Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (204865 => 204866)
--- trunk/Source/_javascript_Core/ChangeLog 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-08-23 23:19:14 UTC (rev 204866)
@@ -1,3 +1,31 @@
+2016-08-23 Filip Pizlo <fpi...@apple.com>
+
+ REGRESSION(204854): ASan is unhappy
+ https://bugs.webkit.org/show_bug.cgi?id=161109
+
+ Reviewed by Geoffrey Garen.
+
+ I messed up RegExpConstructor: it ends up being a callee and a large allocation.
+
+ This fixes it to not be a large allocation.
+
+ * dfg/DFGStrengthReductionPhase.cpp:
+ (JSC::DFG::StrengthReductionPhase::handleNode):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchConcurrently):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpInlines.h:
+ (JSC::RegExp::matchInline):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::genericSplit):
+ * testRegExp.cpp:
+ (testOneRegExp):
+
2016-08-23 Saam Barati <sbar...@apple.com>
strict mode eval should not fire the var injection watch point
Modified: trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp (204865 => 204866)
--- trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp 2016-08-23 23:19:14 UTC (rev 204866)
@@ -469,7 +469,7 @@
FrozenValue* constructorFrozenValue = m_graph.freeze(constructor);
MatchResult result;
- Vector<int, 32> ovector;
+ Vector<int> ovector;
// We have to call the kind of match function that the main thread would have called.
// Otherwise, we might not have the desired Yarr code compiled, and the match will fail.
if (m_node->op() == RegExpExec) {
@@ -651,7 +651,7 @@
bool ok = true;
do {
MatchResult result;
- Vector<int, 32> ovector;
+ Vector<int> ovector;
// Model which version of match() is called by the main thread.
if (replace.isEmpty() && regExp->global()) {
if (!regExp->matchConcurrently(vm(), string, startPosition, result)) {
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.cpp (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2016-08-23 23:19:14 UTC (rev 204866)
@@ -37,6 +37,8 @@
InternalFunction::InternalFunction(VM& vm, Structure* structure)
: JSDestructibleObject(vm, structure)
{
+ // exec->vm() wants callees to not be large allocations.
+ RELEASE_ASSERT(!isLargeAllocation());
}
void InternalFunction::finishCreation(VM& vm, const String& name)
Modified: trunk/Source/_javascript_Core/runtime/RegExp.cpp (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/RegExp.cpp 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/RegExp.cpp 2016-08-23 23:19:14 UTC (rev 204866)
@@ -296,13 +296,13 @@
m_regExpBytecode = Yarr::byteCompile(pattern, &vm->m_regExpAllocator, &vm->m_regExpAllocatorLock);
}
-int RegExp::match(VM& vm, const String& s, unsigned startOffset, Vector<int, 32>& ovector)
+int RegExp::match(VM& vm, const String& s, unsigned startOffset, Vector<int>& ovector)
{
return matchInline(vm, s, startOffset, ovector);
}
bool RegExp::matchConcurrently(
- VM& vm, const String& s, unsigned startOffset, int& position, Vector<int, 32>& ovector)
+ VM& vm, const String& s, unsigned startOffset, int& position, Vector<int>& ovector)
{
ConcurrentJITLocker locker(m_lock);
@@ -382,7 +382,7 @@
void RegExp::matchCompareWithInterpreter(const String& s, int startOffset, int* offsetVector, int jitResult)
{
int offsetVectorSize = (m_numSubpatterns + 1) * 2;
- Vector<int, 32> interpreterOvector;
+ Vector<int> interpreterOvector;
interpreterOvector.resize(offsetVectorSize);
int* interpreterOffsetVector = interpreterOvector.data();
int interpreterResult = 0;
Modified: trunk/Source/_javascript_Core/runtime/RegExp.h (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/RegExp.h 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/RegExp.h 2016-08-23 23:19:14 UTC (rev 204866)
@@ -64,10 +64,10 @@
bool isValid() const { return !m_constructionError && m_flags != InvalidFlags; }
const char* errorMessage() const { return m_constructionError; }
- JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int, 32>& ovector);
+ JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int>& ovector);
// Returns false if we couldn't run the regular _expression_ for any reason.
- bool matchConcurrently(VM&, const String&, unsigned startOffset, int& position, Vector<int, 32>& ovector);
+ bool matchConcurrently(VM&, const String&, unsigned startOffset, int& position, Vector<int>& ovector);
JS_EXPORT_PRIVATE MatchResult match(VM&, const String&, unsigned startOffset);
@@ -74,7 +74,8 @@
bool matchConcurrently(VM&, const String&, unsigned startOffset, MatchResult&);
// Call these versions of the match functions if you're desperate for performance.
- int matchInline(VM&, const String&, unsigned startOffset, Vector<int, 32>& ovector);
+ template<typename VectorType>
+ int matchInline(VM&, const String&, unsigned startOffset, VectorType& ovector);
MatchResult matchInline(VM&, const String&, unsigned startOffset);
unsigned numSubpatterns() const { return m_numSubpatterns; }
Modified: trunk/Source/_javascript_Core/runtime/RegExpConstructor.h (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/RegExpConstructor.h 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/RegExpConstructor.h 2016-08-23 23:19:14 UTC (rev 204866)
@@ -80,7 +80,7 @@
RegExpCachedResult m_cachedResult;
bool m_multiline;
- Vector<int, 32> m_ovector;
+ Vector<int> m_ovector;
};
RegExpConstructor* asRegExpConstructor(JSValue);
Modified: trunk/Source/_javascript_Core/runtime/RegExpInlines.h (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/RegExpInlines.h 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/RegExpInlines.h 2016-08-23 23:19:14 UTC (rev 204866)
@@ -94,7 +94,8 @@
compile(&vm, charSize);
}
-ALWAYS_INLINE int RegExp::matchInline(VM& vm, const String& s, unsigned startOffset, Vector<int, 32>& ovector)
+template<typename VectorType>
+ALWAYS_INLINE int RegExp::matchInline(VM& vm, const String& s, unsigned startOffset, VectorType& ovector)
{
#if ENABLE(REGEXP_TRACING)
m_rtMatchCallCount++;
Modified: trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp (204865 => 204866)
--- trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2016-08-23 23:19:14 UTC (rev 204866)
@@ -468,12 +468,14 @@
unsigned& matchPosition, bool regExpIsSticky, bool regExpIsUnicode,
const ControlFunc& control, const PushFunc& push)
{
+ Vector<int> ovector;
+
while (matchPosition < inputSize) {
if (control() == AbortSplit)
return;
- Vector<int, 32> ovector;
-
+ ovector.resize(0);
+
// a. Perform ? Set(splitter, "lastIndex", q, true).
// b. Let z be ? RegExpExec(splitter, S).
int mpos = regexp->match(vm, input, matchPosition, ovector);
Modified: trunk/Source/_javascript_Core/testRegExp.cpp (204865 => 204866)
--- trunk/Source/_javascript_Core/testRegExp.cpp 2016-08-23 23:16:54 UTC (rev 204865)
+++ trunk/Source/_javascript_Core/testRegExp.cpp 2016-08-23 23:19:14 UTC (rev 204866)
@@ -191,7 +191,7 @@
static bool testOneRegExp(VM& vm, RegExp* regexp, RegExpTest* regExpTest, bool verbose, unsigned int lineNumber)
{
bool result = true;
- Vector<int, 32> outVector;
+ Vector<int> outVector;
outVector.resize(regExpTest->expectVector.size());
int matchResult = regexp->match(vm, regExpTest->subject, regExpTest->offset, outVector);
