Commit 99063fe0 authored by erik.corry@gmail.com's avatar erik.corry@gmail.com

Fix GC related crash bug in search-replace.

Review URL: http://codereview.chromium.org/42214

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 3aa57f7f
...@@ -1146,10 +1146,10 @@ class ReplacementStringBuilder { ...@@ -1146,10 +1146,10 @@ class ReplacementStringBuilder {
StringBuilderSubstringPosition::is_valid(from)) { StringBuilderSubstringPosition::is_valid(from)) {
int encoded_slice = StringBuilderSubstringLength::encode(length) | int encoded_slice = StringBuilderSubstringLength::encode(length) |
StringBuilderSubstringPosition::encode(from); StringBuilderSubstringPosition::encode(from);
AddElement(Smi::FromInt(encoded_slice)); AddElement(Handle<Object>(Smi::FromInt(encoded_slice)));
} else { } else {
Handle<String> slice = Factory::NewStringSlice(subject_, from, to); Handle<String> slice = Factory::NewStringSlice(subject_, from, to);
AddElement(*slice); AddElement(slice);
} }
IncrementCharacterCount(length); IncrementCharacterCount(length);
} }
...@@ -1160,7 +1160,7 @@ class ReplacementStringBuilder { ...@@ -1160,7 +1160,7 @@ class ReplacementStringBuilder {
StringShape shape(*string); StringShape shape(*string);
int length = string->length(shape); int length = string->length(shape);
if (length > 0) { if (length > 0) {
AddElement(*string); AddElement(string);
if (!shape.IsAsciiRepresentation()) { if (!shape.IsAsciiRepresentation()) {
is_ascii_ = false; is_ascii_ = false;
} }
...@@ -1220,7 +1220,7 @@ class ReplacementStringBuilder { ...@@ -1220,7 +1220,7 @@ class ReplacementStringBuilder {
} }
void AddElement(Object* element) { void AddElement(Handle<Object> element) {
ASSERT(element->IsSmi() || element->IsString()); ASSERT(element->IsSmi() || element->IsString());
// Extend parts_ array if necessary. // Extend parts_ array if necessary.
if (parts_->length() == part_count_) { if (parts_->length() == part_count_) {
...@@ -1229,7 +1229,7 @@ class ReplacementStringBuilder { ...@@ -1229,7 +1229,7 @@ class ReplacementStringBuilder {
parts_->CopyTo(0, *extended_array, 0, part_count_); parts_->CopyTo(0, *extended_array, 0, part_count_);
parts_ = extended_array; parts_ = extended_array;
} }
parts_->set(part_count_, element); parts_->set(part_count_, *element);
part_count_++; part_count_++;
} }
...@@ -1551,12 +1551,16 @@ static Object* StringReplaceRegExpWithString(String* subject, ...@@ -1551,12 +1551,16 @@ static Object* StringReplaceRegExpWithString(String* subject,
do { do {
ASSERT(last_match_info_handle->HasFastElements()); ASSERT(last_match_info_handle->HasFastElements());
int start, end;
{
AssertNoAllocation match_info_array_is_not_in_a_handle;
FixedArray* match_info_array = last_match_info_handle->elements(); FixedArray* match_info_array = last_match_info_handle->elements();
ASSERT_EQ(capture_count * 2 + 2, ASSERT_EQ(capture_count * 2 + 2,
RegExpImpl::GetLastCaptureCount(match_info_array)); RegExpImpl::GetLastCaptureCount(match_info_array));
int start = RegExpImpl::GetCapture(match_info_array, 0); start = RegExpImpl::GetCapture(match_info_array, 0);
int end = RegExpImpl::GetCapture(match_info_array, 1); end = RegExpImpl::GetCapture(match_info_array, 1);
}
if (prev < start) { if (prev < start) {
builder.AddSubjectSlice(prev, start); builder.AddSubjectSlice(prev, start);
......
// Flags: --always-compact
//
// Regression test for the r1512 fix.
var foo = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo = foo + foo;
foo.replace(/[b]/, "c"); // Flatten foo;
var moving_string = "b" + "c";
var bar = foo.replace(/[a]/g, moving_string);
print(bar.length);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment