Removed some unsafe uses of StringShape....

src/runtime.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 953 matching lines @@
   return *target;
 }
 
 
 static Object* CharCodeAt(String* subject, Object* index) {
   uint32_t i = 0;
   if (!Array::IndexFromObject(index, &i)) return Heap::nan_value();
   // Flatten the string.  If someone wants to get a char at an index
   // in a cons string, it is likely that more indices will be
   // accessed.
+  subject->TryFlatten(StringShape(subject));
   StringShape shape(subject);
-  subject->TryFlatten(shape);  // shape no longer valid!
-  if (i >= static_cast<uint32_t>(subject->length(StringShape(subject)))) {
+  if (i >= static_cast<uint32_t>(subject->length(shape))) {
     return Heap::nan_value();
   }
-  return Smi::FromInt(subject->Get(StringShape(subject), i));
+  return Smi::FromInt(subject->Get(shape, i));
 }
 
 
 static Object* Runtime_StringCharCodeAt(Arguments args) {
   NoHandleAllocation ha;
   ASSERT(args.length() == 2);
 
   CONVERT_CHECKED(String, subject, args[0]);
   Object* index = args[1];
   return CharCodeAt(subject, index);
@@ skipping 360 matching lines @@
 }
 
 // Perform string match of pattern on subject, starting at start index.
 // Caller must ensure that 0 <= start_index <= sub->length(),
 // and should check that pat->length() + start_index <= sub->length()
 int Runtime::StringMatch(Handle<String> sub,
                          Handle<String> pat,
                          int start_index) {
   ASSERT(0 <= start_index);
   StringShape sub_shape(*sub);
-  StringShape pat_shape(*pat);
   ASSERT(start_index <= sub->length(sub_shape));
 
-  int pattern_length = pat->length(pat_shape);
+  int pattern_length = pat->length();
   if (pattern_length == 0) return start_index;
 
   int subject_length = sub->length(sub_shape);
   if (start_index + pattern_length > subject_length) return -1;
 
   if (!sub->IsFlat(sub_shape)) {
     FlattenString(sub);
     sub_shape = StringShape(*sub);
   }
+  StringShape pat_shape(*pat);
   // Searching for one specific character is common.  For one
   // character patterns linear search is necessary, so any smart
   // algorithm is unnecessary overhead.
   if (pattern_length == 1) {
     AssertNoAllocation no_heap_allocation;  // ensure vectors stay valid
     if (sub_shape.IsAsciiRepresentation()) {
       return SingleCharIndexOf(sub->ToAsciiVector(),
                                pat->Get(pat_shape, 0),
                                start_index);
     }
     return SingleCharIndexOf(sub->ToUC16Vector(),
                              pat->Get(pat_shape, 0),
                              start_index);
   }
 
   if (!pat->IsFlat(pat_shape)) {
     FlattenString(pat);
     pat_shape = StringShape(*pat);
+    sub_shape = StringShape(*sub);
   }
 
   AssertNoAllocation no_heap_allocation;  // ensure vectors stay valid
   // dispatch on type of strings
   if (pat_shape.IsAsciiRepresentation()) {
     Vector<const char> pat_vector = pat->ToAsciiVector();
     if (sub_shape.IsAsciiRepresentation()) {
       return StringMatchStrategy(sub->ToAsciiVector(), pat_vector, start_index);
     }
     return StringMatchStrategy(sub->ToUC16Vector(), pat_vector, start_index);
@@ skipping 114 matching lines @@
   NoHandleAllocation ha;
   ASSERT(args.length() == 3);
 
   CONVERT_CHECKED(String, value, args[0]);
   CONVERT_DOUBLE_CHECKED(from_number, args[1]);
   CONVERT_DOUBLE_CHECKED(to_number, args[2]);
 
   int start = FastD2I(from_number);
   int end = FastD2I(to_number);
 
-  StringShape shape(value);
-
   RUNTIME_ASSERT(end >= start);
   RUNTIME_ASSERT(start >= 0);
-  RUNTIME_ASSERT(end <= value->length(shape));
-  return value->Slice(shape, start, end);
+  RUNTIME_ASSERT(end <= value->length());
+  return value->Slice(start, end);
 }
 
 
 static Object* Runtime_NumberToRadixString(Arguments args) {
   NoHandleAllocation ha;
   ASSERT(args.length() == 2);
 
   CONVERT_DOUBLE_CHECKED(value, args[0]);
   if (isnan(value)) {
     return Heap::AllocateStringFromAscii(CStrVector("NaN"));
@@ skipping 362 matching lines @@
 
   // Only JS objects can have properties.
   if (args[0]->IsJSObject()) {
     JSObject* object = JSObject::cast(args[0]);
     if (object->HasLocalProperty(key)) return Heap::true_value();
   } else if (args[0]->IsString()) {
     // Well, there is one exception:  Handle [] on strings.
     uint32_t index;
     if (key->AsArrayIndex(&index)) {
       String* string = String::cast(args[0]);
-      StringShape shape(string);
-      if (index < static_cast<uint32_t>(string->length(shape)))
+      if (index < static_cast<uint32_t>(string->length()))
         return Heap::true_value();
     }
   }
   return Heap::false_value();
 }
 
 
 static Object* Runtime_HasProperty(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 2);
@@ skipping 752 matching lines @@
   return Heap::NewNumberFromDouble(x);
 }
 
 
 static Object* Runtime_StringAdd(Arguments args) {
   NoHandleAllocation ha;
   ASSERT(args.length() == 2);
 
   CONVERT_CHECKED(String, str1, args[0]);
   CONVERT_CHECKED(String, str2, args[1]);
-  StringShape shape1(str1);
-  StringShape shape2(str2);
-  int len1 = str1->length(shape1);
-  int len2 = str2->length(shape2);
+  int len1 = str1->length();
+  int len2 = str2->length();
   if (len1 == 0) return str2;
   if (len2 == 0) return str1;
   int length_sum = len1 + len2;
   // Make sure that an out of memory exception is thrown if the length
   // of the new cons string is too large to fit in a Smi.
   if (length_sum > Smi::kMaxValue || length_sum < 0) {
     Top::context()->mark_out_of_memory();
     return Failure::OutOfMemoryException();
   }
-  return Heap::AllocateConsString(str1, shape1, str2, shape2);
+  return Heap::AllocateConsString(str1, str2);
 }
 
 
 template<typename sinkchar>
 static inline void StringBuilderConcatHelper(String* special,
                                              StringShape special_shape,
                                              sinkchar* sink,
                                              FixedArray* fixed_array,
                                              int array_length) {
   int position = 0;
@@ skipping 3165 matching lines @@
   } else {
     // Handle last resort GC and make sure to allow future allocations
     // to grow the heap without causing GCs (if possible).
     Counters::gc_last_resort_from_js.Increment();
     Heap::CollectAllGarbage();
   }
 }
 
 
 } }  // namespace v8::internal