WebKit Bugzilla
Attachment 370296 Details for
Bug 198065
: [YARR] Properly handle RegExp's that require large ParenContext space
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
198065.patch (text/plain), 4.33 KB, created by
Michael Saboff
on 2019-05-20 20:48:56 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Michael Saboff
Created:
2019-05-20 20:48:56 PDT
Size:
4.33 KB
patch
obsolete
>Index: JSTests/ChangeLog >=================================================================== >--- JSTests/ChangeLog (revision 245559) >+++ JSTests/ChangeLog (working copy) >@@ -1,3 +1,15 @@ >+2019-05-20 Michael Saboff <msaboff@apple.com> >+ >+ [YARR] Properly handle RegExp's that require large ParenContext space >+ https://bugs.webkit.org/show_bug.cgi?id=198065 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ New test. >+ >+ * stress/regexp-large-paren-context.js: Added. >+ (testLargeRegExp): >+ > 2019-05-17 Justin Michaud <justin_michaud@apple.com> > > [WASM-References] Add support for Anyref in parameters and return types, Ref.null and Ref.is_null for Anyref values. >Index: JSTests/stress/regexp-large-paren-context.js >=================================================================== >--- JSTests/stress/regexp-large-paren-context.js (nonexistent) >+++ JSTests/stress/regexp-large-paren-context.js (working copy) >@@ -0,0 +1,22 @@ >+// Test the regular expresions that need lots of parenthesis context space work. >+// This includes falling back to the interpreter. >+ >+function testLargeRegExp(terms) >+{ >+ let s = ''; >+ for (let i = 0; i < terms; i++) { >+ s += '(?:a){0,2}'; >+ } >+ >+ let r = new RegExp(s); >+ for (let i = 0; i < 10; i++) >+ ''.match(r); >+} >+ >+ >+testLargeRegExp(127); >+testLargeRegExp(128); >+testLargeRegExp(255); >+testLargeRegExp(256); >+testLargeRegExp(1000); >+ >Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 245559) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,23 @@ >+2019-05-20 Michael Saboff <msaboff@apple.com> >+ >+ [YARR] Properly handle RegExp's that require large ParenContext space >+ https://bugs.webkit.org/show_bug.cgi?id=198065 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Changed the check of ParenContext space limit from INT16_MAX to the actual runtime limit, >+ VM::patternContextBufferSize. >+ >+ Also changed what happens when we exceed that limit to fail the RegExp JIT compilation >+ and fall back to the YARR interpreter. This can save large amounts of JIT memory for a >+ JIT'ed function that cannot ever succeed. >+ >+ * yarr/YarrJIT.cpp: >+ (JSC::Yarr::YarrGenerator::initParenContextFreeList): >+ (JSC::Yarr::YarrGenerator::compile): >+ * yarr/YarrJIT.h: Eliminated an unused patternContextBufferSize constant, found while >+ fixing this bug. >+ > 2019-05-20 Ross Kirsling <ross.kirsling@sony.com> > > [WinCairo] Implement Remote Web Inspector Client. >Index: Source/JavaScriptCore/yarr/YarrJIT.cpp >=================================================================== >--- Source/JavaScriptCore/yarr/YarrJIT.cpp (revision 245559) >+++ Source/JavaScriptCore/yarr/YarrJIT.cpp (working copy) >@@ -228,9 +228,10 @@ class YarrGenerator : public YarrJITInfo > > parenContextSize = WTF::roundUpToMultipleOf<sizeof(uintptr_t)>(parenContextSize); > >- // Check that the paren context is a reasonable size. >- if (parenContextSize > INT16_MAX) >- m_abortExecution.append(jump()); >+ if (parenContextSize > VM::patternContextBufferSize) { >+ m_failureReason = JITFailureReason::ParenthesisNestedTooDeep; >+ return; >+ } > > Jump emptyFreeList = branchTestPtr(Zero, freelistRegister); > move(freelistRegister, parenContextPointer); >@@ -3935,8 +3936,13 @@ public: > initCallFrame(); > > #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS) >- if (m_containsNestedSubpatterns) >+ if (m_containsNestedSubpatterns) { > initParenContextFreeList(); >+ if (m_failureReason) { >+ codeBlock.setFallBackWithFailureReason(*m_failureReason); >+ return; >+ } >+ } > #endif > > if (m_pattern.m_saveInitialStartValue) { >Index: Source/JavaScriptCore/yarr/YarrJIT.h >=================================================================== >--- Source/JavaScriptCore/yarr/YarrJIT.h (revision 245559) >+++ Source/JavaScriptCore/yarr/YarrJIT.h (working copy) >@@ -38,10 +38,6 @@ > #define YARR_CALL > #endif > >-#if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS) >-constexpr size_t patternContextBufferSize = 8192; // Space caller allocates to save nested parenthesis context >-#endif >- > namespace JSC { > > class VM;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370296">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198065
:
370296
|
370612