Fix slow path of JSON.stringifier when GC strikes.

FlatContent is not GC-safe. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/13782002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix slow path of JSON.stringifier when GC strikes.
FlatContent is not GC-safe. R=verwaest@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/13782002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
fe6fc554 · yangguo@chromium.org · c569d31f · fe6fc554 · fe6fc554
Commit fe6fc554 authored Apr 09, 2013 by yangguo@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 8 deletions

json-stringifier.h src/json-stringifier.h +19 -8

regress-json-stringify-gc.js test/mjsunit/regress/regress-json-stringify-gc.js +10 -0

No files found.
--- a/src/json-stringifier.h
+++ b/src/json-stringifier.h
@@ -295,19 +295,30 @@ MaybeObject* BasicJsonStringifier::StringifyString(Isolate* isolate,
    return stringifier.Stringify(object);
  }

-  FlattenString(object);
-  String::FlatContent flat = object->GetFlatContent();
-  if (flat.IsAscii()) {
+  object = FlattenGetString(object);
+  ASSERT(object->IsFlat());
+  if (object->IsOneByteRepresentation()) {
+    Handle<String> result =
+        isolate->factory()->NewRawOneByteString(worst_case_length);
+    AssertNoAllocation no_alloc;
+    const uint8_t* start = object->IsSeqOneByteString()
+        ? SeqOneByteString::cast(*object)->GetChars()
+        : ExternalAsciiString::cast(*object)->GetChars();
    return StringifyString_<SeqOneByteString>(
        isolate,
-        flat.ToOneByteVector(),
-        isolate->factory()->NewRawOneByteString(worst_case_length));
+        Vector<const uint8_t>(start, object->length()),
+        result);
  } else {
-    ASSERT(flat.IsTwoByte());
+    Handle<String> result =
+        isolate->factory()->NewRawTwoByteString(worst_case_length);
+    AssertNoAllocation no_alloc;
+    const uc16* start = object->IsSeqTwoByteString()
+        ? SeqTwoByteString::cast(*object)->GetChars()
+        : ExternalTwoByteString::cast(*object)->GetChars();
    return StringifyString_<SeqTwoByteString>(
        isolate,
-        flat.ToUC16Vector(),
-        isolate->factory()->NewRawTwoByteString(worst_case_length));
+        Vector<const uc16>(start, object->length()),
+        result);
  }
 }


--- a/test/mjsunit/regress/regress-json-stringify-gc.js
+++ b/test/mjsunit/regress/regress-json-stringify-gc.js
@@ -39,3 +39,13 @@ json1 = JSON.stringify(a);
 json2 = JSON.stringify(a);
 assertTrue(json1 == json2, "GC caused JSON.stringify to fail.");

+// Check that the slow path of JSON.stringify works correctly wrt GC.
+for (var i = 0; i < 100000; i++) {
+  var s = i.toString();
+  assertEquals('"' + s + '"', JSON.stringify(s, null, 0));
+}
+
+for (var i = 0; i < 100000; i++) {
+  var s = i.toString() + "\u2603";
+  assertEquals('"' + s + '"', JSON.stringify(s, null, 0));
+}