Changeset 54843 in webkit

Timestamp:

Feb 16, 2010 4:01:58 PM (14 years ago)

Author:

barraclough@apple.com

Message:

​https://bugs.webkit.org/show_bug.cgi?id=34964
Leaks tool reports false memory leaks due to Rope implementation.

Reviewed by Oliver Hunt.

JavaScriptCore:

A rope is a recursive data structure where each node in the rope holds a set of
pointers, each of which may reference either a string (in UStringImpl form) or
another rope node. A low bit in each pointer is used to distinguish between
rope & string elements, in a fashion similar to the recently-removed
PtrAndFlags class (see ​https://bugs.webkit.org/show_bug.cgi?id=33731 ). Again,
this causes a problem for Leaks – refactor to remove the magic pointer
mangling.

Move Rope out from JSString.h and rename to URopeImpl, to match UStringImpl.
Give UStringImpl and URopeImpl a common parent class, UStringOrRopeImpl.
Repurpose an otherwise invalid permutation to flags (static & should report
memory cost) to identify ropes.

This allows us to change the rope's fibers to interrogate the object rather
than storing a bool within the low bits of the pointer (or in some cases the
use of a common parent class removes the need to determine the type at all -
there is a common interface to ref or get the length of either ropes or strings).

• API/JSClassRef.cpp:

(OpaqueJSClass::OpaqueJSClass):
(OpaqueJSClassContextData::OpaqueJSClassContextData):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::keyForCharacterSwitch):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

• jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncToString):

• runtime/Identifier.cpp:

(JSC::Identifier::equal):
(JSC::Identifier::addSlowCase):

• runtime/JSString.cpp:

(JSC::JSString::resolveRope):

• runtime/JSString.h:

(JSC::):
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::~JSString):
(JSC::RopeBuilder::appendStringInConstruct):
(JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
(JSC::RopeBuilder::JSStringFinalizerStruct::JSStringFinalizerStruct):
(JSC::RopeBuilder::JSStringFinalizerStruct::):

• runtime/UString.cpp:

(JSC::UString::toStrictUInt32):
(JSC::equal):

• runtime/UString.h:

(JSC::UString::isEmpty):
(JSC::UString::size):

• runtime/UStringImpl.cpp:

(JSC::URopeImpl::derefFibersNonRecursive):
(JSC::URopeImpl::destructNonRecursive):

• runtime/UStringImpl.h:

(JSC::UStringOrRopeImpl::isRope):
(JSC::UStringOrRopeImpl::length):
(JSC::UStringOrRopeImpl::ref):
(JSC::UStringOrRopeImpl::):
(JSC::UStringOrRopeImpl::operator new):
(JSC::UStringOrRopeImpl::UStringOrRopeImpl):
(JSC::UStringImpl::adopt):
(JSC::UStringImpl::createUninitialized):
(JSC::UStringImpl::tryCreateUninitialized):
(JSC::UStringImpl::data):
(JSC::UStringImpl::cost):
(JSC::UStringImpl::deref):
(JSC::UStringImpl::UStringImpl):
(JSC::UStringImpl::):
(JSC::URopeImpl::tryCreateUninitialized):
(JSC::URopeImpl::initializeFiber):
(JSC::URopeImpl::fiberCount):
(JSC::URopeImpl::fibers):
(JSC::URopeImpl::deref):
(JSC::URopeImpl::URopeImpl):
(JSC::URopeImpl::hasOneRef):
(JSC::UStringOrRopeImpl::deref):

WebCore:

Renamed cUStringImpl::size() to UStringImpl::size()UStringImpl::length()
(matches WebCore::StringImpl).

• bridge/jni/jsc/JavaStringJSC.h:

(JSC::Bindings::JavaStringImpl::length):

• platform/text/AtomicString.cpp:

(WebCore::AtomicString::add):
(WebCore::AtomicString::find):

Location:

trunk

Files:

• JavaScriptCore/API/JSClassRef.cpp (modified) (4 diffs)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)
• JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)
• JavaScriptCore/jit/JITStubs.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ArrayPrototype.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Identifier.cpp (modified) (4 diffs)
• JavaScriptCore/runtime/JSString.cpp (modified) (6 diffs)
• JavaScriptCore/runtime/JSString.h (modified) (11 diffs)
• JavaScriptCore/runtime/UString.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/UString.h (modified) (1 diff)
• JavaScriptCore/runtime/UStringImpl.cpp (modified) (1 diff)
• JavaScriptCore/runtime/UStringImpl.h (modified) (14 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bridge/jni/jsc/JavaStringJSC.h (modified) (1 diff)
• WebCore/platform/text/AtomicString.cpp (modified) (3 diffs)

