Improve the v8::Object uniqueness check in V8ValueConverterImpl

content/renderer/v8_value_converter_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/v8_value_converter_impl.h"
 
 #include <string>
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 36 matching lines @@
   v8::Context::Scope context_scope(context);
   v8::HandleScope handle_scope;
   return handle_scope.Close(ToV8ValueImpl(value));
 }
 
 Value* V8ValueConverterImpl::FromV8Value(
     v8::Handle<v8::Value> val,
     v8::Handle<v8::Context> context) const {
   v8::Context::Scope context_scope(context);
   v8::HandleScope handle_scope;
-  std::set<int> unique_set;
-  return FromV8ValueImpl(val, &unique_set);
+  HashToHandleMap unique_map;
+  return FromV8ValueImpl(val, &unique_map);
 }
 
 v8::Handle<v8::Value> V8ValueConverterImpl::ToV8ValueImpl(
      const base::Value* value) const {
   CHECK(value);
   switch (value->GetType()) {
     case base::Value::TYPE_NULL:
       return v8::Null();
 
     case base::Value::TYPE_BOOLEAN: {
@@ skipping 78 matching lines @@
 
 v8::Handle<v8::Value> V8ValueConverterImpl::ToArrayBuffer(
     const base::BinaryValue* value) const {
   WebKit::WebArrayBuffer buffer =
       WebKit::WebArrayBuffer::create(value->GetSize(), 1);
   memcpy(buffer.data(), value->GetBuffer(), value->GetSize());
   return buffer.toV8Value();
 }
 
 Value* V8ValueConverterImpl::FromV8ValueImpl(v8::Handle<v8::Value> val,
-    std::set<int>* unique_set) const {
+    HashToHandleMap* unique_map) const {
   CHECK(!val.IsEmpty());
 
   if (val->IsNull())
     return base::Value::CreateNullValue();
 
   if (val->IsBoolean())
     return new base::FundamentalValue(val->ToBoolean()->Value());
 
   if (val->IsInt32())
     return new base::FundamentalValue(val->ToInt32()->Value());
 
   if (val->IsNumber())
     return new base::FundamentalValue(val->ToNumber()->Value());
 
   if (val->IsString()) {
     v8::String::Utf8Value utf8(val->ToString());
     return new base::StringValue(std::string(*utf8, utf8.length()));
   }
 
   if (val->IsUndefined())
     // JSON.stringify ignores undefined.
     return NULL;
 
   if (val->IsDate()) {
     if (!date_allowed_)
       // JSON.stringify would convert this to a string, but an object is more
       // consistent within this class.
-      return FromV8Object(val->ToObject(), unique_set);
+      return FromV8Object(val->ToObject(), unique_map);
     v8::Date* date = v8::Date::Cast(*val);
     return new base::FundamentalValue(date->NumberValue() / 1000.0);
   }
 
   if (val->IsRegExp()) {
     if (!reg_exp_allowed_)
       // JSON.stringify converts to an object.
-      return FromV8Object(val->ToObject(), unique_set);
+      return FromV8Object(val->ToObject(), unique_map);
     return new base::StringValue(*v8::String::Utf8Value(val->ToString()));
   }
 
   // v8::Value doesn't have a ToArray() method for some reason.
   if (val->IsArray())
-    return FromV8Array(val.As<v8::Array>(), unique_set);
+    return FromV8Array(val.As<v8::Array>(), unique_map);
 
   if (val->IsFunction()) {
     if (!function_allowed_)
       // JSON.stringify refuses to convert function(){}.
       return NULL;
-    return FromV8Object(val->ToObject(), unique_set);
+    return FromV8Object(val->ToObject(), unique_map);
   }
 
   if (val->IsObject()) {
     base::BinaryValue* binary_value = FromV8Buffer(val);
     if (binary_value) {
       return binary_value;
     } else {
-      return FromV8Object(val->ToObject(), unique_set);
+      return FromV8Object(val->ToObject(), unique_map);
     }
   }
 
   LOG(ERROR) << "Unexpected v8 value type encountered.";
   return NULL;
 }
 
 Value* V8ValueConverterImpl::FromV8Array(v8::Handle<v8::Array> val,
-    std::set<int>* unique_set) const {
-  if (unique_set && unique_set->count(val->GetIdentityHash()))
+    HashToHandleMap* unique_map) const {
+  if (!UpdateAndCheckUniqueness(unique_map, v8::Handle<v8::Array>::Cast(val)))

[eaugusti, 2013/03/14 17:21:09]

Why the cast? Is it necessary?

