summaryrefslogtreecommitdiffstats
path: root/js/src/vm/RegExpObject.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--js/src/vm/RegExpObject.cpp1232
1 files changed, 1232 insertions, 0 deletions
diff --git a/js/src/vm/RegExpObject.cpp b/js/src/vm/RegExpObject.cpp
new file mode 100644
index 0000000000..b9660c97a8
--- /dev/null
+++ b/js/src/vm/RegExpObject.cpp
@@ -0,0 +1,1232 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=8 sts=2 et sw=2 tw=80:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "vm/RegExpObject.h"
+
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/PodOperations.h"
+
+#include <type_traits>
+
+#include "builtin/RegExp.h"
+#include "builtin/SelfHostingDefines.h" // REGEXP_*_FLAG
+#include "frontend/FrontendContext.h" // AutoReportFrontendContext
+#include "frontend/TokenStream.h"
+#include "gc/HashUtil.h"
+#include "irregexp/RegExpAPI.h"
+#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_*
+#include "js/friend/StackLimits.h" // js::ReportOverRecursed
+#include "js/Object.h" // JS::GetBuiltinClass
+#include "js/RegExp.h"
+#include "js/RegExpFlags.h" // JS::RegExpFlags
+#include "util/StringBuffer.h"
+#include "vm/MatchPairs.h"
+#include "vm/PlainObject.h"
+#include "vm/RegExpStatics.h"
+#include "vm/StringType.h"
+#include "vm/WellKnownAtom.h" // js_*_str
+
+#include "vm/JSContext-inl.h"
+#include "vm/JSObject-inl.h"
+#include "vm/Shape-inl.h"
+
+using namespace js;
+
+using JS::AutoStableStringChars;
+using JS::CompileOptions;
+using JS::RegExpFlag;
+using JS::RegExpFlags;
+using mozilla::DebugOnly;
+using mozilla::PodCopy;
+
+using JS::AutoCheckCannotGC;
+
+static_assert(RegExpFlag::HasIndices == REGEXP_HASINDICES_FLAG,
+ "self-hosted JS and /d flag bits must agree");
+static_assert(RegExpFlag::Global == REGEXP_GLOBAL_FLAG,
+ "self-hosted JS and /g flag bits must agree");
+static_assert(RegExpFlag::IgnoreCase == REGEXP_IGNORECASE_FLAG,
+ "self-hosted JS and /i flag bits must agree");
+static_assert(RegExpFlag::Multiline == REGEXP_MULTILINE_FLAG,
+ "self-hosted JS and /m flag bits must agree");
+static_assert(RegExpFlag::DotAll == REGEXP_DOTALL_FLAG,
+ "self-hosted JS and /s flag bits must agree");
+static_assert(RegExpFlag::Unicode == REGEXP_UNICODE_FLAG,
+ "self-hosted JS and /u flag bits must agree");
+static_assert(RegExpFlag::Sticky == REGEXP_STICKY_FLAG,
+ "self-hosted JS and /y flag bits must agree");
+
+RegExpObject* js::RegExpAlloc(JSContext* cx, NewObjectKind newKind,
+ HandleObject proto /* = nullptr */) {
+ Rooted<RegExpObject*> regexp(
+ cx, NewObjectWithClassProtoAndKind<RegExpObject>(cx, proto, newKind));
+ if (!regexp) {
+ return nullptr;
+ }
+
+ regexp->clearShared();
+
+ if (!SharedShape::ensureInitialCustomShape<RegExpObject>(cx, regexp)) {
+ return nullptr;
+ }
+
+ MOZ_ASSERT(regexp->lookupPure(cx->names().lastIndex)->slot() ==
+ RegExpObject::lastIndexSlot());
+
+ return regexp;
+}
+
+/* MatchPairs */
+
+bool VectorMatchPairs::initArrayFrom(VectorMatchPairs& copyFrom) {
+ MOZ_ASSERT(copyFrom.pairCount() > 0);
+
+ if (!allocOrExpandArray(copyFrom.pairCount())) {
+ return false;
+ }
+
+ PodCopy(pairs_, copyFrom.pairs_, pairCount_);
+
+ return true;
+}
+
+bool VectorMatchPairs::allocOrExpandArray(size_t pairCount) {
+ if (!vec_.resizeUninitialized(pairCount)) {
+ return false;
+ }
+
+ pairs_ = &vec_[0];
+ pairCount_ = pairCount;
+ return true;
+}
+
+/* RegExpObject */
+
+/* static */
+RegExpShared* RegExpObject::getShared(JSContext* cx,
+ Handle<RegExpObject*> regexp) {
+ if (regexp->hasShared()) {
+ return regexp->getShared();
+ }
+
+ return createShared(cx, regexp);
+}
+
+/* static */
+bool RegExpObject::isOriginalFlagGetter(JSNative native, RegExpFlags* mask) {
+ if (native == regexp_hasIndices) {
+ *mask = RegExpFlag::HasIndices;
+ return true;
+ }
+ if (native == regexp_global) {
+ *mask = RegExpFlag::Global;
+ return true;
+ }
+ if (native == regexp_ignoreCase) {
+ *mask = RegExpFlag::IgnoreCase;
+ return true;
+ }
+ if (native == regexp_multiline) {
+ *mask = RegExpFlag::Multiline;
+ return true;
+ }
+ if (native == regexp_dotAll) {
+ *mask = RegExpFlag::DotAll;
+ return true;
+ }
+ if (native == regexp_sticky) {
+ *mask = RegExpFlag::Sticky;
+ return true;
+ }
+ if (native == regexp_unicode) {
+ *mask = RegExpFlag::Unicode;
+ return true;
+ }
+
+ return false;
+}
+
+static bool FinishRegExpClassInit(JSContext* cx, JS::HandleObject ctor,
+ JS::HandleObject proto) {
+#ifdef DEBUG
+ // Assert RegExp.prototype.exec is usually stored in a dynamic slot. The
+ // optimization in InlinableNativeIRGenerator::tryAttachIntrinsicRegExpExec
+ // depends on this.