trunk/JavaScriptCore/API/JSClassRef.cpp

@@ -83 +83 @@
                 // Use a local variable here to sidestep an RVCT compiler bug.
                 StaticValueEntry* entry = new StaticValueEntry(staticValue->getProperty, staticValue->setProperty, staticValue->attributes);
-                m_staticValues->add(valueName.rep()->ref(), entry);
+                UStringImpl* impl = valueName.rep();
+                impl->ref();
+                m_staticValues->add(impl, entry);
             }
             ++staticValue;
@@ -96 +98 @@
                 // Use a local variable here to sidestep an RVCT compiler bug.
                 StaticFunctionEntry* entry = new StaticFunctionEntry(staticFunction->callAsFunction, staticFunction->attributes);
-                m_staticFunctions->add(functionName.rep()->ref(), entry);
+                UStringImpl* impl = functionName.rep();
+                impl->ref();
+                m_staticFunctions->add(impl, entry);
             }
             ++staticFunction;
@@ -168 +172 @@
             // Use a local variable here to sidestep an RVCT compiler bug.
             StaticValueEntry* entry = new StaticValueEntry(it->second->getProperty, it->second->setProperty, it->second->attributes);
-            staticValues->add(UString::Rep::create(it->first->data(), it->first->size()), entry);
+            staticValues->add(UString::Rep::create(it->first->data(), it->first->length()), entry);
         }
     } else
@@ -180 +184 @@
             // Use a local variable here to sidestep an RVCT compiler bug.
             StaticFunctionEntry* entry = new StaticFunctionEntry(it->second->callAsFunction, it->second->attributes);
-            staticFunctions->add(UString::Rep::create(it->first->data(), it->first->size()), entry);
+            staticFunctions->add(UString::Rep::create(it->first->data(), it->first->length()), entry);
         }
             

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2010-02-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=34964
+        Leaks tool reports false memory leaks due to Rope implementation.
+
+        A rope is a recursive data structure where each node in the rope holds a set of
+        pointers, each of which may reference either a string (in UStringImpl form) or
+        another rope node.  A low bit in each pointer is used to distinguish between
+        rope & string elements, in a fashion similar to the recently-removed
+        PtrAndFlags class (see https://bugs.webkit.org/show_bug.cgi?id=33731 ).  Again,
+        this causes a problem for Leaks – refactor to remove the magic pointer
+        mangling.
+
+        Move Rope out from JSString.h and rename to URopeImpl, to match UStringImpl.
+        Give UStringImpl and URopeImpl a common parent class, UStringOrRopeImpl.
+        Repurpose an otherwise invalid permutation to flags (static & should report
+        memory cost) to identify ropes.
+
+        This allows us to change the rope's fibers to interrogate the object rather
+        than storing a bool within the low bits of the pointer (or in some cases the
+        use of a common parent class removes the need to determine the type at all -
+        there is a common interface to ref or get the length of either ropes or strings).
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        (OpaqueJSClassContextData::OpaqueJSClassContextData):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::keyForCharacterSwitch):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        * runtime/Identifier.cpp:
+        (JSC::Identifier::equal):
+        (JSC::Identifier::addSlowCase):
+        * runtime/JSString.cpp:
+        (JSC::JSString::resolveRope):
+        * runtime/JSString.h:
+        (JSC::):
+        (JSC::RopeBuilder::JSString):
+        (JSC::RopeBuilder::~JSString):
+        (JSC::RopeBuilder::appendStringInConstruct):
+        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
+        (JSC::RopeBuilder::JSStringFinalizerStruct::JSStringFinalizerStruct):
+        (JSC::RopeBuilder::JSStringFinalizerStruct::):
+        * runtime/UString.cpp:
+        (JSC::UString::toStrictUInt32):
+        (JSC::equal):
+        * runtime/UString.h:
+        (JSC::UString::isEmpty):
+        (JSC::UString::size):
+        * runtime/UStringImpl.cpp:
+        (JSC::URopeImpl::derefFibersNonRecursive):
+        (JSC::URopeImpl::destructNonRecursive):
+        * runtime/UStringImpl.h:
+        (JSC::UStringOrRopeImpl::isRope):
+        (JSC::UStringOrRopeImpl::length):
+        (JSC::UStringOrRopeImpl::ref):
+        (JSC::UStringOrRopeImpl::):
+        (JSC::UStringOrRopeImpl::operator new):
+        (JSC::UStringOrRopeImpl::UStringOrRopeImpl):
+        (JSC::UStringImpl::adopt):
+        (JSC::UStringImpl::createUninitialized):
+        (JSC::UStringImpl::tryCreateUninitialized):
+        (JSC::UStringImpl::data):
+        (JSC::UStringImpl::cost):
+        (JSC::UStringImpl::deref):
+        (JSC::UStringImpl::UStringImpl):
+        (JSC::UStringImpl::):
+        (JSC::URopeImpl::tryCreateUninitialized):
+        (JSC::URopeImpl::initializeFiber):
+        (JSC::URopeImpl::fiberCount):
+        (JSC::URopeImpl::fibers):
+        (JSC::URopeImpl::deref):
+        (JSC::URopeImpl::URopeImpl):
+        (JSC::URopeImpl::hasOneRef):
+        (JSC::UStringOrRopeImpl::deref):
+
 2010-02-15  Gabor Loki  <loki@webkit.org>
 

