Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: dcf25ed3c992c496906592b8381168530e87c768
https://github.com/WebKit/WebKit/commit/dcf25ed3c992c496906592b8381168530e87c768
Author: Shu-yu Guo <[email protected]>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M Source/JavaScriptCore/runtime/RegExp.cpp
M Source/JavaScriptCore/runtime/RegExpInlines.h
Log Message:
-----------
[JSC] Make RegExp::byteCodeCompileIfNecessary threadsafe
https://bugs.webkit.org/show_bug.cgi?id=309405
rdar://171888887
Reviewed by Yusuke Suzuki.
RegExp::matchConcurrently shouldn't cause any compilation, but bail out if JIT
code for the regexp doesn't already exist. However, it is possible that a
RegExp has JIT code but no bytecode, in which case matchConcurrently can
incorrectly racily attempt to compile bytecode.
This PR makes byteCodeCompileIfNecessary threadsafe by taking the cell lock. It
also bails out of matchConcurrently if the regexp doesn't already have bytecode
when called from the compiler thread. Note that that check inside matchInline
does not need to take the cell lock at that spot, because matchConcurrently,
the caller, already takes the cell lock.
There is no new test because to manifest this race requires artificially adding
sleeps to threads.
* Source/JavaScriptCore/runtime/RegExp.cpp:
(JSC::RegExp::byteCodeCompileIfNecessary):
* Source/JavaScriptCore/runtime/RegExpInlines.h:
(JSC::RegExp::matchInline):
Originally-landed-as: 305413.415@rapid/safari-7624.2.5.110-branch
(bfb699d9b999). rdar://176067339
Canonical link: https://commits.webkit.org/313689@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
