Bogus uses of regexp matching should realize that they will OOM before they start...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 May 2016 14:59:46 +0000 (14:59 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 May 2016 14:59:46 +0000 (14:59 +0000)
commit1ff1e9c9a11cf79469f7aedd0463ad03b770b32e
treea33284e33eaf12eed45c619c7891dfa7c9025cdf
parentdf6b41b95cd408dcfc98d8a3688d3f8f2849aeba
Bogus uses of regexp matching should realize that they will OOM before they start swapping
https://bugs.webkit.org/show_bug.cgi?id=158142

Reviewed by Michael Saboff.

Refactored the RegExpObject::matchGlobal() code so that there is less duplication. Took
advantage of this to make the code more resilient in case of absurd situations: if the
result array gets large, it proceeds with a dry run to detect how many matches there will
be. This allows it to OOM before it starts swapping.

This also improves the overall performance of the code by using lightweight substrings and
skipping the whole intermediate argument array.

This makes some jsfunfuzz tests run a lot faster and use a lot less memory.

* builtins/RegExpPrototype.js:
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/MatchResult.cpp: Added.
(JSC::MatchResult::dump):
* runtime/MatchResult.h:
(JSC::MatchResult::empty):
(MatchResult::empty): Deleted.
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::match):
(JSC::collectMatches):
(JSC::RegExpObject::matchGlobal):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* tests/stress/big-match.js: Added. Make sure that this optimization doesn't break big matches.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201451 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/builtins/RegExpPrototype.js
Source/JavaScriptCore/runtime/MatchResult.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/MatchResult.h
Source/JavaScriptCore/runtime/RegExpObject.cpp
Source/JavaScriptCore/runtime/StringObject.h
Source/JavaScriptCore/tests/stress/big-match.js [new file with mode: 0644]