Changeset 283874 in webkit

Timestamp:

Oct 10, 2021 1:49:45 AM (9 months ago)

Author:

ysuzuki@apple.com

Message:

[JSC] Refine RegExp#compile based on regexp-legacy-features proposal
​https://bugs.webkit.org/show_bug.cgi?id=231486

Reviewed by Alexey Shvayka.

JSTests:

• stress/regexp-recompile.js: Added.

(shouldBe):
(recompile):
(target):

• test262/expectations.yaml:

Source/JavaScriptCore:

This patch refines RegExp#compile based regexp-legacy-features proposal[1].
We add legacyFeaturesDisabledFlag flag to RegExpObject so that we can
detect LegacyFeaturesEnabled?.

We also add regExpRecompiledWatchpoint to JSGlobalObject. We have strength
reduction in DFG / FTL, but we should recompile DFG / FTL code when RegExp
is recompiled. Since it is rare, instead of having this watchpoint per
RegExpObject, we hold it in JSGlobalObject.

[1]: ​https://github.com/tc39/proposal-regexp-legacy-features

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewRegexp):
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):

• dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

• ftl/FTLAbstractHeapRepository.h:
• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):

• ftl/FTLOperations.cpp:

(JSC::FTL::JSC_DEFINE_JIT_OPERATION):

• jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::regExpRecompiledWatchpoint):
(JSC::JSGlobalObject::isRegExpRecompiled const):

• runtime/RegExpConstructor.cpp:

(JSC::areLegacyFeaturesEnabled):
(JSC::regExpCreate):
(JSC::constructRegExp):

• runtime/RegExpObject.cpp:

(JSC::RegExpObject::RegExpObject):

• runtime/RegExpObject.h:
• runtime/RegExpPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/regexp-recompile.js (added)
• JSTests/test262/expectations.yaml (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp (modified) (2 diffs)
• Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (modified) (1 diff)
• Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (modified) (2 diffs)
• Source/JavaScriptCore/ftl/FTLOperations.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOperations.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/RegExpConstructor.cpp (modified) (3 diffs)
• Source/JavaScriptCore/runtime/RegExpObject.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/RegExpObject.h (modified) (8 diffs)
• Source/JavaScriptCore/runtime/RegExpPrototype.cpp (modified) (2 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2021-10-09  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Refine RegExp#compile based on regexp-legacy-features proposal
+        https://bugs.webkit.org/show_bug.cgi?id=231486
+
+        Reviewed by Alexey Shvayka.
+
+        * stress/regexp-recompile.js: Added.
+        (shouldBe):
+        (recompile):
+        (target):
+        * test262/expectations.yaml:
+
 2021-10-08  Tadeu Zagallo  <tzagallo@apple.com>
 

trunk/JSTests/test262/expectations.yaml

@@ -6 +6 @@
   default: "SyntaxError: Unexpected token '}'. Expected a parameter pattern or a ')' in parameter list."
   strict mode: "SyntaxError: Unexpected token '}'. Expected a parameter pattern or a ')' in parameter list."
-test/annexB/built-ins/RegExp/prototype/compile/this-cross-realm-instance.js:
-  default: 'Test262Error: `RegExp.prototype.compile.call(otherRealm_regexp)` throws TypeError Expected a TypeError to be thrown but no exception was thrown at all'
-  strict mode: 'Test262Error: `RegExp.prototype.compile.call(otherRealm_regexp)` throws TypeError Expected a TypeError to be thrown but no exception was thrown at all'
-test/annexB/built-ins/RegExp/prototype/compile/this-subclass-instance.js:
-  default: 'Test262Error: `subclass_regexp.compile()` throws TypeError Expected a TypeError to be thrown but no exception was thrown at all'
-  strict mode: 'Test262Error: `subclass_regexp.compile()` throws TypeError Expected a TypeError to be thrown but no exception was thrown at all'
 test/annexB/language/eval-code/direct/func-block-decl-eval-func-skip-early-err-block.js:
   default: 'Test262Error: An initialized binding is not created prior to evaluation Expected a ReferenceError to be thrown but no exception was thrown at all'

