Scanning with the regular expression [^\\s$] returns extra matches. For example, in the testcase, scanning " abcdefg" returns "abcdefg" and then "fg" (with only one leading space it returns "g"). This regression is at least one of the reasons for bug 5597 and bug 5571 in TOT.
Created attachment 4568 [details] Testcase?
Looks like the bug is in the text/exec case inside RegExpProtoFuncImp::callAsFunction. It does a match, and then sets lastIndex to lastIndex + match.size(). But that's only accurate if the match is at the start of the string. Probably easy to fix by using endOffset in that place.
Created attachment 4572 [details] patch to set lastIndex properly, fixes test case
Comment on attachment 4572 [details] patch to set lastIndex properly, fixes test case lastIndex + foundIndex + match.size() should be foundIndex + match.size() -- was that a typo?
Created attachment 4577 [details] Patch to fix suspected typo in Darin's patch
Comment on attachment 4577 [details] Patch to fix suspected typo in Darin's patch Heh, I wouldn't call my mistake a "typo" exactly. But this new patch looks good. Please include a test case that would have failed with my patch.
Created attachment 4583 [details] fast/js/regexp-lastindex.html Testcase that catches the bug in Darin's patch.