Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2fb117dc7dcdb56ecdf3fb4568d01dd854bf1e10
https://github.com/WebKit/WebKit/commit/2fb117dc7dcdb56ecdf3fb4568d01dd854bf1e10
Author: Sosuke Suzuki <[email protected]>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
A JSTests/stress/regexp-non-greedy-backref-index-restore.js
M Source/JavaScriptCore/yarr/YarrJIT.cpp
Log Message:
-----------
[YARR] JIT non-greedy backreference should restore index on backtrack failure
https://bugs.webkit.org/show_bug.cgi?id=308425
Reviewed by Yusuke Suzuki.
The interpreter restores the input position via input.setPos(backTrack->begin)
when a non-greedy backreference fails completely, but the JIT was missing the
equivalent restoration. This caused the index to remain at whatever position
the last retry reached, skipping valid start positions for subsequent
alternatives or backtracking.
The fix saves the initial index into the backReferenceSize frame slot (unused
by NonGreedy) and restores it on complete failure.
Test: JSTests/stress/regexp-non-greedy-backref-index-restore.js
* JSTests/stress/regexp-non-greedy-backref-index-restore.js: Added.
(shouldBe):
(testRegExp):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
Canonical link: https://commits.webkit.org/308264@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
