RESOLVED FIXED 164701
Some of JSStringView::SafeView methods are not idiomatically safe for JSString to StringView conversions. 
https://bugs.webkit.org/show_bug.cgi?id=164701
Summary Some of JSStringView::SafeView methods are not idiomatically safe for JSStrin...
Mark Lam
Reported 2016-11-13 08:26:53 PST
Specifically, characters8(), characters16(), and operator[] converts the JSString to a StringView via get(), and then uses the StringView without first checking if an exception was thrown during the conversion. Instead, we should remove these 3 convenience methods, and make the caller explicitly call get() and do the appropriate exception checks before using the StringView.
Attachments
proposed patch. (14.11 KB, patch)
2016-11-13 09:12 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
updated patch. (14.10 KB, patch)
2016-11-13 15:42 PST, Mark Lam 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-11-13 08:30:56 PST
<rdar://problem/27462104>
Mark Lam
Comment 2 2016-11-13 09:12:46 PST
Created attachment 294663 [details] proposed patch. Still need to run JSC tests locally.
Darin Adler
Comment 3 2016-11-13 11:28:27 PST
Comment on attachment 294663 [details] proposed patch. StringView& seems like a strange type. Why pass in a reference to a StringView instead of passing in a StringView?
Mark Lam
Comment 4 2016-11-13 15:27:39 PST
JSC tests pass. I will upload a new patch that passes StringView (instead of StringView&) in JSGlobalObjectFunction.cpp.
Mark Lam
Comment 5 2016-11-13 15:42:14 PST
Created attachment 294680 [details] updated patch.
Darin Adler
Comment 6 2016-11-13 17:14:35 PST
Comment on attachment 294680 [details] updated patch. I don’t think the SafeView class works at all now, since get() can raise an exception; hiding the ExecState inside the SafeView object just makes things even more confusing. It’s not at all obvious that a function named get() with no arguments can set an exception. We should change call sites to use unsafeView() directly and remove the view() function and SafeView entirely.
Darin Adler
Comment 7 2016-11-13 17:15:29 PST
(In reply to comment #6) > I don’t think the SafeView class works at all now, since get() can raise an > exception; hiding the ExecState inside the SafeView object just makes things > even more confusing. It’s not at all obvious that a function named get() > with no arguments can set an exception. We should change call sites to use > unsafeView() directly and remove the view() function and SafeView entirely. I suppose SafeView does do one thing; keeps the JSString on the stack even when it’s not being used any more.
Mark Lam
Comment 8 2016-11-14 11:18:15 PST
(In reply to comment #7) > (In reply to comment #6) > > I don’t think the SafeView class works at all now, since get() can raise an > > exception; hiding the ExecState inside the SafeView object just makes things > > even more confusing. It’s not at all obvious that a function named get() > > with no arguments can set an exception. We should change call sites to use > > unsafeView() directly and remove the view() function and SafeView entirely. > > I suppose SafeView does do one thing; keeps the JSString on the stack even > when it’s not being used any more. I'll land this patch for now to fix the bug, and look into removing the use of SafeView in a subsequent patch.
Mark Lam
Comment 9 2016-11-14 11:46:21 PST
Thanks for the review. Landed in r208699: <http://trac.webkit.org/r208699>.
Mark Lam
Comment 10 2016-11-15 09:39:40 PST
(In reply to comment #8) > I'll land this patch for now to fix the bug, and look into removing the use > of SafeView in a subsequent patch. Will replace the use of SafeView in https://bugs.webkit.org/show_bug.cgi?id=164777.
Note You need to log in before you can comment on or make changes to this bug.