Reviewers: Sven Panne,
Description:
Correctly reset lastIndex in an RegExp object.
[email protected]
BUG=170856
Please review this at https://chromiumcodereview.appspot.com/11896060/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/objects-inl.h
M src/objects.h
M src/runtime.cc
A + test/mjsunit/regress/regress-crbug-170856.js
Index: src/objects-inl.h
diff --git a/src/objects-inl.h b/src/objects-inl.h
index
3251d9e9b3b3c8817472f9167224e0bcb0d0a5e8..37a1bfc12ac19a7cd571f2af563d02b17bda028b
100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -5009,13 +5009,6 @@ void JSRegExp::SetDataAtUnchecked(int index, Object*
value, Heap* heap) {
}
-void JSRegExp::ResetLastIndex() {
- InObjectPropertyAtPut(JSRegExp::kLastIndexFieldIndex,
- Smi::FromInt(0),
- SKIP_WRITE_BARRIER); // It's a Smi.
-}
-
-
ElementsKind JSObject::GetElementsKind() {
ElementsKind kind = map()->elements_kind();
#if DEBUG
Index: src/objects.h
diff --git a/src/objects.h b/src/objects.h
index
f9178ccef66c18677282f89098e1d820c7b5c9b8..5ca576e315489810414bb0d20d2a5980f8181bd3
100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -6573,7 +6573,6 @@ class JSRegExp: public JSObject {
inline Object* DataAtUnchecked(int index);
inline void SetDataAtUnchecked(int index, Object* value, Heap* heap);
inline Type TypeTagUnchecked();
- inline void ResetLastIndex();
static int code_index(bool is_ascii) {
if (is_ascii) {
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
ef04ed34f0d8cdff397d6938c4d528a86954ade9..7ffaf32e25ea3f5e417176297f519b38f2c1db37
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -1794,7 +1794,8 @@ RUNTIME_FUNCTION(MaybeObject*,
Runtime_RegExpInitializeObject) {
JSRegExp::kIgnoreCaseFieldIndex, ignoreCase, SKIP_WRITE_BARRIER);
regexp->InObjectPropertyAtPut(
JSRegExp::kMultilineFieldIndex, multiline, SKIP_WRITE_BARRIER);
- regexp->ResetLastIndex();
+ regexp->InObjectPropertyAtPut(
+ JSRegExp::kLastIndexFieldIndex, Smi::FromInt(0),
SKIP_WRITE_BARRIER);
return regexp;
}
@@ -2911,7 +2912,13 @@ MUST_USE_RESULT static MaybeObject*
StringReplaceAtomRegExpWithString(
int matches = indices.length();
if (matches == 0) {
- pattern_regexp->ResetLastIndex();
+ // Reset lastIndex property to 0.
+ SetProperty(isolate,
+ pattern_regexp,
+ isolate->factory()->last_index_symbol(),
+ Handle<Smi>(Smi::FromInt(0)),
+ NONE,
+ kNonStrictMode);
return *subject;
}
@@ -3014,7 +3021,13 @@ MUST_USE_RESULT static MaybeObject*
StringReplaceRegExpWithString(
int32_t* current_match = global_cache.FetchNext();
if (current_match == NULL) {
if (global_cache.HasException()) return Failure::Exception();
- regexp->ResetLastIndex();
+ // Reset lastIndex property to 0.
+ SetProperty(isolate,
+ regexp,
+ isolate->factory()->last_index_symbol(),
+ Handle<Smi>(Smi::FromInt(0)),
+ NONE,
+ kNonStrictMode);
return *subject;
}
@@ -3113,7 +3126,13 @@ MUST_USE_RESULT static MaybeObject*
StringReplaceRegExpWithEmptyString(
int32_t* current_match = global_cache.FetchNext();
if (current_match == NULL) {
if (global_cache.HasException()) return Failure::Exception();
- regexp->ResetLastIndex();
+ // Reset lastIndex property to 0.
+ SetProperty(isolate,
+ regexp,
+ isolate->factory()->last_index_symbol(),
+ Handle<Smi>(Smi::FromInt(0)),
+ NONE,
+ kNonStrictMode);
return *subject;
}
Index: test/mjsunit/regress/regress-crbug-170856.js
diff --git a/test/mjsunit/compiler/control-flow-2.js
b/test/mjsunit/regress/regress-crbug-170856.js
similarity index 89%
copy from test/mjsunit/compiler/control-flow-2.js
copy to test/mjsunit/regress/regress-crbug-170856.js
index
26ed5643f487040b14ff004e4ef139df5d63e196..264d645b9d7e901b67589a17cac1f4e5c01e0fca
100644
--- a/test/mjsunit/compiler/control-flow-2.js
+++ b/test/mjsunit/regress/regress-crbug-170856.js
@@ -1,4 +1,4 @@
-// Copyright 2010 the V8 project authors. All rights reserved.
+// Copyright 2013 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@@ -25,10 +25,10 @@
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-function f(a,b) {
- return (b < a) - (a < b);
+r = new RegExp("a");
+for (var i = 0; i < 100; i++) {
+ r["abc" + i] = i;
}
+"zzzz".replace(r, "");
+assertEquals(0, r.lastIndex);
-assertEquals(0, f(0,0));
-assertEquals(1, f(1,0));
-assertEquals(-1, f(0,1));
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
