Bug 241107 - ASSERTION FAILED: regExp->isValid() LLIntSlowPaths.cpp(625)
Summary: ASSERTION FAILED: regExp->isValid() LLIntSlowPaths.cpp(625)
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-05-30 11:31 PDT by Michael Saboff
Modified: 2022-05-31 14:23 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2022-05-30 11:31:05 PDT 
If there is an error when parsing a regular expression, we don't emit a NewRegExp bytecode.  Instead we create a syntax error.  The case here is that the regexp parses fine, but fails when we try to generate JIT code or try to compile to YARR bytecode.  Although this code generation fails, we cache the RegExp.  On subsequent use of the same RegExp, we retrieve the cached RegExp and assert that it is "valid".  This validity test is not necessary as the matching code properly handles the case where we can't generate code for a RegExp and turns it into a ParseError.  Therefore we can remove these debug asserts of a valid RegExp when retrieving from the cache.
Comment 1 Michael Saboff 2022-05-30 11:31:19 PDT 
<rdar://93369481>
Comment 2 Michael Saboff 2022-05-30 12:00:43 PDT 
Here is a test case:

function testRegExp()
{
    /((a{100000000})*b{2100000000})+/.test("b");
}

function test(testRE)
{
    for (let i = 0; i < 5000; ++i) {
        try {
            testRE();
        } catch {};
    }
}

test(testRegExp);
Comment 3 Michael Saboff 2022-05-30 12:19:52 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1163
Comment 4 EWS 2022-05-31 14:23:39 PDT 
Committed r295066 (251161@main): <https://commits.webkit.org/251161@main>

Reviewed commits have been landed. Closing PR #1163 and removing active labels.