Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b03cf953dce94c9c63c12af11cae3ce835553337
https://github.com/WebKit/WebKit/commit/b03cf953dce94c9c63c12af11cae3ce835553337
Author: Sosuke Suzuki <aosuk...@gmail.com>
Date: 2024-06-11 (Tue, 11 Jun 2024)
Changed paths:
A JSTests/stress/regexp-split-side-effects-via-hasIndices-and-dotAll.js
M Source/JavaScriptCore/builtins/BuiltinNames.h
M Source/JavaScriptCore/builtins/RegExpPrototype.js
M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Log Message:
-----------
[JSC] Use `RegExp.prototype[@@split]` slow path if `hasIndices` and `dotAll`
getters has been overwritten
https://bugs.webkit.org/show_bug.cgi?id=274449
Reviewed by Ross Kirsling.
`RegExp.prototype[@@split]` calls the `hasIndices` and `dotAll` getters via the
`flags`
getter[1]. If these getters are overwritten, observable side effects may occur.
However, the fast
path skips these getter calls.
This patch changes to use the slow path if these getters are overwritten.
[1]:
https://tc39.es/ecma262/multipage/text-processing.html#sec-regexp.prototype-@@split
* JSTests/stress/regexp-split-side-effects-via-hasIndices-and-dotAll.js: Added.
(sameValue):
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/builtins/RegExpPrototype.js:
(linkTimeConstant.hasObservableSideEffectsForRegExpSplit):
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
Canonical link: https://commits.webkit.org/279905@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
