Changeset 221111 in webkit
- Timestamp:
- Aug 23, 2017 3:24:30 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/js/regexp-unicode-expected.txt (modified) (1 diff)
-
LayoutTests/js/script-tests/regexp-unicode.js (modified) (1 diff)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/yarr/YarrJIT.cpp (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r221101 r221111 1 2017-08-23 Michael Saboff <msaboff@apple.com> 2 3 REGRESSION (r221052): DumpRenderTree crashed in com.apple.JavaScriptCore: JSC::Yarr::YarrCodeBlock::execute + 137 4 https://bugs.webkit.org/show_bug.cgi?id=175903 5 6 Reviewed by Saam Barati. 7 8 New regression test case. 9 10 * js/regexp-unicode-expected.txt: 11 * js/script-tests/regexp-unicode.js: 12 1 13 2017-08-23 Matt Lewis <jlewis3@apple.com> 2 14 -
trunk/LayoutTests/js/regexp-unicode-expected.txt
r221052 r221111 120 120 PASS "12X3𐐀4".match(/\d{0,1}/ug) is ["1", "2", "", "3", "", "4", ""] 121 121 PASS "𐐂𐐅𐐅𐐂𐐅𐐅𐐅".match(/𐐅{3}/u)[0] is "𐐅𐐅𐐅" 122 PASS "a𐐐𐐐b".match(/a(𐐐*?)bc|a(𐐐*?)b/ui)[0] is "a𐐐𐐐b" 122 123 PASS match3[0] is "a𐐐𐐐b" 123 124 PASS match3[1] is undefined. -
trunk/LayoutTests/js/script-tests/regexp-unicode.js
r221052 r221111 158 158 shouldBe('"12X3\u{10400}4".match(/\\d{0,1}/ug)', '["1", "2", "", "3", "", "4", ""]'); 159 159 shouldBe('"\u{10402}\u{10405}\u{10405}\u{10402}\u{10405}\u{10405}\u{10405}".match(/\u{10405}{3}/u)[0]', '"\u{10405}\u{10405}\u{10405}"'); 160 shouldBe('"a\u{10410}\u{10410}b".match(/a(\u{10410}*?)bc|a(\u{10410}*?)b/ui)[0]', '"a\u{10410}\u{10410}b"'); 160 161 161 162 var re3 = new RegExp("(a\u{10410}*bc)|(a\u{10410}*b)", "u"); -
trunk/Source/JavaScriptCore/ChangeLog
r221110 r221111 1 2017-08-23 Michael Saboff <msaboff@apple.com> 2 3 REGRESSION (r221052): DumpRenderTree crashed in com.apple.JavaScriptCore: JSC::Yarr::YarrCodeBlock::execute + 137 4 https://bugs.webkit.org/show_bug.cgi?id=175903 5 6 Reviewed by Saam Barati. 7 8 In generateCharacterClassGreedy we were incrementing the "count" register before checking 9 for the end of the input string. The at-end-of-input check is the final check before 10 knowing that the current character matched. In this case, the end of input check 11 indicates that we ran out of prechecked characters and therefore should fail the match of 12 the current character. The backtracking code uses the value in the "count" register as 13 the number of character that successfully matched, which shouldn't include the current 14 character. Therefore we need to move the incrementing of "count" to after the 15 at end of input check. 16 17 Through code inspection of the expectations of other backtracking code, I determined that 18 the non greedy character class matching code had a similar issue. I fixed that as well 19 and added a new test case. 20 21 * yarr/YarrJIT.cpp: 22 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): 23 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): 24 1 25 2017-08-23 Yusuke Suzuki <utatane.tea@gmail.com> 2 26 -
trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp
r221052 r221111 1269 1269 } 1270 1270 1271 add32(TrustedImm32(1), countRegister);1272 1271 add32(TrustedImm32(1), index); 1273 1272 #ifdef JIT_UNICODE_EXPRESSIONS … … 1279 1278 } 1280 1279 #endif 1280 add32(TrustedImm32(1), countRegister); 1281 1281 1282 1282 if (term->quantityMaxCount != quantifyInfinite) { … … 1375 1375 } 1376 1376 1377 add32(TrustedImm32(1), countRegister);1378 1377 add32(TrustedImm32(1), index); 1379 1378 #ifdef JIT_UNICODE_EXPRESSIONS 1380 1379 if (m_decodeSurrogatePairs) { 1380 nonGreedyFailures.append(atEndOfInput()); 1381 1381 Jump isBMPChar = branch32(LessThan, character, supplementaryPlanesBase); 1382 1382 add32(TrustedImm32(1), index); … … 1384 1384 } 1385 1385 #endif 1386 add32(TrustedImm32(1), countRegister); 1386 1387 1387 1388 jump(op.m_reentry);
Note: See TracChangeset
for help on using the changeset viewer.
