[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

commit-queue at webkit.org commit-queue at webkit.org
Wed Dec 22 11:34:55 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit b2f7d8db9cdd1087709d682d58249f2469266ded
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Jul 29 21:33:19 2010 +0000

    2010-07-29  Michael Saboff  <msaboff at apple.com>
    
            Reviewed by Oliver Hunt.
    
            Fixed issue where RegExp greedy jit code loops when no input is
            consumed.  Changed the code to only loop if some input was consumed,
            but fall through if we successfully match an alternative that
            doesn't consume any input.
            https://bugs.webkit.org/show_bug.cgi?id=42664
    
            * yarr/RegexJIT.cpp:
            (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
    2010-07-29  Michael Saboff  <msaboff at apple.com>
    
            Reviewed by Oliver Hunt.
    
            Added tests to correspond to the changes made in
            JavaScriptCore/yarr/RegexJIT.cpp to fix
            https://bugs.webkit.org/show_bug.cgi?id=42664.
            Note that some of the new test cases fail due to one or more
            unrelated bugs in the pcre interpreter.  The expected results
            for these tests will need to be updated when the implementation
            conforms to the JS standard.
    
            * fast/js/regexp-look-ahead-empty-expected.txt: Added.
            * fast/js/regexp-look-ahead-empty.html: Added.
            * fast/js/script-tests/regexp-look-ahead-empty.js: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index a0be677..77f90e6 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-07-29  Michael Saboff  <msaboff at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fixed issue where RegExp greedy jit code loops when no input is
+        consumed.  Changed the code to only loop if some input was consumed,
+        but fall through if we successfully match an alternative that 
+        doesn't consume any input.
+        https://bugs.webkit.org/show_bug.cgi?id=42664
+
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
+
 2010-07-29  Gabor Loki  <loki at webkit.org>
 
         Reviewed by Gavin Barraclough.
diff --git a/JavaScriptCore/yarr/RegexJIT.cpp b/JavaScriptCore/yarr/RegexJIT.cpp
index 609417f..9eff75a 100644
--- a/JavaScriptCore/yarr/RegexJIT.cpp
+++ b/JavaScriptCore/yarr/RegexJIT.cpp
@@ -1032,6 +1032,9 @@ class RegexGenerator : private MacroAssembler {
         TermGenerationState parenthesesState(disjunction, state.checkedTotal);
 
         Label matchAgain(this);
+
+        storeToFrame(index, parenthesesTerm.frameLocation); // Save the current index to check for zero len matches later.
+
         for (parenthesesState.resetAlternative(); parenthesesState.alternativeValid(); parenthesesState.nextAlternative()) {
 
             PatternAlternative* alternative = parenthesesState.alternative();
@@ -1046,9 +1049,9 @@ class RegexGenerator : private MacroAssembler {
             for (parenthesesState.resetTerm(); parenthesesState.termValid(); parenthesesState.nextTerm())
                 generateTerm(parenthesesState);
 
-            // If we get here, we matched! Limit not yet supported, so just try to match more!
-            jump(matchAgain);
-            
+            // If we get here, we matched! If the index advanced then try to match more since limit isn't supported yet.
+            branch32(GreaterThan, index, Address(stackPointerRegister, (parenthesesTerm.frameLocation * sizeof(void*))), matchAgain);
+
             parenthesesState.linkAlternativeBacktracks(this);
             // We get here if the alternative fails to match - fall through to the next iteration, or out of the loop.
 
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fa31126..8e30fb1 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2010-07-29  Michael Saboff  <msaboff at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Added tests to correspond to the changes made in 
+        JavaScriptCore/yarr/RegexJIT.cpp to fix
+        https://bugs.webkit.org/show_bug.cgi?id=42664.
+        Note that some of the new test cases fail due to one or more 
+        unrelated bugs in the pcre interpreter.  The expected results 
+        for these tests will need to be updated when the implementation
+        conforms to the JS standard.
+
+        * fast/js/regexp-look-ahead-empty-expected.txt: Added.
+        * fast/js/regexp-look-ahead-empty.html: Added.
+        * fast/js/script-tests/regexp-look-ahead-empty.js: Added.
+
 2010-07-29  Ojan Vafai  <ojan at chromium.org>
 
         Reviewed by Tor Arne Vestbø.
diff --git a/LayoutTests/fast/js/regexp-look-ahead-empty-expected.txt b/LayoutTests/fast/js/regexp-look-ahead-empty-expected.txt
new file mode 100644
index 0000000..f2039a1
--- /dev/null
+++ b/LayoutTests/fast/js/regexp-look-ahead-empty-expected.txt
@@ -0,0 +1,17 @@
+Test for regression against Yarr Interpreter is hanging in some cases of look-ahead regex patterns. It also tests some other related expressions.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS /(?:(?=x))+/.exec("x") is [""]
+PASS /(?:a?)*/.exec("a") is ["a"]
+PASS /(a|ab)*/.exec("abab") is ["a","a"]
+PASS /(ab)+/.exec("abab") is ["abab","ab"]
+FAIL /(|ab)*/.exec("ab") should be ab,ab. Was ,.
+FAIL /(?:(|ab)*)/.exec("ab") should be ab,ab. Was ,.
+FAIL /(?:(|ab)+)/.exec("ab") should be ab,ab. Was ,.
+FAIL /(|ab)+/.exec("abab") should be abab,ab. Was ,.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/js/regexp-look-ahead-empty.html b/LayoutTests/fast/js/regexp-look-ahead-empty.html
new file mode 100644
index 0000000..95ba0b0
--- /dev/null
+++ b/LayoutTests/fast/js/regexp-look-ahead-empty.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/regexp-look-ahead-empty.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/js/script-tests/regexp-look-ahead-empty.js b/LayoutTests/fast/js/script-tests/regexp-look-ahead-empty.js
new file mode 100644
index 0000000..16836f2
--- /dev/null
+++ b/LayoutTests/fast/js/script-tests/regexp-look-ahead-empty.js
@@ -0,0 +1,15 @@
+description(
+'Test for regression against <a href="https://bugs.webkit.org/show_bug.cgi?id=42664">Yarr Interpreter is hanging in some cases of look-ahead regex patterns</a>.  It also tests some other related expressions.'
+);
+
+shouldBe('/(?:(?=x))+/.exec("x")', '[""]');
+shouldBe('/(?:a?)*/.exec("a")', '["a"]');
+shouldBe('/(a|ab)*/.exec("abab")', '["a","a"]');
+shouldBe('/(ab)+/.exec("abab")', '["abab","ab"]');
+// The following tests fail because of pcre interpreter bug(s).
+shouldBe('/(|ab)*/.exec("ab")', '["ab","ab"]');
+shouldBe('/(?:(|ab)*)/.exec("ab")', '["ab","ab"]');
+shouldBe('/(?:(|ab)+)/.exec("ab")', '["ab","ab"]');
+shouldBe('/(|ab)+/.exec("abab")', '["abab","ab"]');
+
+var successfullyParsed = true;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list