RESOLVED FIXED 98693
After r130344, OpaqueJSString::identifier() adds wrapped String to identifier table 
https://bugs.webkit.org/show_bug.cgi?id=98693
Summary After r130344, OpaqueJSString::identifier() adds wrapped String to identifier...
Michael Saboff
Reported 2012-10-08 15:03:46 PDT
The update in r130344 to OpaqueJSString::identifier() creates an Identifier using m_string which will add m_string to the identifier table of the passed in JSGlobalData. This unintended side effect is incompatible with OpaqueJSString being a thread safe string abstraction. The fix is to create a new string for the Identifier by using one of the character pointer / length based constructors.
Attachments
Patch (1.50 KB, patch)
2012-10-08 15:07 PDT, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Added Radar reference to ChangeLog (1.60 KB, patch)
2012-10-08 17:09 PDT, Michael Saboff 		mrowe: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2012-10-08 15:07:44 PDT
Created attachment 167626 [details] Patch
Mark Rowe (bdash)
Comment 2 2012-10-08 16:53:17 PDT
The ChangeLog and this Bugzilla should really contain references to the Radar that motivated this change.
Michael Saboff
Comment 3 2012-10-08 17:05:30 PDT
In Radar as <rdar://problem/12450118> (and <rdar://problem/12449570> which has been made a duplicate). Tested this fix against <rdar://problem/12449570> and it fixes the problem.
Michael Saboff
Comment 4 2012-10-08 17:09:45 PDT
Created attachment 167651 [details] Added Radar reference to ChangeLog
Michael Saboff
Comment 5 2012-10-09 07:46:48 PDT
Committed r130761: <http://trac.webkit.org/changeset/130761>
Darin Adler
Comment 6 2012-10-09 09:58:43 PDT
Comment on attachment 167651 [details] Added Radar reference to ChangeLog View in context: https://bugs.webkit.org/attachment.cgi?id=167651&action=review > Source/JavaScriptCore/ChangeLog:11 > + Use Identifier(LChar*, length) or Identifier(UChar*, length) constructors so that we don't > + add the String instance in the OpaqueJSString to any identifier tables. This doesn’t seem right architecturally. What prevents callers from doing this by calling string() and then turning it into an Identifier later?
Michael Saboff
Comment 7 2012-10-09 11:30:11 PDT
(In reply to comment #6) > (From update of attachment 167651 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=167651&action=review > > > Source/JavaScriptCore/ChangeLog:11 > > + Use Identifier(LChar*, length) or Identifier(UChar*, length) constructors so that we don't > > + add the String instance in the OpaqueJSString to any identifier tables. > > This doesn’t seem right architecturally. What prevents callers from doing this by calling string() and then turning it into an Identifier later? Created https://bugs.webkit.org/show_bug.cgi?id=98801 "After r130344, OpaqueJSString::string() shouldn't directly return the wrapped String" to track this. Probably the best way to handle this is to create a copy of the wrapped String and return it. This will make the code prior to 130344 except we now use a String instead of a UChar[] to store the text.
Note You need to log in before you can comment on or make changes to this bug.