Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8c10428db1b842eaf9531fc53e619f56e3062c79
https://github.com/WebKit/WebKit/commit/8c10428db1b842eaf9531fc53e619f56e3062c79
Author: Sosuke Suzuki <[email protected]>
Date: 2026-04-06 (Mon, 06 Apr 2026)
Changed paths:
A
JSTests/stress/regexp-jit-non-bmp-first-character-additional-read-size-reset.js
M Source/JavaScriptCore/yarr/YarrJIT.cpp
Log Message:
-----------
[YARR] Reset `firstCharacterAdditionalReadSize` at `BodyAlternativeNext`
reentry
https://bugs.webkit.org/show_bug.cgi?id=311388
Reviewed by Yusuke Suzuki.
The non-BMP first-character optimization sets
firstCharacterAdditionalReadSize to 1 when tryReadUnicodeChar reads a
surrogate pair, and the BodyAlternativeEnd trampoline reads it back to
advance the index past the pair on the next iteration.
BodyAlternativeBegin resets the register at its reentry label;
BodyAlternativeNext did not. After a prior alternative read a surrogate
pair, the register stayed at 1 across the alt boundary, and if the next
alternative short-circuited without its own tryReadUnicodeChar call,
the trampoline added the stale 1 and skipped a valid match position.
Mirror the BodyAlternativeBegin reset at BodyAlternativeNext, and add
the same defensive reset at the once-through BodyAlternativeEnd reentry.
Test:
JSTests/stress/regexp-jit-non-bmp-first-character-additional-read-size-reset.js
*
JSTests/stress/regexp-jit-non-bmp-first-character-additional-read-size-reset.js:
Added.
(shouldBe):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
Canonical link: https://commits.webkit.org/310677@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