[vabr (Chromium), 2013/03/14 17:59:37]

It was not! Thanks. :)

     return base::Value::CreateNullValue();
 
   scoped_ptr<v8::Context::Scope> scope;
   // If val was created in a different context than our current one, change to
   // that context, but change back after val is converted.
   if (!val->CreationContext().IsEmpty() &&
       val->CreationContext() != v8::Context::GetCurrent())
     scope.reset(new v8::Context::Scope(val->CreationContext()));
 
   base::ListValue* result = new base::ListValue();
 
-  if (unique_set)
-    unique_set->insert(val->GetIdentityHash());
   // Only fields with integer keys are carried over to the ListValue.
   for (uint32 i = 0; i < val->Length(); ++i) {
     v8::TryCatch try_catch;
     v8::Handle<v8::Value> child_v8 = val->Get(i);
     if (try_catch.HasCaught()) {
       LOG(ERROR) << "Getter for index " << i << " threw an exception.";
       child_v8 = v8::Null();
     }
 
     if (!val->HasRealIndexedProperty(i))
       continue;
 
-    base::Value* child = FromV8ValueImpl(child_v8, unique_set);
+    base::Value* child = FromV8ValueImpl(child_v8, unique_map);
     if (child)
       result->Append(child);
     else
       // JSON.stringify puts null in places where values don't serialize, for
       // example undefined and functions. Emulate that behavior.
       result->Append(base::Value::CreateNullValue());
   }
   return result;
 }
 
@@ skipping 17 matching lines @@
   }
 
   if (data)
     return base::BinaryValue::CreateWithCopiedBuffer(data, length);
   else
     return NULL;
 }
 
 Value* V8ValueConverterImpl::FromV8Object(
     v8::Handle<v8::Object> val,
-    std::set<int>* unique_set) const {
-  if (unique_set && unique_set->count(val->GetIdentityHash()))
+    HashToHandleMap* unique_map) const {
+  if (!UpdateAndCheckUniqueness(unique_map, val))
     return base::Value::CreateNullValue();
   scoped_ptr<v8::Context::Scope> scope;
   // If val was created in a different context than our current one, change to
   // that context, but change back after val is converted.
   if (!val->CreationContext().IsEmpty() &&
       val->CreationContext() != v8::Context::GetCurrent())
     scope.reset(new v8::Context::Scope(val->CreationContext()));
 
   scoped_ptr<base::DictionaryValue> result(new base::DictionaryValue());
   v8::Handle<v8::Array> property_names(val->GetOwnPropertyNames());
 
-  if (unique_set)
-    unique_set->insert(val->GetIdentityHash());
-
   for (uint32 i = 0; i < property_names->Length(); ++i) {
     v8::Handle<v8::Value> key(property_names->Get(i));
 
     // Extend this test to cover more types as necessary and if sensible.
     if (!key->IsString() &&
         !key->IsNumber()) {
       NOTREACHED() << "Key \"" << *v8::String::AsciiValue(key) << "\" "
                       "is neither a string nor a number";
       continue;
     }
 
     // Skip all callbacks: crbug.com/139933
     if (val->HasRealNamedCallbackProperty(key->ToString()))
       continue;
 
     v8::String::Utf8Value name_utf8(key->ToString());
 
     v8::TryCatch try_catch;
     v8::Handle<v8::Value> child_v8 = val->Get(key);
 
     if (try_catch.HasCaught()) {
       LOG(ERROR) << "Getter for property " << *name_utf8
                  << " threw an exception.";
       child_v8 = v8::Null();
     }
 
-    scoped_ptr<base::Value> child(FromV8ValueImpl(child_v8, unique_set));
+    scoped_ptr<base::Value> child(FromV8ValueImpl(child_v8, unique_map));
     if (!child.get())
       // JSON.stringify skips properties whose values don't serialize, for
       // example undefined and functions. Emulate that behavior.
       continue;
 
     // Strip null if asked (and since undefined is turned into null, undefined
     // too). The use case for supporting this is JSON-schema support,
     // specifically for extensions, where "optional" JSON properties may be
     // represented as null, yet due to buggy legacy code elsewhere isn't
     // treated as such (potentially causing crashes). For example, the
@@ skipping 15 matching lines @@
     if (strip_null_from_objects_ && child->IsType(Value::TYPE_NULL))
       continue;
 
     result->SetWithoutPathExpansion(std::string(*name_utf8, name_utf8.length()),
                                     child.release());
   }
 
   return result.release();
 }
 
+// static
+bool V8ValueConverterImpl::UpdateAndCheckUniqueness(

[eaugusti, 2013/03/14 17:21:09]

Maybe add a comment about how uniqueness is defined and how the handle
comparison is actually a deep comparison.

[vabr (Chromium), 2013/03/14 17:59:37]

Done.
I added a comment about the uniqueness to the declaration in the header file,
and the comment about deep comparison at the line where == is called.

+    HashToHandleMap* map,
+    v8::Handle<v8::Object> handle) {
+  typedef HashToHandleMap::const_iterator Iterator;
+
+  int hash = handle->GetIdentityHash();
+  std::pair<Iterator, Iterator> range = map->equal_range(hash);
+  bool found = false;
+  for (Iterator it = range.first; !false && it != range.second; ++it) {

[eaugusti, 2013/03/14 17:21:09]

Why the "!false"?

[vabr (Chromium), 2013/03/14 17:59:37]

Thanks for catching that, was meant to be !found. :)

+    found |= it->second == handle;
+  }

[eaugusti, 2013/03/14 17:21:09]

nit: drop the braces on the for.

[vabr (Chromium), 2013/03/14 17:59:37]

No longer can due to the added comment.

+
+  if (found)
+    return false;
+
+  map->insert(std::pair<int, v8::Handle<v8::Object> >(hash, handle));
+  return true;
+}
+
 }  // namespace content