Diff
Modified: trunk/JSTests/ChangeLog (237756 => 237757)
--- trunk/JSTests/ChangeLog 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/JSTests/ChangeLog 2018-11-02 22:47:14 UTC (rev 237757)
@@ -1,3 +1,16 @@
+2018-11-02 Ryan Haddad <ryanhad...@apple.com>
+
+ Unreviewed, rolling out r237753.
+
+ Introduced JSC test failures
+
+ Reverted changeset:
+
+ "Running out of stack space not properly handled in
+ RegExp::compile() and its callers"
+ https://bugs.webkit.org/show_bug.cgi?id=191206
+ https://trac.webkit.org/changeset/237753
+
2018-11-02 Michael Saboff <msab...@apple.com>
Running out of stack space not properly handled in RegExp::compile() and its callers
Deleted: trunk/JSTests/stress/regexp-compile-oom.js (237756 => 237757)
--- trunk/JSTests/stress/regexp-compile-oom.js 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/JSTests/stress/regexp-compile-oom.js 2018-11-02 22:47:14 UTC (rev 237757)
@@ -1,64 +0,0 @@
-// Test that throw an OOM exception when compiling a pathological, but valid nested RegExp.
-
-function recurseAndTest(depth, f, expectedException)
-{
- // Probe stack depth
- try {
- let result = recurseAndTest(depth + 1, f, expectedException);
- if (result == 0) {
- try {
- // Call the test function with a nearly full stack.
- f();
- } catch (e) {
- return e.toString();
- }
-
- return 1;
- } else if (result < 0)
- return result + 1;
- else
- return result;
- } catch (e) {
- // Go up a several frames and then call the test function
- return -10;
- }
-
- return 1;
-}
-
-let deepRE = /((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((x))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))/;
-let matchLen = 381; // The number of parens plus 1 for the whole match.
-
-let regExpOOMError = "Error: Out of memory: Invalid regular _expression_: too many nested disjunctions";
-
-// Test that both exec (captured compilation) and test (match only compilation) handles OOM.
-let result = recurseAndTest(1, () => { deepRE.exec(); });
-if (result != regExpOOMError)
- throw "Expected: \"" + regExpOOMError + "\" but got \"" + result + "\"";
-
-result = recurseAndTest(1, () => { deepRE.test(); });
-if (result != regExpOOMError)
- throw "Expected: \"" + regExpOOMError + "\" but got \"" + result + "\"";
-
-// Test that the RegExp works correctly with RegExp.exec() and RegExp.test() when there is sufficient stack space to compile it.
-let m = deepRE.exec("x");
-let matched = true;
-if (m.length != matchLen)
- matched = false
-else {
- for (i = 0; i < matchLen; i++) {
- if (m[i] != "x")
- matched = false;
- }
-}
-
-if (!matched) {
- let expectedMatch = [];
- for (i = 0; i < matchLen; i++)
- expectedMatch[i] = "x";
-
- throw "Expected RegExp.exec(...) to be [" + expectedMatch + "] but got [" + m + "]";
-}
-
-if (!deepRE.test("x"))
- throw "Expected RegExp.test(...) to be true, but was false";
Modified: trunk/Source/_javascript_Core/ChangeLog (237756 => 237757)
--- trunk/Source/_javascript_Core/ChangeLog 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-11-02 22:47:14 UTC (rev 237757)
@@ -1,3 +1,16 @@
+2018-11-02 Ryan Haddad <ryanhad...@apple.com>
+
+ Unreviewed, rolling out r237753.
+
+ Introduced JSC test failures
+
+ Reverted changeset:
+
+ "Running out of stack space not properly handled in
+ RegExp::compile() and its callers"
+ https://bugs.webkit.org/show_bug.cgi?id=191206
+ https://trac.webkit.org/changeset/237753
+
2018-11-02 Michael Saboff <msab...@apple.com>
Running out of stack space not properly handled in RegExp::compile() and its callers
Modified: trunk/Source/_javascript_Core/runtime/RegExp.cpp (237756 => 237757)
--- trunk/Source/_javascript_Core/runtime/RegExp.cpp 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/runtime/RegExp.cpp 2018-11-02 22:47:14 UTC (rev 237757)
@@ -23,7 +23,6 @@
#include "config.h"
#include "RegExp.h"
-#include "ExceptionHelpers.h"
#include "Lexer.h"
#include "JSCInlines.h"
#include "RegExpCache.h"
@@ -291,8 +290,11 @@
Yarr::YarrPattern pattern(m_patternString, m_flags, m_constructionErrorCode, vm->stackLimit());
if (hasError(m_constructionErrorCode)) {
+ RELEASE_ASSERT_NOT_REACHED();
+#if COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE)
m_state = ParseError;
return;
+#endif
