}
+inline StringImpl::StringImpl(const UChar* characters, unsigned length, PassRefPtr<SharedUChar> sharedBuffer)
+    : m_data(characters)
+    , m_sharedBuffer(sharedBuffer.releaseRef())
     , m_length(length)
+    , m_refCountAndFlags(s_refCountIncrement | BufferShared)
     , m_hash(0)
+{
     ASSERT(length);
     ASSERT(bufferIsInternal());
+    ASSERT(m_data);
+    ASSERT(m_length);
+}
 …
     if (inTable())
         AtomicString::remove(this);
+    if (!bufferIsInternal()) {
+        SharedUChar* sharedBuffer = m_sharedBufferAndFlags.get();
+        if (sharedBuffer)
+            sharedBuffer->deref();
+        else
+            deleteUCharVector(m_data);
+    BufferOwnership ownership = bufferOwnership();
+    if (ownership != BufferInternal) {
+        if (ownership == BufferOwned) {
+            ASSERT(!m_sharedBuffer);
+            ASSERT(m_data);
+            fastFree(const_cast<UChar*>(m_data));
+        } else {
+            ASSERT(ownership == BufferShared);
+            ASSERT(m_sharedBuffer);
+            m_sharedBuffer->deref();
+        }
+    }
+}
 …
 PassRefPtr<StringImpl> StringImpl::create(const JSC::UString& str)
+{
+    SharedUChar* sharedBuffer = const_cast<JSC::UString*>(&str)->rep()->sharedBuffer();
+    if (sharedBuffer) {
+        PassRefPtr<StringImpl> impl = adoptRef(new StringImpl(str.data(), str.size()));
+        sharedBuffer->ref();
+        impl->m_sharedBufferAndFlags.set(sharedBuffer);
+        return impl;
+    }
+    if (SharedUChar* sharedBuffer = const_cast<JSC::UString*>(&str)->rep()->sharedBuffer())
+        return adoptRef(new StringImpl(str.data(), str.size(), sharedBuffer));
     return StringImpl::create(str.data(), str.size());
+}
 …
     terminatedString->m_length--;
     terminatedString->m_hash = string.m_hash;
     terminatedString->m_sharedBufferAndFlags.setFlag(HasTerminatingNullCharacter);
+    terminatedString->m_refCountAndFlags |= s_refCountFlagHasTerminatingNullCharacter;
     return terminatedString.release();
+}
 …
 PassRefPtr<StringImpl> StringImpl::crossThreadString()
+{
+    SharedUChar* shared = sharedBuffer();
+    if (shared) {
+        RefPtr<StringImpl> impl = adoptRef(new StringImpl(m_data, m_length));
+        impl->m_sharedBufferAndFlags.set(shared->crossThreadCopy().releaseRef());
+        return impl.release();
+    }
+    if (SharedUChar* sharedBuffer = this->sharedBuffer())
+        return adoptRef(new StringImpl(m_data, m_length, sharedBuffer->crossThreadCopy()));
     // If no shared buffer is available, create a copy.
 …
 StringImpl::SharedUChar* StringImpl::sharedBuffer()
+{
     if (m_length < minLengthToShare || bufferIsInternal())
+    if (m_length < minLengthToShare)
         return 0;
+    if (!m_sharedBufferAndFlags.get())
+        m_sharedBufferAndFlags.set(SharedUChar::create(new OwnFastMallocPtr<UChar>(const_cast<UChar*>(m_data))).releaseRef());
+    return m_sharedBufferAndFlags.get();
+}
+    BufferOwnership ownership = bufferOwnership();
+    if (ownership == BufferInternal)
+        return 0;
+    if (ownership == BufferOwned) {
+        ASSERT(!m_sharedBuffer);
+        m_sharedBuffer = SharedUChar::create(new OwnFastMallocPtr<UChar>(const_cast<UChar*>(m_data))).releaseRef();
+        m_refCountAndFlags = (m_refCountAndFlags & ~s_refCountMaskBufferOwnership) | BufferShared;
+    }
+    ASSERT(bufferOwnership() == BufferShared);
+    ASSERT(m_sharedBuffer);
+    return m_sharedBuffer;
+}
 } // namespace WebCore

