r199812 broke test262
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 May 2016 22:36:01 +0000 (22:36 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 May 2016 22:36:01 +0000 (22:36 +0000)
commit8a4d3b3f23f79f75626a225097282047fd5d17bf
treec83753282ec0f2c5dca3972eafc7f93e27baeea7
parent9e26abdd8ba52505f29602ed6e563b9fd3a5f95d
r199812 broke test262
https://bugs.webkit.org/show_bug.cgi?id=157595

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Added a reasonable limit to the size of the match result array to catch possible
infinite loops when matching.
Added a new tests that creates an infinite loop in RegExp.prototype.[Symbol.match]
by creating a subclass of RegExp where the base RegExp's global flag is false and
the subclass overrides .global with a getter that always returns true.

* builtins/RegExpPrototype.js:
(match):
* tests/stress/regress-157595.js: Added.
(MyRegExp):
(MyRegExp.prototype.get global):
(test):
(catch):

Tools:

Added a new run type, runOneLargeHeap, for tests that use a large amount of memory.
This run type will not run with the --memory-limited option.  Without that option,
we'll only the default test variant.

* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201105 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/builtins/RegExpPrototype.js
Source/JavaScriptCore/tests/stress/regress-157595.js [new file with mode: 0644]
Tools/ChangeLog
Tools/Scripts/run-jsc-stress-tests