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -1941 +1941 @@
     ASSERT(node->isString());
     UString::Rep* clause = static_cast<StringNode*>(node)->value().ustring().rep();
-    ASSERT(clause->size() == 1);
+    ASSERT(clause->length() == 1);
     
     int32_t key = clause->data()[0];

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -2925 +2925 @@
         else {
             UString::Rep* value = asString(scrutinee)->value(callFrame).rep();
-            if (value->size() != 1)
+            if (value->length() != 1)
                 vPC += defaultOffset;
             else

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -3024 +3024 @@
     if (scrutinee.isString()) {
         UString::Rep* value = asString(scrutinee)->value(callFrame).rep();
-        if (value->size() == 1)
+        if (value->length() == 1)
             result = codeBlock->characterSwitchJumpTable(tableIndex).ctiForValue(value->data()[0]).executableAddress();
     }

trunk/JavaScriptCore/runtime/ArrayPrototype.cpp

@@ -202 +202 @@
             buffer.append(',');
         if (RefPtr<UString::Rep> rep = strBuffer[i])
-            buffer.append(rep->data(), rep->size());
+            buffer.append(rep->data(), rep->length());
     }
     ASSERT(buffer.size() == totalSize);

trunk/JavaScriptCore/runtime/Identifier.cpp

@@ -80 +80 @@
 bool Identifier::equal(const UString::Rep* r, const char* s)
 {
-    int length = r->size();
+    int length = r->length();
     const UChar* d = r->data();
     for (int i = 0; i != length; ++i)
@@ -90 +90 @@
 bool Identifier::equal(const UString::Rep* r, const UChar* s, unsigned length)
 {
-    if (r->size() != length)
+    if (r->length() != length)
         return false;
     const UChar* d = r->data();
@@ -210 +210 @@
 {
     ASSERT(!r->isIdentifier());
-    if (r->size() == 1) {
+    if (r->length() == 1) {
         UChar c = r->data()[0];
         if (c <= 0xFF)
@@ -221 +221 @@
             }
     }
-    if (!r->size()) {
+    if (!r->length()) {
         UString::Rep::empty().hash();
         return &UString::Rep::empty();

trunk/JavaScriptCore/runtime/JSString.cpp

@@ -31 +31 @@
 
 namespace JSC {
-
-void Rope::destructNonRecursive()
-{
-    Vector<Rope*, 32> workQueue;
-    Rope* rope = this;
-
-    while (true) {
-        unsigned length = rope->fiberCount();
-        for (unsigned i = 0; i < length; ++i) {
-            Fiber& fiber = rope->fibers(i);
-            if (fiber.isString())
-                fiber.string()->deref();
-            else {
-                Rope* nextRope = fiber.rope();
-                if (nextRope->hasOneRef())
-                    workQueue.append(nextRope);
-                else
-                    nextRope->deref();
-            }
-        }
-        if (rope != this)
-            fastFree(rope);
-
-        if (workQueue.isEmpty())
-            return;
-
-        rope = workQueue.last();
-        workQueue.removeLast();
-    }
-}
-
-Rope::~Rope()
-{
-    destructNonRecursive();
-}
 
 // Overview: this methods converts a JSString from holding a string in rope form
@@ -73 +38 @@
 // (since appending to the string is likely more common) - and as such resolving
 // in this fashion should minimize work queue size.  (If we built the queue forwards
-// we would likely have to place all of the constituent UString::Reps into the
+// we would likely have to place all of the constituent UStringImpls into the
 // Vector before performing any concatenation, but by working backwards we likely
 // only fill the queue with the number of substrings at any given level in a
@@ -87 +52 @@
     else {
         for (unsigned i = 0; i < m_fiberCount; ++i) {
-            m_fibers[i].deref();
-            m_fibers[i] = static_cast<void*>(0);
+            m_other.m_fibers[i]->deref();
+            m_other.m_fibers[i] = 0;
         }
         m_fiberCount = 0;
@@ -102 +67 @@
     Rope::Fiber currentFiber;
     for (unsigned i = 0; i < (m_fiberCount - 1); ++i)
-        workQueue.append(m_fibers[i]);
-    currentFiber = m_fibers[m_fiberCount - 1];
+        workQueue.append(m_other.m_fibers[i]);
+    currentFiber = m_other.m_fibers[m_fiberCount - 1];
     while (true) {
-        if (currentFiber.isRope()) {
-            Rope* rope = currentFiber.rope();
+        if (currentFiber->isRope()) {
+            Rope* rope = static_cast<URopeImpl*>(currentFiber);
             // Copy the contents of the current rope into the workQueue, with the last item in 'currentFiber'
             // (we will be working backwards over the rope).
@@ -114 +79 @@
             currentFiber = rope->fibers(fiberCountMinusOne);
         } else {
-            UString::Rep* string = currentFiber.string();
-            unsigned length = string->size();
+            UStringImpl* string = static_cast<UStringImpl*>(currentFiber);
+            unsigned length = string->length();
             position -= length;
             UStringImpl::copyChars(position, string->data(), length);
@@ -124 +89 @@
                 ASSERT(buffer == position);
                 for (unsigned i = 0; i < m_fiberCount; ++i) {
-                    m_fibers[i].deref();
-                    m_fibers[i] = static_cast<void*>(0);
+                    m_other.m_fibers[i]->deref();
+                    m_other.m_fibers[i] = 0;
                 }
                 m_fiberCount = 0;