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-10-09  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Refine RegExp#compile based on regexp-legacy-features proposal
+        https://bugs.webkit.org/show_bug.cgi?id=231486
+
+        Reviewed by Alexey Shvayka.
+
+        This patch refines RegExp#compile based regexp-legacy-features proposal[1].
+        We add legacyFeaturesDisabledFlag flag to RegExpObject so that we can
+        detect [[LegacyFeaturesEnabled]].
+
+        We also add regExpRecompiledWatchpoint to JSGlobalObject. We have strength
+        reduction in DFG / FTL, but we should recompile DFG / FTL code when RegExp
+        is recompiled. Since it is rare, instead of having this watchpoint per
+        RegExpObject, we hold it in JSGlobalObject.
+
+        [1]: https://github.com/tc39/proposal-regexp-legacy-features
+
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileNewRegexp):
+        (JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):
+        * dfg/DFGStrengthReductionPhase.cpp:
+        (JSC::DFG::StrengthReductionPhase::handleNode):
+        * ftl/FTLAbstractHeapRepository.h:
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
+        * ftl/FTLOperations.cpp:
+        (JSC::FTL::JSC_DEFINE_JIT_OPERATION):
+        * jit/JITOperations.cpp:
+        (JSC::JSC_DEFINE_JIT_OPERATION):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::regExpRecompiledWatchpoint):
+        (JSC::JSGlobalObject::isRegExpRecompiled const):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::areLegacyFeaturesEnabled):
+        (JSC::regExpCreate):
+        (JSC::constructRegExp):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::RegExpObject):
+        * runtime/RegExpObject.h:
+        * runtime/RegExpPrototype.cpp:
+        (JSC::JSC_DEFINE_HOST_FUNCTION):
+
 2021-10-08  Saam Barati  <sbarati@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -11224 +11224 @@
     m_jit.storePtr(
         TrustedImmPtr(node->cellOperand()),
-        CCallHelpers::Address(resultGPR, RegExpObject::offsetOfRegExpAndLastIndexIsNotWritableFlag()));
+        CCallHelpers::Address(resultGPR, RegExpObject::offsetOfRegExpAndFlags()));
     m_jit.storeValue(lastIndexRegs, CCallHelpers::Address(resultGPR, RegExpObject::offsetOfLastIndex()));
     m_jit.mutatorFence(vm());
@@ -12774 +12774 @@
             m_jit.branchTestPtr(
                 JITCompiler::NonZero,
-                JITCompiler::Address(regExpGPR, RegExpObject::offsetOfRegExpAndLastIndexIsNotWritableFlag()),
+                JITCompiler::Address(regExpGPR, RegExpObject::offsetOfRegExpAndFlags()),
                 JITCompiler::TrustedImm32(RegExpObject::lastIndexIsNotWritableFlag)));
     }

trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp

@@ -503 +503 @@
                 regExpObjectNode = m_node->child2().node();
                 if (RegExpObject* regExpObject = regExpObjectNode->dynamicCastConstant<RegExpObject*>(vm())) {
+                    JSGlobalObject* globalObject = regExpObject->globalObject(vm());
+                    if (globalObject->isRegExpRecompiled()) {
+                        if (verbose)
+                            dataLog("Giving up because RegExp recompile happens.\n");
+                        break;
+                    }
+                    m_graph.watchpoints().addLazily(globalObject->regExpRecompiledWatchpoint());
                     regExp = regExpObject->regExp();
                     regExpObjectNodeIsConstant = true;
-                } else if (regExpObjectNode->op() == NewRegexp)
+                } else if (regExpObjectNode->op() == NewRegexp) {
+                    JSGlobalObject* globalObject = m_graph.globalObjectFor(regExpObjectNode->origin.semantic);
+                    if (globalObject->isRegExpRecompiled()) {
+                        if (verbose)
+                            dataLog("Giving up because RegExp recompile happens.\n");
+                        break;
+                    }
+                    m_graph.watchpoints().addLazily(globalObject->regExpRecompiledWatchpoint());
                     regExp = regExpObjectNode->castOperand<RegExp*>();
-                else {
+                } else {
                     if (verbose)
                         dataLog("Giving up because the regexp is unknown.\n");
@@ -836 +850 @@
             Node* regExpObjectNode = m_node->child2().node();
             RegExp* regExp;
-            if (RegExpObject* regExpObject = regExpObjectNode->dynamicCastConstant<RegExpObject*>(vm()))
+            if (RegExpObject* regExpObject = regExpObjectNode->dynamicCastConstant<RegExpObject*>(vm())) {
+                JSGlobalObject* globalObject = regExpObject->globalObject(vm());
+                if (globalObject->isRegExpRecompiled()) {
+                    if (verbose)
+                        dataLog("Giving up because RegExp recompile happens.\n");
+                    break;
+                }
+                m_graph.watchpoints().addLazily(globalObject->regExpRecompiledWatchpoint());
                 regExp = regExpObject->regExp();
-            else if (regExpObjectNode->op() == NewRegexp)
+            } else if (regExpObjectNode->op() == NewRegexp) {
+                JSGlobalObject* globalObject = m_graph.globalObjectFor(regExpObjectNode->origin.semantic);
+                if (globalObject->isRegExpRecompiled()) {
+                    if (verbose)
+                        dataLog("Giving up because RegExp recompile happens.\n");
+                    break;
+                }
+                m_graph.watchpoints().addLazily(globalObject->regExpRecompiledWatchpoint());
                 regExp = regExpObjectNode->castOperand<RegExp*>();
-            else {
+            } else {
                 if (verbose)
                     dataLog("Giving up because the regexp is unknown.\n");

trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h

@@ -124 +124 @@
     macro(JSSymbolTableObject_symbolTable, JSSymbolTableObject::offsetOfSymbolTable()) \
     macro(NativeExecutable_asString, NativeExecutable::offsetOfAsString()) \
-    macro(RegExpObject_regExpAndLastIndexIsNotWritableFlag, RegExpObject::offsetOfRegExpAndLastIndexIsNotWritableFlag()) \
+    macro(RegExpObject_regExpAndFlags, RegExpObject::offsetOfRegExpAndFlags()) \
     macro(RegExpObject_lastIndex, RegExpObject::offsetOfLastIndex()) \
     macro(ShadowChicken_Packet_callee, OBJECT_OFFSETOF(ShadowChicken::Packet, callee)) \

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -14291 +14291 @@
         auto structure = m_graph.registerStructure(globalObject->regExpStructure());
         LValue fastResultValue = allocateObject<RegExpObject>(structure, m_out.intPtrZero, slowCase);
-        m_out.storePtr(frozenPointer(regexp), fastResultValue, m_heaps.RegExpObject_regExpAndLastIndexIsNotWritableFlag);
+        m_out.storePtr(frozenPointer(regexp), fastResultValue, m_heaps.RegExpObject_regExpAndFlags);
         m_out.store64(lastIndex, fastResultValue, m_heaps.RegExpObject_lastIndex);
         mutatorFence();
@@ -14378 +14378 @@
                 ExoticObjectMode, noValue(), nullptr,
                 m_out.testNonZeroPtr(
-                    m_out.loadPtr(regExp, m_heaps.RegExpObject_regExpAndLastIndexIsNotWritableFlag),
+                    m_out.loadPtr(regExp, m_heaps.RegExpObject_regExpAndFlags),
                     m_out.constIntPtr(RegExpObject::lastIndexIsNotWritableFlag)));
 

trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp

@@ -690 +690 @@
         CodeBlock* codeBlock = baselineCodeBlockForOriginAndBaselineCodeBlock(materialization->origin(), callFrame->codeBlock()->baselineAlternative());
         Structure* structure = codeBlock->globalObject()->regExpStructure();
-        return RegExpObject::create(vm, structure, regExp);
+        static constexpr bool areLegacyFeaturesEnabled = true;
+        return RegExpObject::create(vm, structure, regExp, areLegacyFeaturesEnabled);
     }
 

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -1891 +1891 @@
     RegExp* regexp = static_cast<RegExp*>(regexpPtr);
     ASSERT(regexp->isValid());
-    return RegExpObject::create(vm, globalObject->regExpStructure(), regexp);
+    static constexpr bool areLegacyFeaturesEnabled = true;
+    return RegExpObject::create(vm, globalObject->regExpStructure(), regexp, areLegacyFeaturesEnabled);
 }
 

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -613 +613 @@
     RegExp* regExp = jsCast<RegExp*>(getOperand(callFrame, bytecode.m_regexp));
     ASSERT(regExp->isValid());
-    LLINT_RETURN(RegExpObject::create(vm, globalObject->regExpStructure(), regExp));
+    static constexpr bool areLegacyFeaturesEnabled = true;
+    LLINT_RETURN(RegExpObject::create(vm, globalObject->regExpStructure(), regExp, areLegacyFeaturesEnabled));
 }
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -609 +609 @@
     , m_varInjectionWatchpoint(WatchpointSet::create(IsWatched))
     , m_varReadOnlyWatchpoint(WatchpointSet::create(IsWatched))
+    , m_regExpRecompiledWatchpoint(WatchpointSet::create(IsWatched))
     , m_weakRandom(Options::forceWeakRandomSeed() ? Options::forcedWeakRandomSeed() : static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
     , m_arrayIteratorProtocolWatchpointSet(IsWatched)

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -488 +488 @@
     RefPtr<WatchpointSet> m_varInjectionWatchpoint;
     RefPtr<WatchpointSet> m_varReadOnlyWatchpoint;
+    RefPtr<WatchpointSet> m_regExpRecompiledWatchpoint;
 
     std::unique_ptr<JSGlobalObjectRareData> m_rareData;
@@ -1026 +1027 @@
     WatchpointSet* varInjectionWatchpoint() { return m_varInjectionWatchpoint.get(); }
     WatchpointSet* varReadOnlyWatchpoint() { return m_varReadOnlyWatchpoint.get(); }
+    WatchpointSet* regExpRecompiledWatchpoint() { return m_regExpRecompiledWatchpoint.get(); }
         
     bool isHavingABadTime() const
@@ -1037 +1039 @@
     bool arrayPrototypeChainIsSane();
     bool stringPrototypeChainIsSane();
+
+    bool isRegExpRecompiled() const
+    {
+        return m_regExpRecompiledWatchpoint->hasBeenInvalidated();
+    }
 
     void setProfileGroup(unsigned value) { createRareDataIfNeeded(); m_rareData->profileGroup = value; }

trunk/Source/JavaScriptCore/runtime/RegExpConstructor.cpp

@@ -188 +188 @@
 }
 
+static inline bool areLegacyFeaturesEnabled(JSGlobalObject* globalObject, JSValue newTarget)
+{
+    if (!newTarget)
+        return true;
+    return newTarget == globalObject->regExpConstructor();
+}
+
 inline Structure* getRegExpStructure(JSGlobalObject* globalObject, JSValue newTarget)
 {
@@ -233 +240 @@
     Structure* structure = getRegExpStructure(globalObject, newTarget);
     RETURN_IF_EXCEPTION(scope, nullptr);
-    return RegExpObject::create(vm, structure, regExp);
+    return RegExpObject::create(vm, structure, regExp, areLegacyFeaturesEnabled(globalObject, newTarget));
 }
 
@@ -272 +279 @@
         }
 
-        return RegExpObject::create(vm, structure, regExp);
+        return RegExpObject::create(vm, structure, regExp, areLegacyFeaturesEnabled(globalObject, newTarget));
     }
 

trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp

@@ -33 +33 @@
 static JSC_DECLARE_CUSTOM_SETTER(regExpObjectSetLastIndexNonStrict);
 
-RegExpObject::RegExpObject(VM& vm, Structure* structure, RegExp* regExp)
+RegExpObject::RegExpObject(VM& vm, Structure* structure, RegExp* regExp, bool areLegacyFeaturesEnabled)
     : JSNonFinalObject(vm, structure)
-    , m_regExpAndLastIndexIsNotWritableFlag(bitwise_cast<uintptr_t>(regExp)) // lastIndexIsNotWritableFlag is not set.
+    , m_regExpAndFlags(bitwise_cast<uintptr_t>(regExp) | (areLegacyFeaturesEnabled ? 0 : legacyFeaturesDisabledFlag)) // lastIndexIsNotWritableFlag is not set.
 {
     m_lastIndex.setWithoutWriteBarrier(jsNumber(0));

trunk/Source/JavaScriptCore/runtime/RegExpObject.h

@@ -40 +40 @@
     }
 
-    static constexpr uintptr_t lastIndexIsNotWritableFlag = 1;
+    static constexpr uintptr_t lastIndexIsNotWritableFlag = 0b01;
+    static constexpr uintptr_t legacyFeaturesDisabledFlag = 0b10;
+    static constexpr uintptr_t flagsMask = lastIndexIsNotWritableFlag | legacyFeaturesDisabledFlag;
+    static constexpr uintptr_t regExpMask = ~flagsMask;
 
