[webkit-changes] [WebKit/WebKit] 3713b5: [JSC] ASSERTION FAILED: term.quantityMinCount == 1...

Tue, 30 May 2023 16:19:13 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3713b5294002cff4f0149ec026265aea3a555556
      
https://github.com/WebKit/WebKit/commit/3713b5294002cff4f0149ec026265aea3a555556
  Author: Michael Saboff <msab...@apple.com>
  Date:   2023-05-30 (Tue, 30 May 2023)

  Changed paths:
    M JSTests/stress/regexp-vflag-property-of-strings.js
    M Source/JavaScriptCore/yarr/YarrErrorCode.cpp
    M Source/JavaScriptCore/yarr/YarrErrorCode.h
    M Source/JavaScriptCore/yarr/YarrParser.h
    M Source/JavaScriptCore/yarr/YarrPattern.cpp

  Log Message:
  -----------
  [JSC] ASSERTION FAILED: term.quantityMinCount == 1 && term.quantityMaxCount 
== 1 && term.quantityType == QuantifierType::FixedCount
https://bugs.webkit.org/show_bug.cgi?id=257432
rdar://109355826

Reviewed by Yusuke Suzuki.

This crash was due to not properly recognizing that the class set prior to the 
quantifier
was invalid due to inverted contents that contained strings.

Strengthened the "May Contain Strings" processing in accordance with the 
specification changes
for Class Sets.  Instead of trying to compute the error cases during parsing 
involving may
contain strings, that computation is now centralized in the new
ClassSetParserDelegate::computeMayContainStrings() method.  Now the various 
productions
feed their string-ness into the new method.  The error determination using the 
results of that
computation is done when a class set is closed, including nested sets.  Added a 
new Token Type,
SetDisjunctionMayContainStrings, for Set Disjunctions that contain strings.

While writing new tests, found that there was a bug with expressions like:
  /[[\q{abc|a}&&a}]/v
We were not handling the intersection where the RHS of the intersection doesn't 
include any
strings.

Also found and fixed spelling error in ClassStringDIsjunctionUnmatched.

Added several syntax and matching tests.

* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrErrorCode.cpp:
(JSC::Yarr::errorMessage):
(JSC::Yarr::errorToThrow):
* Source/JavaScriptCore/yarr/YarrErrorCode.h:
* Source/JavaScriptCore/yarr/YarrParser.h:
(JSC::Yarr::Parser::ClassSetParserDelegate::NestingState::NestingState):
(JSC::Yarr::Parser::ClassSetParserDelegate::ClassSetParserDelegate):
(JSC::Yarr::Parser::ClassSetParserDelegate::nestedClassBegin):
(JSC::Yarr::Parser::ClassSetParserDelegate::nestedClassEnd):
(JSC::Yarr::Parser::ClassSetParserDelegate::computeMayContainStrings):
(JSC::Yarr::Parser::ClassSetParserDelegate::atomBuiltInCharacterClass):
(JSC::Yarr::Parser::ClassSetParserDelegate::end):
(JSC::Yarr::Parser::ClassSetParserDelegate::isInverted):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::ClassStringDisjunctionParserDelegate):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::mayContainStrings):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::parseClassSet):
(JSC::Yarr::Parser::parseClassStringDisjunction):
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putCharNonUnion):

Canonical link: https://commits.webkit.org/264704@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to