Bug 178890

Summary: REGRESSION(r222601): We fail to properly backtrack into a sub pattern of a parenthesis with non-zero minimum
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Severity: Normal CC: buildbot, commit-queue, keith_miller, mark.lam, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Description Flags
Patch none

Description Michael Saboff 2017-10-26 15:25:45 PDT
A somewhat reduced test case is:
Here is a somewhat reduced test case /:(?:\w)+\(([‘]?)((?:\([^\)]+\)|[^\(\)]*){1,2})\1\)/.exec(“:not('.hs-processed')”)

Prior to r222601, the handling of a greedy parenthesis minimum count during backtracking was always 0, ignoring the actual minimum from the pattern.  In this case, the parenthesized subpattern, ((?:\([^\)]+\)|[^\(\)]*){1,2}, has a minimum count of 1.  Here is a RegExp pattern dump of that part of the expression.

      non-captured subpattern {1,2} greedy,frame location 4
        alternative list,frame location 5
        alternative #0: minimum size: 3
          character inputPosition 3 '('
          not character class inputPosition 4 [ASCII:(')')]
          not character class inputPosition 5 [ASCII:(')')] {0,...} greedy,frame location 1
          character inputPosition 5 ')'
        alternative #1: minimum size: 0
          not character class inputPosition 3 [ASCII:('(',')')] {0,...} greedy,frame location 1

With change r222601, we stop backtracking parenthesis when the match count is equal to the minimum without trying to backtrack the contained sub pattern.  If that sub match fails and we are at the minimum, then we can fail the parenthesis backtracking.
Comment 1 Michael Saboff 2017-10-26 15:26:19 PDT
Comment 2 Michael Saboff 2017-10-26 15:55:41 PDT
Created attachment 325069 [details]
Comment 3 Keith Miller 2017-10-26 17:00:24 PDT
Comment on attachment 325069 [details]

Comment 4 WebKit Commit Bot 2017-10-26 17:31:54 PDT
Comment on attachment 325069 [details]

Clearing flags on attachment: 325069

Committed r224072: <https://trac.webkit.org/changeset/224072>
Comment 5 WebKit Commit Bot 2017-10-26 17:31:55 PDT
All reviewed patches have been landed.  Closing bug.