From bd65a16f788b00f7a7c326c846158d75d4aa2614 Mon Sep 17 00:00:00 2001
From: Yusuke Suzuki <utatane.tea@gmail.com>
Date: Thu, 6 Jul 2017 02:31:35 +0000
Subject: WTF::StringImpl::copyChars segfaults when built with GCC 7

https://bugs.webkit.org/show_bug.cgi?id=173407

Reviewed by Andreas Kling.

JSTests:

* stress/string-repeat-copy-chars-crash.js: Added.
(shouldBe):

Source/WTF:

With GCC 7, StringImpl::copyChars() behaves as unexpected.
This function violates strict aliasing rule.

This optimization is originally introduced to improve performance
in SunSpider's string tests in 2008. When running it in my Linux
box, it no longer causes any observable difference. So, we just
remove this optimization.

                                baseline                  patched

string-base64                7.7544+-0.1761            7.6138+-0.2071          might be 1.0185x faster
string-fasta                10.5429+-0.2746     ?     10.7500+-0.2669        ? might be 1.0196x slower
string-tagcloud             14.8588+-0.2828           14.8039+-0.3039
string-unpack-code          36.1769+-0.4251           35.3397+-0.5398          might be 1.0237x faster
string-validate-input        8.5182+-0.2206            8.3514+-0.2179          might be 1.0200x faster

* wtf/text/StringImpl.h:
(WTF::StringImpl::copyChars):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@219182 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Change-Id: I15556f5fae6c7499a83b30486584274a339b3db1
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
 Source/WTF/wtf/text/StringImpl.h | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/Source/WTF/wtf/text/StringImpl.h b/Source/WTF/wtf/text/StringImpl.h
index a0dd3021c..0018aaff2 100644
--- a/Source/WTF/wtf/text/StringImpl.h
+++ b/Source/WTF/wtf/text/StringImpl.h
@@ -629,25 +629,7 @@ public:
             *destination = *source;
             return;
         }
-
-        if (numCharacters <= s_copyCharsInlineCutOff) {
-            unsigned i = 0;
-#if (CPU(X86) || CPU(X86_64))
-            const unsigned charsPerInt = sizeof(uint32_t) / sizeof(T);
-
-            if (numCharacters > charsPerInt) {
-                unsigned stopCount = numCharacters & ~(charsPerInt - 1);
-
-                const uint32_t* srcCharacters = reinterpret_cast<const uint32_t*>(source);
-                uint32_t* destCharacters = reinterpret_cast<uint32_t*>(destination);
-                for (unsigned j = 0; i < stopCount; i += charsPerInt, ++j)
-                    destCharacters[j] = srcCharacters[j];
-            }
-#endif
-            for (; i < numCharacters; ++i)
-                destination[i] = source[i];
-        } else
-            memcpy(destination, source, numCharacters * sizeof(T));
+        memcpy(destination, source, numCharacters * sizeof(T));
     }
 
     ALWAYS_INLINE static void copyChars(UChar* destination, const LChar* source, unsigned numCharacters)
@@ -771,9 +753,6 @@ private:
         return reinterpret_cast<const void*>(m_data16) == reinterpret_cast<const void*>(this + 1);
     }
 
-    // This number must be at least 2 to avoid sharing empty, null as well as 1 character strings from SmallStrings.
-    static const unsigned s_copyCharsInlineCutOff = 20;
-
     BufferOwnership bufferOwnership() const { return static_cast<BufferOwnership>(m_hashAndFlags & s_hashMaskBufferOwnership); }
     bool isStatic() const { return m_refCount & s_refCountFlagIsStaticString; }
     template <class UCharPredicate> PassRefPtr<StringImpl> stripMatchedCharacters(UCharPredicate);
-- 
cgit v1.2.1