Bug 241107

Summary: ASSERTION FAILED: regExp->isValid() LLIntSlowPaths.cpp(625)
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Michael Saboff 2022-05-30 11:31:05 PDT
If there is an error when parsing a regular expression, we don't emit a NewRegExp bytecode.  Instead we create a syntax error.  The case here is that the regexp parses fine, but fails when we try to generate JIT code or try to compile to YARR bytecode.  Although this code generation fails, we cache the RegExp.  On subsequent use of the same RegExp, we retrieve the cached RegExp and assert that it is "valid".  This validity test is not necessary as the matching code properly handles the case where we can't generate code for a RegExp and turns it into a ParseError.  Therefore we can remove these debug asserts of a valid RegExp when retrieving from the cache.
Comment 1 Michael Saboff 2022-05-30 11:31:19 PDT
<rdar://93369481>
Comment 2 Michael Saboff 2022-05-30 12:00:43 PDT
Here is a test case:

function testRegExp()
{
    /((a{100000000})*b{2100000000})+/.test("b");
}

function test(testRE)
{
    for (let i = 0; i < 5000; ++i) {
        try {
            testRE();
        } catch {};
    }
}

test(testRegExp);
Comment 3 Michael Saboff 2022-05-30 12:19:52 PDT
Pull request: https://github.com/WebKit/WebKit/pull/1163
Comment 4 EWS 2022-05-31 14:23:39 PDT
Committed r295066 (251161@main): <https://commits.webkit.org/251161@main>

Reviewed commits have been landed. Closing PR #1163 and removing active labels.