trunk/JavaScriptCore/runtime/JSString.h

@@ -33 +33 @@
 namespace JSC {
 
-    // FIXME: this class is on its way out into a different header.
-    class Rope : public RefCounted<Rope> {
-    public:
-        // A Rope is composed from a set of smaller strings called Fibers.
-        // Each Fiber in a rope is either UString::Rep or another Rope.
-        class Fiber {
-        public:
-            Fiber() : m_value(0) {}
-            Fiber(UString::Rep* string) : m_value(reinterpret_cast<intptr_t>(string)) {}
-            Fiber(Rope* rope) : m_value(reinterpret_cast<intptr_t>(rope) | 1) {}
-
-            Fiber(void* nonFiber) : m_value(reinterpret_cast<intptr_t>(nonFiber)) {}
-
-            void deref()
-            {
-                if (isRope())
-                    rope()->deref();
-                else
-                    string()->deref();
-            }
-
-            Fiber& ref()
-            {
-                if (isString())
-                    string()->ref();
-                else
-                    rope()->ref();
-                return *this;
-            }
-
-            unsigned refAndGetLength()
-            {
-                if (isString()) {
-                    UString::Rep* rep = string();
-                    return rep->ref()->size();
-                } else {
-                    Rope* r = rope();
-                    r->ref();
-                    return r->length();
-                }
-            }
-
-            bool isRope() { return m_value & 1; }
-            Rope* rope() { return reinterpret_cast<Rope*>(m_value & ~1); }
-            bool isString() { return !isRope(); }
-            UString::Rep* string() { return reinterpret_cast<UString::Rep*>(m_value); }
-
-            void* nonFiber() { return reinterpret_cast<void*>(m_value); }
-        private:
-            intptr_t m_value;
-        };
-
-        // Creates a Rope comprising of 'fiberCount' Fibers.
-        // The Rope is constructed in an uninitialized state - initialize must be called for each Fiber in the Rope.
-        static PassRefPtr<Rope> tryCreateUninitialized(unsigned fiberCount)
-        {
-            void* allocation;
-            if (tryFastMalloc(sizeof(Rope) + (fiberCount - 1) * sizeof(Fiber)).getValue(allocation))
-                return adoptRef(new (allocation) Rope(fiberCount));
-            return 0;
-        }
-
-        ~Rope();
-        void destructNonRecursive();
-
-        void initializeFiber(unsigned &index, Fiber& fiber)
-        {
-            m_fibers[index++] = fiber;
-            m_length += fiber.refAndGetLength();
-        }
-        void initializeFiber(unsigned &index, UStringImpl* impl)
-        {
-            m_fibers[index++] = Fiber(impl);
-            m_length += impl->ref()->size();
-        }
-
-        unsigned fiberCount() { return m_fiberCount; }
-        unsigned length() { return m_length; }
-        Fiber& fibers(unsigned index) { return m_fibers[index]; }
-
-    private:
-        Rope(unsigned fiberCount) : m_fiberCount(fiberCount), m_length(0) {}
-        void* operator new(size_t, void* inPlace) { return inPlace; }
-        
-        unsigned m_fiberCount;
-        unsigned m_length;
-        Fiber m_fibers[1];
-    };
-
     class JSString;
 
@@ -156 +67 @@
         friend class JIT;
         friend class JSGlobalData;
+
+        typedef URopeImpl Rope;
 
