WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155069
RegExpMatchesArray doesn't know how to have a bad time
https://bugs.webkit.org/show_bug.cgi?id=155069
Summary
RegExpMatchesArray doesn't know how to have a bad time
Filip Pizlo
Reported
2016-03-05 14:08:53 PST
Patch forthcoming.
Attachments
work in progress
(24.98 KB, patch)
2016-03-05 19:33 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
more
(39.95 KB, patch)
2016-03-05 20:44 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
possibly done
(63.57 KB, patch)
2016-03-05 21:04 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
seems to work
(66.10 KB, patch)
2016-03-05 21:50 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
runs some things
(81.45 KB, patch)
2016-03-06 00:30 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
the patch
(84.89 KB, patch)
2016-03-06 01:25 PST
,
Filip Pizlo
ysuzuki
: review+
Details
Formatted Diff
Diff
Show Obsolete
(5)
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2016-03-05 19:33:44 PST
Created
attachment 273119
[details]
work in progress
Filip Pizlo
Comment 2
2016-03-05 20:44:04 PST
Created
attachment 273122
[details]
more
Filip Pizlo
Comment 3
2016-03-05 21:04:41 PST
Created
attachment 273125
[details]
possibly done
Filip Pizlo
Comment 4
2016-03-05 21:50:30 PST
Created
attachment 273126
[details]
seems to work
Filip Pizlo
Comment 5
2016-03-06 00:30:37 PST
Created
attachment 273128
[details]
runs some things
Filip Pizlo
Comment 6
2016-03-06 01:25:12 PST
Created
attachment 273131
[details]
the patch
WebKit Commit Bot
Comment 7
2016-03-06 01:27:33 PST
Attachment 273131
[details]
did not pass style-queue: ERROR: Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1908: Place brace on its own line for function definitions. [whitespace/braces] [4] Total errors found: 1 in 38 files If any of these errors are false positives, please file a bug against check-webkit-style.
Yusuke Suzuki
Comment 8
2016-03-06 12:02:29 PST
Comment on
attachment 273131
[details]
the patch View in context:
https://bugs.webkit.org/attachment.cgi?id=273131&action=review
Looks great.
> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:2175 > + Node* regExpExec = addToGraph(RegExpExec, OpInfo(0), OpInfo(prediction), addToGraph(GetGlobalObject, callee), get(virtualRegisterForArgument(0, registerOffset)), get(virtualRegisterForArgument(1, registerOffset)));
OK, we need to insert having a bad time watchpoint checking for the RegExp.prototype.exec's global object.
> Source/JavaScriptCore/runtime/JSGlobalObject.cpp:767 > + m_regExpMatchesArrayStructure.set(vm, this, m_regExpMatchesArraySlowPutStructure.get());
OK. Switching the structure to slow put one, that is used when creating a new RegExp matches array. And existing one is switched by the following path.
> Source/JavaScriptCore/tests/stress/regexp-matches-array-slow-put.js:3 > + Array.prototype.__defineSetter__("0", function(value) { count += value; });
Yeah, let's have a bad time!
Filip Pizlo
Comment 9
2016-03-06 12:09:18 PST
(In reply to
comment #8
)
> Comment on
attachment 273131
[details]
> the patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=273131&action=review
> > Looks great. > > > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:2175 > > + Node* regExpExec = addToGraph(RegExpExec, OpInfo(0), OpInfo(prediction), addToGraph(GetGlobalObject, callee), get(virtualRegisterForArgument(0, registerOffset)), get(virtualRegisterForArgument(1, registerOffset))); > > OK, we need to insert having a bad time watchpoint checking for the > RegExp.prototype.exec's global object.
Note that we will only insert the haveABadTime watchpoint if the abstract interpreter discovers what the global object is and observes that it's not having a bad time. If either of those things don't happen, RegExpExec will simply make no promises about the kind of array it returns - so the CodeBlock doesn't need any watchpoints in that case. This works partly because createRegExpMatchesArray currently always does a check for isHavingABadTime each time it is executed.
> > > Source/JavaScriptCore/runtime/JSGlobalObject.cpp:767 > > + m_regExpMatchesArrayStructure.set(vm, this, m_regExpMatchesArraySlowPutStructure.get()); > > OK. Switching the structure to slow put one, that is used when creating a > new RegExp matches array. > And existing one is switched by the following path. > > > Source/JavaScriptCore/tests/stress/regexp-matches-array-slow-put.js:3 > > + Array.prototype.__defineSetter__("0", function(value) { count += value; }); > > Yeah, let's have a bad time!
Filip Pizlo
Comment 10
2016-03-06 12:11:32 PST
Landed in
http://trac.webkit.org/changeset/197641
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug