Context Navigation

← Previous Changeset
Next Changeset →

Changeset 251411 in webkit

Timestamp:

Oct 21, 2019, 6:55:20 PM (5 years ago)

Author:

mark.lam@apple.com

Message:

Fix incorrect assertion in operationRegExpExecNonGlobalOrSticky().
https://bugs.webkit.org/show_bug.cgi?id=203230
<rdar://problem/56460749>

Reviewed by Robin Morisset.

JSTests:

stress/incorrect-exception-assertion-in-operationRegExpExecNonGlobalOrSticky.js: Added.

Source/JavaScriptCore:

operationRegExpExecNonGlobalOrSticky() was asserting no exception when
createRegExpMatchesArray() returns null. createRegExpMatchesArray() only returns
null when RegExp::matchInline() returns -1. The only way RegExp::matchInline()
can return -1 is via a throwError() helper which throws an exception. The other
return path in RegExp::matchInline() explicitly ASSERT(result >= -1). Hence, the
assertion in operationRegExpExecNonGlobalOrSticky() is wrong.

dfg/DFGOperations.cpp:

Location:

trunk

Files:

: 1 added
: 3 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/incorrect-exception-assertion-in-operationRegExpExecNonGlobalOrSticky.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGOperations.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-              r251408
+              r251411
+-10-21  Mark Lam  <mark.lam@apple.com>
+        Fix incorrect assertion in operationRegExpExecNonGlobalOrSticky().
+        https://bugs.webkit.org/show_bug.cgi?id=203230
+        <rdar://problem/56460749>
+        Reviewed by Robin Morisset.
+        * stress/incorrect-exception-assertion-in-operationRegExpExecNonGlobalOrSticky.js: Added.
 -10-21  Saam Barati  <sbarati@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-              r251408
+              r251411
+-10-21  Mark Lam  <mark.lam@apple.com>
+        Fix incorrect assertion in operationRegExpExecNonGlobalOrSticky().
+        https://bugs.webkit.org/show_bug.cgi?id=203230
+        <rdar://problem/56460749>
+        Reviewed by Robin Morisset.
+        operationRegExpExecNonGlobalOrSticky() was asserting no exception when
+        createRegExpMatchesArray() returns null.  createRegExpMatchesArray() only returns
+        null when RegExp::matchInline() returns -1.  The only way RegExp::matchInline()
+        can return -1 is via a throwError() helper which throws an exception.  The other
+        return path in RegExp::matchInline() explicitly ASSERT(result >= -1).  Hence, the
+        assertion in operationRegExpExecNonGlobalOrSticky() is wrong.
+        * dfg/DFGOperations.cpp:
 -10-21  Saam Barati  <sbarati@apple.com>

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

-              r250630
+              r251411
     MatchResult result;
     JSArray* array = createRegExpMatchesArray(vm, globalObject, string, input, regExp, lastIndex, result);
-    if (!array) {
-        ASSERT(!scope.exception());
-        return JSValue::encode(jsNull());
+    }
     RETURN_IF_EXCEPTION(scope, { });
+    ASSERT(array);
     globalObject->regExpGlobalData().recordMatch(vm, globalObject, regExp, string, result);
     return JSValue::encode(array);

Note: See TracChangeset for help on using the changeset viewer.