         class RopeBuilder {
@@ -181 +94 @@
                 if (jsString->isRope()) {
                     for (unsigned i = 0; i < jsString->m_fiberCount; ++i)
-                        append(jsString->m_fibers[i]);
+                        append(jsString->m_other.m_fibers[i]);
                 } else
                     append(jsString->string());
@@ -216 +129 @@
         JSString(JSGlobalData* globalData, PassRefPtr<UString::Rep> value, HasOtherOwnerType)
             : JSCell(globalData->stringStructure.get())
-            , m_length(value->size())
+            , m_length(value->length())
             , m_value(value)
             , m_fiberCount(0)
@@ -226 +139 @@
             , m_fiberCount(1)
         {
-            m_fibers[0] = rope.releaseRef();
+            m_other.m_fibers[0] = rope.releaseRef();
         }
         // This constructor constructs a new string by concatenating s1 & s2.
@@ -290 +203 @@
         {
             // nasty hack because we can't union non-POD types
-            m_fibers[0] = reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(finalizer));
-            m_fibers[1] = context;
+            m_other.m_finalizerCallback = finalizer;
+            m_other.m_finalizerContext = context;
             Heap::heap(this)->reportExtraMemoryCost(value.cost());
         }
@@ -299 +212 @@
             ASSERT(vptr() == JSGlobalData::jsStringVPtr);
             for (unsigned i = 0; i < m_fiberCount; ++i)
-                m_fibers[i].deref();
-
-            if (!m_fiberCount && m_fibers[0].nonFiber()) {
-                JSStringFinalizerCallback finalizer = reinterpret_cast<JSStringFinalizerCallback>(m_fibers[0].nonFiber());
-                finalizer(this, m_fibers[1].nonFiber());
-            }
+                m_other.m_fibers[i]->deref();
+
+            if (!m_fiberCount && m_other.m_finalizerCallback)
+                m_other.m_finalizerCallback(this, m_other.m_finalizerContext);
         }
 
@@ -343 +254 @@
         void appendStringInConstruct(unsigned& index, const UString& string)
         {
-            m_fibers[index++] = Rope::Fiber(string.rep()->ref());
+            UStringImpl* impl = string.rep();
+            impl->ref();
+            m_other.m_fibers[index++] = impl;
         }
 
@@ -349 +262 @@
         {
             if (jsString->isRope()) {
-                for (unsigned i = 0; i < jsString->m_fiberCount; ++i)
-                    m_fibers[index++] = jsString->m_fibers[i].ref();
+                for (unsigned i = 0; i < jsString->m_fiberCount; ++i) {
+                    Rope::Fiber fiber = jsString->m_other.m_fibers[i];
+                    fiber->ref();
+                    m_other.m_fibers[index++] = fiber;
+                }
             } else
                 appendStringInConstruct(index, jsString->string());
@@ -365 +281 @@
             } else {
                 UString u(v.toString(exec));
-                m_fibers[index++] = Rope::Fiber(u.rep()->ref());
+                UStringImpl* impl = u.rep();
+                impl->ref();
+                m_other.m_fibers[index++] = impl;
                 m_length += u.size();
             }
@@ -392 +310 @@
         mutable UString m_value;
         mutable unsigned m_fiberCount;
-        mutable Rope::Fiber m_fibers[s_maxInternalRopeLength];
+        // This structure exists to support a temporary workaround for a GC issue.
+        struct JSStringFinalizerStruct {
+            JSStringFinalizerStruct() : m_finalizerCallback(0) {}
+            union {
+                mutable Rope::Fiber m_fibers[s_maxInternalRopeLength];
+                struct {
+                    JSStringFinalizerCallback m_finalizerCallback;
+                    void* m_finalizerContext;
+                };
+            };
+        } m_other;
 
         bool isRope() const { return m_fiberCount; }

trunk/JavaScriptCore/runtime/UString.cpp

@@ -496 +496 @@
 
     // Empty string is not OK.
-    unsigned len = m_rep->size();
+    unsigned len = m_rep->length();
     if (len == 0)
         return 0;
@@ -713 +713 @@
 bool equal(const UString::Rep* r, const UString::Rep* b)
 {
-    unsigned length = r->size();
-    if (length != b->size())
+    unsigned length = r->length();
+    if (length != b->length())
         return false;
     const UChar* d = r->data();

trunk/JavaScriptCore/runtime/UString.h

@@ -133 +133 @@
 
         bool isNull() const { return m_rep == s_nullRep; }
-        bool isEmpty() const { return !m_rep->size(); }
+        bool isEmpty() const { return !m_rep->length(); }
 
         bool is8Bit() const;
 
-        unsigned size() const { return m_rep->size(); }
+        unsigned size() const { return m_rep->length(); }
 
         UChar operator[](unsigned pos) const;

trunk/JavaScriptCore/runtime/UStringImpl.cpp

@@ -119 +119 @@
 }
 
+void URopeImpl::derefFibersNonRecursive(Vector<URopeImpl*, 32>& workQueue)
+{
+    unsigned length = fiberCount();
+    for (unsigned i = 0; i < length; ++i) {
+        Fiber& fiber = fibers(i);
+        if (fiber->isRope()) {
+            URopeImpl* nextRope = static_cast<URopeImpl*>(fiber);
+            if (nextRope->hasOneRef())
+                workQueue.append(nextRope);
+            else
+                nextRope->deref();
+        } else
+            static_cast<UStringImpl*>(fiber)->deref();
+    }
 }
+
+void URopeImpl::destructNonRecursive()
+{
+    Vector<URopeImpl*, 32> workQueue;
+
+    derefFibersNonRecursive(workQueue);
+    delete this;
+
+    while (!workQueue.isEmpty()) {
+        URopeImpl* rope = workQueue.last();
+        workQueue.removeLast();
+        rope->derefFibersNonRecursive(workQueue);
+        delete rope;
+    }
+}
+
+} // namespace JSC

trunk/JavaScriptCore/runtime/UStringImpl.h

@@ -41 +41 @@
 typedef CrossThreadRefCounted<OwnFastMallocPtr<UChar> > SharedUChar;
 