trunk/WebCore/platform/text/StringImpl.h

-                      r54460
+                      r54736
 #include <wtf/ASCIICType.h>
 #include <wtf/CrossThreadRefCounted.h>
+#include <wtf/Noncopyable.h>
 #include <wtf/OwnFastMallocPtr.h>
-#include <wtf/PtrAndFlags.h>
 #include <wtf/RefCounted.h>
 #include <wtf/StringHashFunctions.h>
 …
 typedef bool (*CharacterMatchFunctionPtr)(UChar);
 class StringImpl : public RefCounted<StringImpl> {
+class StringImpl : public Noncopyable {
     friend struct CStringTranslator;
     friend struct HashAndCharactersTranslator;
 …
 private:
     friend class ThreadGlobalData;
+    enum BufferOwnership {
+        BufferInternal,
+        BufferOwned,
+        BufferShared,
+    };
+    typedef CrossThreadRefCounted<OwnFastMallocPtr<UChar> > SharedUChar;
+    // Used to create the empty string (""), automatically hashes.
     StringImpl();
+    // This constructor adopts the UChar* without copying the buffer.
+    // Create a StringImpl with internal storage (BufferInternal)
+    StringImpl(unsigned length);
+    // Create a StringImpl adopting ownership of the provided buffer (BufferOwned)
     StringImpl(const UChar*, unsigned length);
+    // This constructor assumes that 'this' was allocated with a UChar buffer of size 'length' at the end.
+    StringImpl(unsigned length);
+    // Create a StringImpl using a shared buffer (BufferShared)
+    StringImpl(const UChar*, unsigned length, PassRefPtr<SharedUChar>);
     // For use only by AtomicString's XXXTranslator helpers.
     void setHash(unsigned hash) { ASSERT(!m_hash); m_hash = hash; }
-    typedef CrossThreadRefCounted<OwnFastMallocPtr<UChar> > SharedUChar;
 public:
     ~StringImpl();
 …
     unsigned length() { return m_length; }
     bool hasTerminatingNullCharacter() const { return m_sharedBufferAndFlags.isFlagSet(HasTerminatingNullCharacter); }
     bool inTable() const { return m_sharedBufferAndFlags.isFlagSet(InTable); }
     void setInTable() { return m_sharedBufferAndFlags.setFlag(InTable); }
+    bool hasTerminatingNullCharacter() const { return m_refCountAndFlags & s_refCountFlagHasTerminatingNullCharacter; }
+    bool inTable() const { return m_refCountAndFlags & s_refCountFlagInTable; }
+    void setInTable() { m_refCountAndFlags |= s_refCountFlagInTable; }
     unsigned hash() { if (m_hash == 0) m_hash = computeHash(m_data, m_length); return m_hash; }
 …
     inline static unsigned computeHash(const UChar* data, unsigned length) { return WTF::stringHash(data, length); }
     inline static unsigned computeHash(const char* data) { return WTF::stringHash(data); }
+    StringImpl* ref() { m_refCountAndFlags += s_refCountIncrement; return this; }
+    ALWAYS_INLINE void deref() { m_refCountAndFlags -= s_refCountIncrement; if (!(m_refCountAndFlags & s_refCountMask)) delete this; }
+    ALWAYS_INLINE bool hasOneRef() const { return (m_refCountAndFlags & s_refCountMask) == s_refCountIncrement; }
     // Returns a StringImpl suitable for use on another thread.
     PassRefPtr<StringImpl> crossThreadString();
 …
 #endif
-    void operator delete(void*);
 private:
+    // Allocation from a custom buffer is only allowed internally to avoid
+    // mismatched allocators. Callers should use create().
+    void* operator new(size_t size);
+    void* operator new(size_t size, void* address);
+    using Noncopyable::operator new;
+    void* operator new(size_t, void* inPlace) { ASSERT(inPlace); return inPlace; }
     static PassRefPtr<StringImpl> createStrippingNullCharactersSlowCase(const UChar*, unsigned length);
 …
     // The StringImpl struct and its data may be allocated within a single heap block.
     // In this case, the m_data pointer is an "internal buffer", and does not need to be deallocated.
+    bool bufferIsInternal() { return m_data == reinterpret_cast<const UChar*>(this + 1); }
+    enum StringImplFlags {
+        HasTerminatingNullCharacter,
+        InTable,
+    };
+    BufferOwnership bufferOwnership() const { return static_cast<BufferOwnership>(m_refCountAndFlags & s_refCountMaskBufferOwnership); }
+    static const unsigned s_refCountMask = 0xFFFFFFF0;
+    static const unsigned s_refCountIncrement = 0x10;
+    static const unsigned s_refCountFlagHasTerminatingNullCharacter = 0x8;
+    static const unsigned s_refCountFlagInTable = 0x4;
+    static const unsigned s_refCountMaskBufferOwnership = 0x3;
     const UChar* m_data;
+    SharedUChar* m_sharedBuffer;
     unsigned m_length;
+    unsigned m_refCountAndFlags;
     mutable unsigned m_hash;
-    PtrAndFlags<SharedUChar, StringImplFlags> m_sharedBufferAndFlags;
-    // There is a fictitious variable-length UChar array at the end, which is used
-    // as the internal buffer by the createUninitialized and create methods.
 };

trunk/WebCore/storage/OriginUsageRecord.cpp

-                      r53575
+                      r54736
+{
     ASSERT(!m_databaseMap.contains(identifier));
     ASSERT_ARG(identifier, identifier.impl()->refCount() == 1);
     ASSERT_ARG(fullPath, fullPath.impl()->refCount() == 1);
+    ASSERT_ARG(identifier, identifier.impl()->hasOneRef());
+    ASSERT_ARG(fullPath, fullPath.impl()->hasOneRef());
     m_databaseMap.set(identifier, DatabaseEntry(fullPath));
 …
+{
     ASSERT(m_databaseMap.contains(identifier));
     ASSERT_ARG(identifier, identifier.impl()->refCount() == 1);
+    ASSERT_ARG(identifier, identifier.impl()->hasOneRef());
     m_unknownSet.add(identifier);

Note: See TracChangeset for help on using the changeset viewer.