Merge r245815 - [YARR] Properly handle RegExp's that require large Pa…

…renContext space https://bugs.webkit.org/show_bug.cgi?id=198065 Reviewed by Keith Miller. JSTests: New test. * stress/regexp-large-paren-context.js: Added. (testLargeRegExp): Source/JavaScriptCore: Changed what happens when we exceed VM::patternContextBufferSize when compiling a RegExp that needs ParenCOntextSpace to fail the RegExp JIT compilation and fall back to the YARR interpreter. This can save large amounts of JIT memory for a JIT'ed function that cannot ever succeed. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::initParenContextFreeList): (JSC::Yarr::YarrGenerator::compile):
WebKit · Aug 4, 2019 · 065089c · 065089c
1 parent ca5abfc
commit 065089c
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 4 deletions.
diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog
@@ -1,3 +1,15 @@
+2019-05-28  Michael Saboff  <msaboff@apple.com>
+
+        [YARR] Properly handle RegExp's that require large ParenContext space
+        https://bugs.webkit.org/show_bug.cgi?id=198065
+
+        Reviewed by Keith Miller.
+
+        New test.
+
+        * stress/regexp-large-paren-context.js: Added.
+        (testLargeRegExp):
+
 2019-05-20  Keith Miller  <keith_miller@apple.com>
 
         Cleanup Yarr regexp code around paren contexts.

diff --git a/JSTests/stress/regexp-large-paren-context.js b/JSTests/stress/regexp-large-paren-context.js
@@ -0,0 +1,22 @@
+// Test the regular expresions that need lots of parenthesis context space work.
+// This includes falling back to the interpreter.
+
+function testLargeRegExp(terms)
+{
+    let s = '';
+    for (let i = 0; i < terms; i++) {
+        s += '(?:a){0,2}';
+    }
+
+    let r = new RegExp(s);
+    for (let i = 0; i < 10; i++)
+        ''.match(r);
+}
+
+testLargeRegExp(127);
+testLargeRegExp(128);
+testLargeRegExp(255);
+testLargeRegExp(256);
+testLargeRegExp(1000);
+
+
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,19 @@
+2019-05-28  Michael Saboff  <msaboff@apple.com>
+
+        [YARR] Properly handle RegExp's that require large ParenContext space
+        https://bugs.webkit.org/show_bug.cgi?id=198065
+
+        Reviewed by Keith Miller.
+
+        Changed what happens when we exceed VM::patternContextBufferSize when compiling a RegExp
+        that needs ParenCOntextSpace to fail the RegExp JIT compilation and fall back to the YARR
+        interpreter.  This can save large amounts of JIT memory for a
+        JIT'ed function that cannot ever succeed.
+
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::initParenContextFreeList):
+        (JSC::Yarr::YarrGenerator::compile):
+
 2019-05-20  Keith Miller  <keith_miller@apple.com>
 
         Cleanup Yarr regexp code around paren contexts.

diff --git a/Source/JavaScriptCore/yarr/YarrJIT.cpp b/Source/JavaScriptCore/yarr/YarrJIT.cpp
@@ -226,9 +226,10 @@ class YarrGenerator : public YarrJITInfo, private MacroAssembler {
 
         parenContextSize = WTF::roundUpToMultipleOf<sizeof(uintptr_t)>(parenContextSize);
 
-        // Check that the paren context is a reasonable size.
-        if (parenContextSize > VM::patternContextBufferSize)
-            m_abortExecution.append(jump());
+        if (parenContextSize > VM::patternContextBufferSize) {
+            m_failureReason = JITFailureReason::ParenthesisNestedTooDeep;
+            return;
+        }
 
         Jump emptyFreeList = branchTestPtr(Zero, freelistRegister);
         move(freelistRegister, parenContextPointer);
@@ -3885,8 +3886,13 @@ class YarrGenerator : public YarrJITInfo, private MacroAssembler {
         initCallFrame();
 
 #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS)
-        if (m_containsNestedSubpatterns)
+        if (m_containsNestedSubpatterns) {
             initParenContextFreeList();
+            if (m_failureReason) {
+                codeBlock.setFallBackWithFailureReason(*m_failureReason);
+                return;
+            }
+        }
 #endif
 
         if (m_pattern.m_saveInitialStartValue) {