-class UStringImpl : Noncopyable {
+class UStringOrRopeImpl : public Noncopyable {
+public:
+    bool isRope() { return (m_refCountAndFlags & s_refCountIsRope) == s_refCountIsRope; }
+    unsigned length() const { return m_length; }
+
+    void ref() { m_refCountAndFlags += s_refCountIncrement; }
+    inline void deref();
+
+protected:
+    enum BufferOwnership {
+        BufferInternal,
+        BufferOwned,
+        BufferSubstring,
+        BufferShared,
+    };
+
+    using Noncopyable::operator new;
+    void* operator new(size_t, void* inPlace) { return inPlace; }
+
+    // For SmallStringStorage, which allocates an array and uses an in-place new.
+    UStringOrRopeImpl() { }
+
+    UStringOrRopeImpl(unsigned length, BufferOwnership ownership)
+        : m_refCountAndFlags(s_refCountIncrement | s_refCountFlagShouldReportedCost | ownership)
+        , m_length(length)
+    {
+        ASSERT(!isRope());
+    }
+
+    enum StaticStringConstructType { ConstructStaticString };
+    UStringOrRopeImpl(unsigned length, StaticStringConstructType)
+        : m_refCountAndFlags(s_refCountFlagStatic | BufferOwned)
+        , m_length(length)
+    {
+        ASSERT(!isRope());
+    }
+
+    enum RopeConstructType { ConstructRope };
+    UStringOrRopeImpl(RopeConstructType)
+        : m_refCountAndFlags(s_refCountIncrement | s_refCountIsRope)
+        , m_length(0)
+    {
+        ASSERT(isRope());
+    }
+
+    // The bottom 5 bits hold flags, the top 27 bits hold the ref count.
+    // When dereferencing UStringImpls we check for the ref count AND the
+    // static bit both being zero - static strings are never deleted.
+    static const unsigned s_refCountMask = 0xFFFFFFE0;
+    static const unsigned s_refCountIncrement = 0x20;
+    static const unsigned s_refCountFlagStatic = 0x10;
+    static const unsigned s_refCountFlagShouldReportedCost = 0x8;
+    static const unsigned s_refCountFlagIsIdentifier = 0x4;
+    static const unsigned s_refCountMaskBufferOwnership = 0x3;
+    // Use an otherwise invalid permutation of flags (static & shouldReportedCost -
+    // static strings do not set shouldReportedCost in the constructor, and this bit
+    // is only ever cleared, not set) to identify objects that are ropes.
+    static const unsigned s_refCountIsRope = s_refCountFlagStatic | s_refCountFlagShouldReportedCost;
+
+    unsigned m_refCountAndFlags;
+    unsigned m_length;
+};
+
+class UStringImpl : public UStringOrRopeImpl {
 public:
     template<size_t inlineCapacity>
@@ -48 +111 @@
         if (unsigned length = vector.size()) {
             ASSERT(vector.data());
-            return adoptRef(new UStringImpl(vector.releaseBuffer(), length, BufferOwned));
+            return adoptRef(new UStringImpl(vector.releaseBuffer(), length));
         }
         return &empty();
@@ -80 +143 @@
         UStringImpl* resultImpl = static_cast<UStringImpl*>(fastMalloc(sizeof(UChar) * length + sizeof(UStringImpl)));
         output = reinterpret_cast<UChar*>(resultImpl + 1);
-        return adoptRef(new(resultImpl) UStringImpl(output, length, BufferInternal));
+        return adoptRef(new(resultImpl) UStringImpl(length));
     }
 
@@ -96 +159 @@
             return 0;
         output = reinterpret_cast<UChar*>(resultImpl + 1);
-        return adoptRef(new(resultImpl) UStringImpl(output, length, BufferInternal));
+        return adoptRef(new(resultImpl) UStringImpl(length));
     }
 
     SharedUChar* sharedBuffer();
     UChar* data() const { return m_data; }
-    unsigned size() const { return m_length; }
     size_t cost()
     {
@@ -108 +170 @@
             return m_bufferSubstring->cost();
 