-    static RegExpObject* create(VM& vm, Structure* structure, RegExp* regExp)
+    static RegExpObject* create(VM& vm, Structure* structure, RegExp* regExp, bool areLegacyFeaturesEnabled = true)
     {
-        RegExpObject* object = new (NotNull, allocateCell<RegExpObject>(vm.heap)) RegExpObject(vm, structure, regExp);
+        RegExpObject* object = new (NotNull, allocateCell<RegExpObject>(vm.heap)) RegExpObject(vm, structure, regExp, areLegacyFeaturesEnabled);
         object->finishCreation(vm);
         return object;
@@ -51 +54 @@
     static RegExpObject* create(VM& vm, Structure* structure, RegExp* regExp, JSValue lastIndex)
     {
-        auto* object = create(vm, structure, regExp);
+        static constexpr bool areLegacyFeaturesEnabled = true;
+        auto* object = create(vm, structure, regExp, areLegacyFeaturesEnabled);
         object->m_lastIndex.set(vm, object, lastIndex);
         return object;
@@ -58 +62 @@
     void setRegExp(VM& vm, RegExp* regExp)
     {
-        uintptr_t result = (m_regExpAndLastIndexIsNotWritableFlag & lastIndexIsNotWritableFlag) | bitwise_cast<uintptr_t>(regExp);
-        m_regExpAndLastIndexIsNotWritableFlag = result;
+        uintptr_t result = (m_regExpAndFlags & flagsMask) | bitwise_cast<uintptr_t>(regExp);
+        m_regExpAndFlags = result;
         vm.heap.writeBarrier(this, regExp);
     }
@@ -65 +69 @@
     RegExp* regExp() const
     {
-        return bitwise_cast<RegExp*>(m_regExpAndLastIndexIsNotWritableFlag & (~lastIndexIsNotWritableFlag));
+        return bitwise_cast<RegExp*>(m_regExpAndFlags & regExpMask);
     }
 
@@ -113 +117 @@
     }
 
-    static ptrdiff_t offsetOfRegExpAndLastIndexIsNotWritableFlag()
+    static ptrdiff_t offsetOfRegExpAndFlags()
     {
-        return OBJECT_OFFSETOF(RegExpObject, m_regExpAndLastIndexIsNotWritableFlag);
+        return OBJECT_OFFSETOF(RegExpObject, m_regExpAndFlags);
     }
 
@@ -129 +133 @@
     }
 
+    bool areLegacyFeaturesEnabled() const { return !(m_regExpAndFlags & legacyFeaturesDisabledFlag); }
+
 private:
-    JS_EXPORT_PRIVATE RegExpObject(VM&, Structure*, RegExp*);
+    JS_EXPORT_PRIVATE RegExpObject(VM&, Structure*, RegExp*, bool areLegacyFeaturesEnabled);
     JS_EXPORT_PRIVATE void finishCreation(VM&);
 
@@ -137 +143 @@
     bool lastIndexIsWritable() const
     {
-        return !(m_regExpAndLastIndexIsNotWritableFlag & lastIndexIsNotWritableFlag);
+        return !(m_regExpAndFlags & lastIndexIsNotWritableFlag);
     }
 
     void setLastIndexIsNotWritable()
     {
-        m_regExpAndLastIndexIsNotWritableFlag = (m_regExpAndLastIndexIsNotWritableFlag | lastIndexIsNotWritableFlag);
+        m_regExpAndFlags = (m_regExpAndFlags | lastIndexIsNotWritableFlag);
     }
 
@@ -151 +157 @@
     MatchResult matchInline(JSGlobalObject*, JSString*);
 
-    uintptr_t m_regExpAndLastIndexIsNotWritableFlag { 0 };
+    uintptr_t m_regExpAndFlags { 0 };
     WriteBarrier<Unknown> m_lastIndex;
 };

trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp

@@ -133 +133 @@
         return throwVMTypeError(globalObject, scope);
 
+    if (thisRegExp->globalObject(vm) != globalObject)
+        return throwVMTypeError(globalObject, scope, "RegExp.prototype.compile function's Realm must be the same to |this| RegExp object"_s);
+
+    if (!thisRegExp->areLegacyFeaturesEnabled())
+        return throwVMTypeError(globalObject, scope, "|this| RegExp object's legacy features are not enabled"_s);
+
     RegExp* regExp;
     JSValue arg0 = callFrame->argument(0);
@@ -155 +161 @@
     if (!regExp->isValid())
         return throwVMError(globalObject, scope, regExp->errorToThrow(globalObject));
+
+    globalObject->regExpRecompiledWatchpoint()->fireAll(vm, "RegExp is recompiled");
 
     thisRegExp->setRegExp(vm, regExp);