JSC test crash: stress/dont-strength-reduce-regexp-with-compile-error.js.default
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 21:04:10 +0000 (21:04 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 21:04:10 +0000 (21:04 +0000)
commit9b6a1c36c39b2ee1c557346292d7b37b8e65e711
tree4e21b909523f3121efd93e26076938f61fb996ee
parent43e19de00dcaaebf24c361082785575f920ec488
JSC test crash: stress/dont-strength-reduce-regexp-with-compile-error.js.default
https://bugs.webkit.org/show_bug.cgi?id=195906

Reviewed by Mark Lam.

The problem here as that we may successfully parsed a RegExp without running out of stack,
but later run out of stack when trying to JIT compile the same expression.

Added a check for available stack space when we call into one of the parenthesis compilation
functions that recurse.  When we don't have enough stack space to recurse, we fail the JIT
compilation and let the interpreter handle the expression.

From code inspection of the YARR interpreter it has the same issue, but I couldn't cause a failure.
Filed a new bug and added a FIXME comment for the Interpreter to have similar checks.
Given that we can reproduce a failure, this is sufficient for now.

This change is covered by the previously added failing test,
JSTests/stress/dont-strength-reduce-regexp-with-compile-error.js.

* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::interpret):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
(JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
(JSC::Yarr::YarrGenerator::opCompileBody):
(JSC::Yarr::dumpCompileFailure):
* yarr/YarrJIT.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243237 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/yarr/YarrInterpreter.cpp
Source/JavaScriptCore/yarr/YarrJIT.cpp
Source/JavaScriptCore/yarr/YarrJIT.h