Title: [288224] trunk
- Revision
- 288224
- Author
- [email protected]
- Date
- 2022-01-19 11:52:40 -0800 (Wed, 19 Jan 2022)
Log Message
[JSC] Fix YarrJIT backtrackCharacterClassNonGreedy breakpoint
https://bugs.webkit.org/show_bug.cgi?id=235348
Reviewed by Michael Saboff.
JSTests:
* stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js:
Source/_javascript_Core:
YarrJIT's backtrackCharacterClassNonGreedy breakpoint is actually reachable. We should subtract index (since it is already incremented),
and go to the normal nonGreedyFailures path.
* yarr/YarrJIT.cpp:
Modified Paths
Diff
Modified: trunk/JSTests/ChangeLog (288223 => 288224)
--- trunk/JSTests/ChangeLog 2022-01-19 19:48:23 UTC (rev 288223)
+++ trunk/JSTests/ChangeLog 2022-01-19 19:52:40 UTC (rev 288224)
@@ -1,3 +1,12 @@
+2022-01-19 Yusuke Suzuki <[email protected]>
+
+ [JSC] Fix YarrJIT backtrackCharacterClassNonGreedy breakpoint
+ https://bugs.webkit.org/show_bug.cgi?id=235348
+
+ Reviewed by Michael Saboff.
+
+ * stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js:
+
2022-01-19 Michael Catanzaro <[email protected]>
Unreviewed, skip new test max-typed-array-length-toString.js when memory-limited
Modified: trunk/JSTests/stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js (288223 => 288224)
--- trunk/JSTests/stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js 2022-01-19 19:48:23 UTC (rev 288223)
+++ trunk/JSTests/stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js 2022-01-19 19:52:40 UTC (rev 288224)
@@ -36,3 +36,7 @@
let backtrackGreedyRegExp = /.*[\x20-\udffff].\w*.\d{3}/u;
testRegExpMatch(backtrackGreedyRegExp, testString2);
+
+let nonGreedyRegExp2 = /(.*[^x]+?)[^]*([1])/u;
+
+testRegExpNotMatch(nonGreedyRegExp2, testString);
Modified: trunk/Source/_javascript_Core/ChangeLog (288223 => 288224)
--- trunk/Source/_javascript_Core/ChangeLog 2022-01-19 19:48:23 UTC (rev 288223)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-01-19 19:52:40 UTC (rev 288224)
@@ -1,3 +1,15 @@
+2022-01-19 Yusuke Suzuki <[email protected]>
+
+ [JSC] Fix YarrJIT backtrackCharacterClassNonGreedy breakpoint
+ https://bugs.webkit.org/show_bug.cgi?id=235348
+
+ Reviewed by Michael Saboff.
+
+ YarrJIT's backtrackCharacterClassNonGreedy breakpoint is actually reachable. We should subtract index (since it is already incremented),
+ and go to the normal nonGreedyFailures path.
+
+ * yarr/YarrJIT.cpp:
+
2022-01-19 Michael Catanzaro <[email protected]>
Fix -Wreturn-type and -Wunused-parameter warnings, January 2022 edition
Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (288223 => 288224)
--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2022-01-19 19:48:23 UTC (rev 288223)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2022-01-19 19:52:40 UTC (rev 288224)
@@ -2059,7 +2059,7 @@
if (!nonGreedyFailuresDecrementIndex.empty()) {
nonGreedyFailuresDecrementIndex.link(&m_jit);
- m_jit.breakpoint();
+ m_jit.sub32(MacroAssembler::TrustedImm32(1), m_regs.index);
}
nonGreedyFailures.link(&m_jit);
m_jit.sub32(countRegister, m_regs.index);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