}
ASSERT(m_numSubpatterns == pattern.m_numSubpatterns);
@@ -348,8 +350,11 @@
Yarr::YarrPattern pattern(m_patternString, m_flags, m_constructionErrorCode, vm->stackLimit());
if (hasError(m_constructionErrorCode)) {
+ RELEASE_ASSERT_NOT_REACHED();
+#if COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE)
m_state = ParseError;
return;
+#endif
}
ASSERT(m_numSubpatterns == pattern.m_numSubpatterns);
Modified: trunk/Source/_javascript_Core/runtime/RegExp.h (237756 => 237757)
--- trunk/Source/_javascript_Core/runtime/RegExp.h 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/runtime/RegExp.h 2018-11-02 22:47:14 UTC (rev 237757)
@@ -64,11 +64,6 @@
bool isValid() const { return !Yarr::hasError(m_constructionErrorCode) && m_flags != InvalidFlags; }
const char* errorMessage() const { return Yarr::errorMessage(m_constructionErrorCode); }
JSObject* errorToThrow(ExecState* exec) { return Yarr::errorToThrow(exec, m_constructionErrorCode); }
- void reset()
- {
- m_state = NotCompiled;
- m_constructionErrorCode = Yarr::ErrorCode::NoError;
- }
JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int>& ovector);
Modified: trunk/Source/_javascript_Core/runtime/RegExpInlines.h (237756 => 237757)
--- trunk/Source/_javascript_Core/runtime/RegExpInlines.h 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/runtime/RegExpInlines.h 2018-11-02 22:47:14 UTC (rev 237757)
@@ -123,9 +123,6 @@
if (hasCodeFor(charSize))
return;
- if (m_state == ParseError)
- return;
-
compile(&vm, charSize);
}
@@ -132,22 +129,14 @@
template<typename VectorType>
ALWAYS_INLINE int RegExp::matchInline(VM& vm, const String& s, unsigned startOffset, VectorType& ovector)
{
- auto throwScope = DECLARE_THROW_SCOPE(vm);
#if ENABLE(REGEXP_TRACING)
m_rtMatchCallCount++;
m_rtMatchTotalSubjectStringLen += (double)(s.length() - startOffset);
#endif
+ ASSERT(m_state != ParseError);
compileIfNecessary(vm, s.is8Bit() ? Yarr::Char8 : Yarr::Char16);
- if (m_state == ParseError) {
- ExecState* exec = vm.topCallFrame;
- throwScope.throwException(exec, errorToThrow(exec));
- if (!hasHardError(m_constructionErrorCode))
- reset();
- return -1;
- }
-
int offsetVectorSize = (m_numSubpatterns + 1) * 2;
ovector.resize(offsetVectorSize);
int* offsetVector = ovector.data();
@@ -248,30 +237,19 @@
if (hasMatchOnlyCodeFor(charSize))
return;
- if (m_state == ParseError)
- return;
-
compileMatchOnly(&vm, charSize);
}
ALWAYS_INLINE MatchResult RegExp::matchInline(VM& vm, const String& s, unsigned startOffset)
{
- auto throwScope = DECLARE_THROW_SCOPE(vm);
#if ENABLE(REGEXP_TRACING)
m_rtMatchOnlyCallCount++;
m_rtMatchOnlyTotalSubjectStringLen += (double)(s.length() - startOffset);
#endif
+ ASSERT(m_state != ParseError);
compileIfNecessaryMatchOnly(vm, s.is8Bit() ? Yarr::Char8 : Yarr::Char16);
- if (m_state == ParseError) {
- ExecState* exec = vm.topCallFrame;
- throwScope.throwException(exec, errorToThrow(exec));
- if (!hasHardError(m_constructionErrorCode))
- reset();
- return MatchResult::failed();
- }
-
#if ENABLE(YARR_JIT)
MatchResult result;
Modified: trunk/Source/_javascript_Core/runtime/RegExpObjectInlines.h (237756 => 237757)
--- trunk/Source/_javascript_Core/runtime/RegExpObjectInlines.h 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/runtime/RegExpObjectInlines.h 2018-11-02 22:47:14 UTC (rev 237757)
@@ -85,7 +85,6 @@
JSArray* array =
createRegExpMatchesArray(vm, globalObject, string, input, regExp, lastIndex, result);
if (!array) {
- RETURN_IF_EXCEPTION(scope, { });
scope.release();
if (globalOrSticky)
setLastIndex(exec, 0);
Modified: trunk/Source/_javascript_Core/yarr/YarrErrorCode.h (237756 => 237757)
--- trunk/Source/_javascript_Core/yarr/YarrErrorCode.h 2018-11-02 22:46:14 UTC (rev 237756)
+++ trunk/Source/_javascript_Core/yarr/YarrErrorCode.h 2018-11-02 22:47:14 UTC (rev 237757)
@@ -60,13 +60,6 @@
{
return errorCode != ErrorCode::NoError;
}
-
-inline bool hasHardError(ErrorCode errorCode)
-{
- // TooManyDisjunctions means that we ran out stack compiling.
- // All other errors are due to problems in the _expression_.
- return hasError(errorCode) && errorCode != ErrorCode::TooManyDisjunctions;
-}
JS_EXPORT_PRIVATE JSObject* errorToThrow(ExecState*, ErrorCode);
} } // namespace JSC::Yarr
