Bug 274449 - [JSC] Use `RegExp.prototype[@@split]` slow path if `hasIndices` and `dotAll` getters has been overwritten
Summary: [JSC] Use `RegExp.prototype[@@split]` slow path if `hasIndices` and `dotAll` ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-05-21 00:23 PDT by Sosuke Suzuki
Modified: 2024-06-11 05:16 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sosuke Suzuki 2024-05-21 00:23:42 PDT 
`RegExp.prototype[@@split]` calls the `hasIndices` and `dotAll` getters via the `flags`
    getter[1]. If these getters are overwritten, observable side effects may occur. However, the fast
    path skips these getter calls.

    [1]: https://tc39.es/ecma262/multipage/text-processing.html#sec-regexp.prototype-@@split
Comment 1 Sosuke Suzuki 2024-05-21 00:32:21 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/28835
Comment 2 Radar WebKit Bug Importer 2024-05-28 00:24:13 PDT 
<rdar://problem/128849967>
Comment 3 EWS 2024-06-11 05:16:37 PDT 
Committed 279905@main (b03cf953dce9): <https://commits.webkit.org/279905@main>

Reviewed commits have been landed. Closing PR #28835 and removing active labels.