Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a721886ce56b2e7bd28d37d0a06c7a2dea0ea429
https://github.com/WebKit/WebKit/commit/a721886ce56b2e7bd28d37d0a06c7a2dea0ea429
Author: Yusuke Suzuki <[email protected]>
Date: 2025-12-01 (Mon, 01 Dec 2025)
Changed paths:
A JSTests/stress/regexp-paren-context-stack-exhaustion.js
M Source/JavaScriptCore/runtime/RegExpInlines.h
M Source/JavaScriptCore/runtime/VM.cpp
M Source/JavaScriptCore/runtime/VM.h
M Source/JavaScriptCore/yarr/YarrJIT.cpp
M Source/JavaScriptCore/yarr/YarrJIT.h
M Source/JavaScriptCore/yarr/YarrJITRegisters.h
M Source/JavaScriptCore/yarr/YarrMatchingContextHolder.h
Log Message:
-----------
[JSC] Yarr ParenContext should be allocated from Stack
https://bugs.webkit.org/show_bug.cgi?id=303297
rdar://165603668
Reviewed by Dan Hecht.
This patch makes ParenContext allocation done from the stack instead of
limited sized buffer. This makes code simpler, and more efficient
because of large size of the stack. Furthermore,
1. Previously we were always setting up the entire buffer for freelist
of ParenContext. This setup time took significant amount of time.
This patch changes how we allocate ParenContext: we first allocate
them from the stack and freelist is used after we free some of these
contexts. This avoids unnecessary setup time.
2. We avoid using stackPointerRegister to access to the allocated
CallFrame for RegExp. Instead, we are using callFrameRegister, which
allows us to extend stackPointerRegister easily for (1).
3. We clean up prologue and epilogue by using calleeSaveRegisters set.
4. Use TrustedImm32 for surrogateTagMask etc. in ARM64 too. This is not
worth having a register.
5. non ARM64 uses InvalidGPRReg for freelistRegister. And using
matchingContext's field instead.
* JSTests/stress/regexp-paren-context-stack-exhaustion.js: Added.
(createDeeplyNestedPattern):
(test):
* Source/JavaScriptCore/runtime/RegExpInlines.h:
(JSC::RegExp::matchInline):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::acquireRegExpPatternContexBuffer): Deleted.
(JSC::VM::releaseRegExpPatternContexBuffer): Deleted.
* Source/JavaScriptCore/runtime/VM.h:
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
(JSC::Yarr::tryReadUnicodeCharImpl):
(JSC::Yarr::tryReadUnicodeCharSlowImpl):
* Source/JavaScriptCore/yarr/YarrJIT.h:
* Source/JavaScriptCore/yarr/YarrJITRegisters.h:
* Source/JavaScriptCore/yarr/YarrMatchingContextHolder.h:
(JSC::Yarr::MatchingContextHolder::offsetOfFreeList):
(JSC::Yarr::MatchingContextHolder::stackLimit const):
(JSC::Yarr::MatchingContextHolder::freeList const):
(JSC::Yarr::MatchingContextHolder::MatchingContextHolder):
(JSC::Yarr::MatchingContextHolder::~MatchingContextHolder):
(JSC::Yarr::MatchingContextHolder::offsetOfPatternContextBuffer): Deleted.
(JSC::Yarr::MatchingContextHolder::offsetOfPatternContextBufferSize): Deleted.
Canonical link: https://commits.webkit.org/303725@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
