[webkit-changes] [241700] releases/WebKitGTK/webkit-2.24

Mon, 18 Feb 2019 08:16:28 -0800

Title: [241700] releases/WebKitGTK/webkit-2.24
Revision
241700
Author
carlo...@webkit.org
Date
2019-02-18 08:15:49 -0800 (Mon, 18 Feb 2019)

Log Message

Merge r241615 - SamplingProfiler::stackTracesAsJSON() should escape strings.
https://bugs.webkit.org/show_bug.cgi?id=194649
<rdar://problem/48072386>

Reviewed by Saam Barati.

JSTests:

* stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added.
* stress/type-profiler-with-double-quote-in-constructor-name.js: Added.
* stress/type-profiler-with-double-quote-in-field-name.js: Added.
* stress/type-profiler-with-double-quote-in-optional-field-name.js: Added.

Source/_javascript_Core:

Ditto for TypeSet::toJSONString() and TypeSet::toJSONString().

* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::stackTracesAsJSON):
* runtime/TypeSet.cpp:
(JSC::TypeSet::toJSONString const):
(JSC::StructureShape::toJSONString const):

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog (241699 => 241700)


--- releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-02-18 16:15:41 UTC (rev 241699)
+++ releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog	2019-02-18 16:15:49 UTC (rev 241700)
@@ -1,3 +1,16 @@
+2019-02-15  Mark Lam  <mark....@apple.com>
+
+        SamplingProfiler::stackTracesAsJSON() should escape strings.
+        https://bugs.webkit.org/show_bug.cgi?id=194649
+        <rdar://problem/48072386>
+
+        Reviewed by Saam Barati.
+
+        * stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js: Added.
+        * stress/type-profiler-with-double-quote-in-constructor-name.js: Added.
+        * stress/type-profiler-with-double-quote-in-field-name.js: Added.
+        * stress/type-profiler-with-double-quote-in-optional-field-name.js: Added.
+
 2019-02-15  Robin Morisset  <rmoris...@apple.com>
         CodeBlock::jettison should clear related watchpoints
         https://bugs.webkit.org/show_bug.cgi?id=194544

Added: releases/WebKitGTK/webkit-2.24/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js (0 => 241700)


--- releases/WebKitGTK/webkit-2.24/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/stress/sampling-profiler-stack-trace-with-double-quote-in-function-name.js	2019-02-18 16:15:49 UTC (rev 241700)
@@ -0,0 +1,20 @@
+//@ runDefault("--useConcurrentJIT=false")
+
+function foo() {
+    let obj = {};                                                                
+    for (let i = 0; i < 10; ++i)                                      
+          obj[i + 'p'] = i;                                              
+}
+noInline(foo);
+
+function test() {
+    for (let i = 0; i < 1000; ++i) {
+        foo();
+        let stacktraces = samplingProfilerStackTraces();
+        for (let stackTrace of stacktraces) { }
+    }
+}
+
+startSamplingProfiler();
+foo.displayName = '"';
+test();

Added: releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js (0 => 241700)


--- releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-constructor-name.js	2019-02-18 16:15:49 UTC (rev 241700)
@@ -0,0 +1,17 @@
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper(x) {
+    class Base {
+        constructor() { }
+    };
+
+    var baseInstance = new Base;
+    Base.displayName = '"';
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "baseInstance = new Base");
+JSON.stringify(types)
+

Added: releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-field-name.js (0 => 241700)


--- releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-field-name.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-field-name.js	2019-02-18 16:15:49 UTC (rev 241700)
@@ -0,0 +1,17 @@
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper(x) {
+    class Base {
+        constructor() {
+            this['"'] = true;
+        }
+    };
+
+    var baseInstance = new Base;
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "baseInstance = new Base");
+JSON.stringify(types)

Added: releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-optional-field-name.js (0 => 241700)


--- releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-optional-field-name.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/stress/type-profiler-with-double-quote-in-optional-field-name.js	2019-02-18 16:15:49 UTC (rev 241700)
@@ -0,0 +1,23 @@
+//@ runDefault("--useTypeProfiler=true")
+
+var findTypeForExpression = $vm.findTypeForExpression;
+
+function wrapper() {
+    var x;
+    var Proto = function() {};
+    var oldProto;
+    for (var i = 0; i < 100; i++) {
+        // Make sure we get a new prototype chain on each assignment to x because objects with shared prototype chains will be merged.
+        x = new Proto;
+        x['"' + i + '"'] = 20;
+        x = x
+        oldProto = Proto;
+        Proto = function() {};
+        Proto.prototype.__proto__ = oldProto.prototype;
+    }
+    x = {};
+}
+wrapper();
+
+var types = findTypeForExpression(wrapper, "x;"); 
+JSON.stringify(types);

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (241699 => 241700)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-02-18 16:15:41 UTC (rev 241699)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog	2019-02-18 16:15:49 UTC (rev 241700)
@@ -1,3 +1,19 @@
+2019-02-15  Mark Lam  <mark....@apple.com>
+
+        SamplingProfiler::stackTracesAsJSON() should escape strings.
+        https://bugs.webkit.org/show_bug.cgi?id=194649
+        <rdar://problem/48072386>
+
+        Reviewed by Saam Barati.
+
+        Ditto for TypeSet::toJSONString() and TypeSet::toJSONString().
+
+        * runtime/SamplingProfiler.cpp:
+        (JSC::SamplingProfiler::stackTracesAsJSON):
+        * runtime/TypeSet.cpp:
+        (JSC::TypeSet::toJSONString const):
+        (JSC::StructureShape::toJSONString const):
+
 2019-02-15  Robin Morisset  <rmoris...@apple.com>
 
         CodeBlock::jettison should clear related watchpoints

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/SamplingProfiler.cpp (241699 => 241700)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/SamplingProfiler.cpp	2019-02-18 16:15:41 UTC (rev 241699)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/SamplingProfiler.cpp	2019-02-18 16:15:49 UTC (rev 241700)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -904,9 +904,7 @@
         loopedOnce = false;
         for (StackFrame& stackFrame : stackTrace.frames) {
             comma();
-            json.append('"');
-            json.append(stackFrame.displayNameForJSONTests(m_vm));
-            json.append('"');
+            json.appendQuotedJSONString(stackFrame.displayNameForJSONTests(m_vm));
             loopedOnce = true;
         }
         json.append(']');

Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypeSet.cpp (241699 => 241700)


--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypeSet.cpp	2019-02-18 16:15:41 UTC (rev 241699)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/runtime/TypeSet.cpp	2019-02-18 16:15:49 UTC (rev 241700)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014, 2015 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -253,9 +253,7 @@
     json.append('{');
 
     json.appendLiteral("\"displayTypeName\":");
-    json.append('"');
-    json.append(displayName());
-    json.append('"');
+    json.appendQuotedJSONString(displayName());
     json.append(',');
 
     json.appendLiteral("\"primitiveTypeNames\":");
@@ -442,9 +440,7 @@
     json.append('{');
 
     json.appendLiteral("\"constructorName\":");
-    json.append('"');
-    json.append(m_constructorName);
-    json.append('"');
+    json.appendQuotedJSONString(m_constructorName);
     json.append(',');
 
     json.appendLiteral("\"isInDictionaryMode\":");
@@ -463,9 +459,7 @@
         hasAnItem = true;
 
         String fieldName((*it).get());
-        json.append('"');
-        json.append(fieldName);
-        json.append('"');
+        json.appendQuotedJSONString(fieldName);
     }
     json.append(']');
     json.append(',');
@@ -479,9 +473,7 @@
         hasAnItem = true;
 
         String fieldName((*it).get());
-        json.append('"');
-        json.append(fieldName);
-        json.append('"');
+        json.appendQuotedJSONString(fieldName);
     }
     json.append(']');
     json.append(',');

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to