-        if (m_refCountAndFlags & s_refCountFlagHasReportedCost)
-            return 0;
-        m_refCountAndFlags |= s_refCountFlagHasReportedCost;
-        return m_length;
+        if (m_refCountAndFlags & s_refCountFlagShouldReportedCost) {
+            m_refCountAndFlags &= ~s_refCountFlagShouldReportedCost;
+            return m_length;
+        }
+        return 0;
     }
     unsigned hash() const { if (!m_hash) m_hash = computeHash(data(), m_length); return m_hash; }
@@ -125 +188 @@
     }
 
-    UStringImpl* ref() { m_refCountAndFlags += s_refCountIncrement; return this; }
-    ALWAYS_INLINE void deref() { m_refCountAndFlags -= s_refCountIncrement; if (!(m_refCountAndFlags & s_refCountMask)) delete this; }
+    ALWAYS_INLINE void deref() { m_refCountAndFlags -= s_refCountIncrement; if (!(m_refCountAndFlags & (s_refCountMask | s_refCountFlagStatic))) delete this; }
 
     static void copyChars(UChar* destination, const UChar* source, unsigned numCharacters)
@@ -152 +214 @@
 
 private:
-    enum BufferOwnership {
-        BufferInternal,
-        BufferOwned,
-        BufferSubstring,
-        BufferShared,
-    };
-
     // For SmallStringStorage, which allocates an array and uses an in-place new.
     UStringImpl() { }
 
-    // Used to construct normal strings with an internal or external buffer.
-    UStringImpl(UChar* data, unsigned length, BufferOwnership ownership)
-        : m_data(data)
+    // Used to construct normal strings with an internal buffer.
+    UStringImpl(unsigned length)
+        : UStringOrRopeImpl(length, BufferInternal)
+        , m_data(reinterpret_cast<UChar*>(this + 1))
         , m_buffer(0)
-        , m_length(length)
-        , m_refCountAndFlags(s_refCountIncrement | ownership)
-        , m_hash(0)
-    {
-        ASSERT((ownership == BufferInternal) || (ownership == BufferOwned));
+        , m_hash(0)
+    {
+        checkConsistency();
+    }
+
+    // Used to construct normal strings with an external buffer.
+    UStringImpl(UChar* data, unsigned length)
+        : UStringOrRopeImpl(length, BufferOwned)
+        , m_data(data)
+        , m_buffer(0)
+        , m_hash(0)
+    {
         checkConsistency();
     }
@@ -177 +240 @@
     // This means that the static string will never be destroyed, which is important because
     // static strings will be shared across threads & ref-counted in a non-threadsafe manner.
-    enum StaticStringConstructType { ConstructStaticString };
     UStringImpl(UChar* data, unsigned length, StaticStringConstructType)
-        : m_data(data)
+        : UStringOrRopeImpl(length, ConstructStaticString)
+        , m_data(data)
         , m_buffer(0)
-        , m_length(length)
-        , m_refCountAndFlags(s_refCountFlagStatic | BufferOwned)
         , m_hash(0)
     {
@@ -190 +251 @@
     // Used to create new strings that are a substring of an existing string.
     UStringImpl(UChar* data, unsigned length, PassRefPtr<UStringImpl> base)
-        : m_data(data)
+        : UStringOrRopeImpl(length, BufferSubstring)
+        , m_data(data)
         , m_bufferSubstring(base.releaseRef())
-        , m_length(length)
-        , m_refCountAndFlags(s_refCountIncrement | BufferSubstring)
         , m_hash(0)
     {
@@ -199 +259 @@
         // that all pointers will be at least 8-byte aligned, we cannot guarantee that of
         // UStringImpls that are not heap allocated.
-        ASSERT(m_bufferSubstring->size());
+        ASSERT(m_bufferSubstring->length());
         ASSERT(!m_bufferSubstring->isStatic());
         checkConsistency();
@@ -206 +266 @@
     // Used to construct new strings sharing an existing shared buffer.
     UStringImpl(UChar* data, unsigned length, PassRefPtr<SharedUChar> sharedBuffer)
-        : m_data(data)
+        : UStringOrRopeImpl(length, BufferShared)
+        , m_data(data)
         , m_bufferShared(sharedBuffer.releaseRef())
-        , m_length(length)
-        , m_refCountAndFlags(s_refCountIncrement | BufferShared)
-        , m_hash(0)
-    {
-        checkConsistency();
-    }
-
-    using Noncopyable::operator new;
-    void* operator new(size_t, void* inPlace) { return inPlace; }
+        , m_hash(0)
+    {
+        checkConsistency();
+    }
 
