OK, I've found the issue. When we encounter the RegExp, our parser first scans it as / or /=. If / or /= is evaluated under primary expression context, we rescan the character stream as RegExp. The problem is that we don't update the token while we rescan the content. So, if we pass the string, "() => /hello/", the last token becomes "/". Since the arrow function utilizes the end offset of the last token, we accidentally recognize the range of the above arrow function as "() => /". I think we should update the token with REGEXP type as the same to template literal parsing thing.

Created attachment 291606 [details] Patch

Comment on attachment 291606 [details] Patch Attachment 291606 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/2283570 New failing tests: js/regexp-compile-crash.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T1.html fast/regex/dom/non-pattern-characters.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.2_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.2_T2.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T4.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T3.html js/arrowfunction-syntax-errors.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T1.html

Created attachment 291611 [details] Archive of layout-test-results from ews106 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5

Comment on attachment 291606 [details] Patch Attachment 291606 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2283600 Number of test failures exceeded the failure limit.

Created attachment 291613 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5

Comment on attachment 291606 [details] Patch Attachment 291606 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/2283639 New failing tests: js/regexp-compile-crash.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T1.html fast/regex/dom/non-pattern-characters.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.2_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.2_T2.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T4.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T3.html js/arrowfunction-syntax-errors.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T1.html

Created attachment 291615 [details] Archive of layout-test-results from ews121 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Comment on attachment 291606 [details] Patch Attachment 291606 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/2283718 New failing tests: js/regexp-compile-crash.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T1.html fast/regex/dom/non-pattern-characters.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.2_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.2_T2.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.3_T1.html sputnik/Conformance/07_Lexical_Conventions/7.4_Comments/S7.4_A4_T4.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.3_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A2.5_T3.html js/arrowfunction-syntax-errors.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T3.html sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.5_Regular_Expression_Literals/S7.8.5_A1.5_T1.html

Created attachment 291616 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5

I'll improve the error message and update the expected files.

I realized that so many error messages were bad due to this behavior!

Created attachment 291657 [details] Patch

Comment on attachment 291657 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=291657&action=review > JSTests/ChakraCore/test/Operators/instanceof.baseline-jsc:630 > + Exception: new Date() instanceof /a+/. /a+/ is not a function. (evaluating 'new Date() instanceof /a+/') Yeah, we produced a silly error message here!

Comment on attachment 291657 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=291657&action=review > Source/JavaScriptCore/ChangeLog:8 > + When we encounter the RegExp in the parser, we first scans it as / or /=. oops. "scans" => "scan".

Created attachment 291660 [details] Patch Fix typo in ChangeLog

Comment on attachment 291660 [details] Patch Need to check the crash. I think it should be easy.

Comment on attachment 291660 [details] Patch Attachment 291660 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2286184 Number of test failures exceeded the failure limit.

Created attachment 291665 [details] Archive of layout-test-results from ews117 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-yosemite Platform: Mac OS X 10.10.5

Created attachment 292700 [details] Patch

Comment on attachment 292700 [details] Patch Clearing flags on attachment: 292700 Committed r207798: <http://trac.webkit.org/changeset/207798>

All reviewed patches have been landed. Closing bug.