     ~UStringImpl();
@@ -223 +279 @@
     static const unsigned s_minLengthToShare = 10;
     static const unsigned s_copyCharsInlineCutOff = 20;
-    // We initialize and increment/decrement the refCount for all normal (non-static) strings by the value 2.
-    // We initialize static strings with an odd number (specifically, 1), such that the refCount cannot reach zero.
-    static const unsigned s_refCountMask = 0xFFFFFFF0;
-    static const unsigned s_refCountIncrement = 0x20;
-    static const unsigned s_refCountFlagStatic = 0x10;
-    static const unsigned s_refCountFlagHasReportedCost = 0x8;
-    static const unsigned s_refCountFlagIsIdentifier = 0x4;
-    static const unsigned s_refCountMaskBufferOwnership = 0x3;
 
     UStringImpl* bufferOwnerString() { return (bufferOwnership() == BufferSubstring) ? m_bufferSubstring :  this; }
@@ -245 +293 @@
         SharedUChar* m_bufferShared;
     };
-    unsigned m_length;
-    unsigned m_refCountAndFlags;
     mutable unsigned m_hash;
 
@@ -253 +299 @@
     friend class JIT;
     friend class SmallStringsStorage;
+    friend class UStringOrRopeImpl;
     friend void initializeUString();
 };
 
+class URopeImpl : public UStringOrRopeImpl {
+public:
+    // A URopeImpl is composed from a set of smaller strings called Fibers.
+    // Each Fiber in a rope is either UStringImpl or another URopeImpl.
+    typedef UStringOrRopeImpl* Fiber;
+
+    // Creates a URopeImpl comprising of 'fiberCount' Fibers.
+    // The URopeImpl is constructed in an uninitialized state - initialize must be called for each Fiber in the URopeImpl.
+    static PassRefPtr<URopeImpl> tryCreateUninitialized(unsigned fiberCount)
+    {
+        void* allocation;
+        if (tryFastMalloc(sizeof(URopeImpl) + (fiberCount - 1) * sizeof(Fiber)).getValue(allocation))
+            return adoptRef(new (allocation) URopeImpl(fiberCount));
+        return 0;
+    }
+
+    void initializeFiber(unsigned &index, Fiber fiber)
+    {
+        m_fibers[index++] = fiber;
+        fiber->ref();
+        m_length += fiber->length();
+    }
+
+    unsigned fiberCount() { return m_fiberCount; }
+    Fiber& fibers(unsigned index) { return m_fibers[index]; }
+
+    ALWAYS_INLINE void deref() { m_refCountAndFlags -= s_refCountIncrement; if (!(m_refCountAndFlags & s_refCountMask)) destructNonRecursive(); }
+
+private:
+    URopeImpl(unsigned fiberCount) : UStringOrRopeImpl(ConstructRope), m_fiberCount(fiberCount) {}
+
+    void destructNonRecursive();
+    void derefFibersNonRecursive(Vector<URopeImpl*, 32>& workQueue);
+
+    bool hasOneRef() { return (m_refCountAndFlags & s_refCountMask) == s_refCountIncrement; }
+
+    unsigned m_fiberCount;
+    Fiber m_fibers[1];
+};
+
+inline void UStringOrRopeImpl::deref()
+{
+    m_refCountAndFlags -= s_refCountIncrement;
+    if (!(m_refCountAndFlags & s_refCountMask)) {
+        if (isRope())
+            delete static_cast<URopeImpl*>(this);
+        else if (!s_refCountFlagStatic)
+            delete static_cast<UStringImpl*>(this);
+    }
+}
+
 bool equal(const UStringImpl*, const UStringImpl*);
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-02-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=34964
+        Leaks tool reports false memory leaks due to Rope implementation.
+
+        Renamed cUStringImpl::size() to UStringImpl::size()UStringImpl::length()
+        (matches WebCore::StringImpl).
+
+        * bridge/jni/jsc/JavaStringJSC.h:
+        (JSC::Bindings::JavaStringImpl::length):
+        * platform/text/AtomicString.cpp:
+        (WebCore::AtomicString::add):
+        (WebCore::AtomicString::find):
+
 2010-02-15  Jon Honeycutt  <jhoneycutt@apple.com>
 

trunk/WebCore/bridge/jni/jsc/JavaStringJSC.h

@@ -70 +70 @@
     }
     const jchar* uchars() const { return (const jchar*)m_rep->data(); }
-    int length() const { return m_rep->size(); }
+    int length() const { return m_rep->length(); }
     UString uString() const { return UString(m_rep); }
 

trunk/WebCore/platform/text/AtomicString.cpp

@@ -249 +249 @@
 
     UString::Rep* string = identifier.ustring().rep();
-    unsigned length = string->size();
+    unsigned length = string->length();
     if (!length)
         return StringImpl::empty();
@@ -266 +266 @@
 
     UString::Rep* string = ustring.rep();
-    unsigned length = string->size();
+    unsigned length = string->length();
     if (!length)
         return StringImpl::empty();
@@ -283 +283 @@
 
     UString::Rep* string = identifier.ustring().rep();
-    unsigned length = string->size();
+    unsigned length = string->length();
     if (!length)
         return static_cast<AtomicStringImpl*>(StringImpl::empty());