+ Handle<NativeObject*> nproto = proto.as<NativeObject>();
+ auto prop = nproto->lookupPure(cx->names().exec);
+ MOZ_ASSERT(prop->isDataProperty());
+ MOZ_ASSERT(!nproto->isFixedSlot(prop->slot()));
+#endif
+ return true;
+}
+
+static const ClassSpec RegExpObjectClassSpec = {
+ GenericCreateConstructor<js::regexp_construct, 2, gc::AllocKind::FUNCTION>,
+ GenericCreatePrototype<RegExpObject>,
+ nullptr,
+ js::regexp_static_props,
+ js::regexp_methods,
+ js::regexp_properties,
+ FinishRegExpClassInit};
+
+const JSClass RegExpObject::class_ = {
+ js_RegExp_str,
+ JSCLASS_HAS_RESERVED_SLOTS(RegExpObject::RESERVED_SLOTS) |
+ JSCLASS_HAS_CACHED_PROTO(JSProto_RegExp),
+ JS_NULL_CLASS_OPS, &RegExpObjectClassSpec};
+
+const JSClass RegExpObject::protoClass_ = {
+ "RegExp.prototype", JSCLASS_HAS_CACHED_PROTO(JSProto_RegExp),
+ JS_NULL_CLASS_OPS, &RegExpObjectClassSpec};
+
+template <typename CharT>
+RegExpObject* RegExpObject::create(JSContext* cx, const CharT* chars,
+ size_t length, RegExpFlags flags,
+ NewObjectKind newKind) {
+ static_assert(std::is_same_v<CharT, char16_t>,
+ "this code may need updating if/when CharT encodes UTF-8");
+
+ Rooted<JSAtom*> source(cx, AtomizeChars(cx, chars, length));
+ if (!source) {
+ return nullptr;
+ }
+
+ return create(cx, source, flags, newKind);
+}
+
+template RegExpObject* RegExpObject::create(JSContext* cx,
+ const char16_t* chars,
+ size_t length, RegExpFlags flags,
+ NewObjectKind newKind);
+
+RegExpObject* RegExpObject::createSyntaxChecked(JSContext* cx,
+ Handle<JSAtom*> source,
+ RegExpFlags flags,
+ NewObjectKind newKind) {
+ Rooted<RegExpObject*> regexp(cx, RegExpAlloc(cx, newKind));
+ if (!regexp) {
+ return nullptr;
+ }
+
+ regexp->initAndZeroLastIndex(source, flags, cx);
+
+ return regexp;
+}
+
+RegExpObject* RegExpObject::create(JSContext* cx, Handle<JSAtom*> source,
+ RegExpFlags flags, NewObjectKind newKind) {
+ Rooted<RegExpObject*> regexp(cx);
+ {
+ AutoReportFrontendContext fc(cx);
+ CompileOptions dummyOptions(cx);
+ frontend::DummyTokenStream dummyTokenStream(&fc, dummyOptions);
+
+ LifoAllocScope allocScope(&cx->tempLifoAlloc());
+ if (!irregexp::CheckPatternSyntax(cx, cx->stackLimitForCurrentPrincipal(),
+ dummyTokenStream, source, flags)) {
+ return nullptr;
+ }
+
+ regexp = RegExpAlloc(cx, newKind);
+ if (!regexp) {
+ return nullptr;
+ }
+
+ regexp->initAndZeroLastIndex(source, flags, cx);
+
+ MOZ_ASSERT(!regexp->hasShared());
+ }
+ return regexp;
+}
+
+/* static */
+RegExpShared* RegExpObject::createShared(JSContext* cx,
+ Handle<RegExpObject*> regexp) {
+ MOZ_ASSERT(!regexp->hasShared());
+ Rooted<JSAtom*> source(cx, regexp->getSource());
+ RegExpShared* shared =
+ cx->zone()->regExps().get(cx, source, regexp->getFlags());
+ if (!shared) {
+ return nullptr;
+ }
+
+ regexp->setShared(shared);
+
+ MOZ_ASSERT(regexp->hasShared());
+
+ return shared;
+}
+
+SharedShape* RegExpObject::assignInitialShape(JSContext* cx,
+ Handle<RegExpObject*> self) {
+ MOZ_ASSERT(self->empty());
+
+ static_assert(LAST_INDEX_SLOT == 0);
+
+ /* The lastIndex property alone is writable but non-configurable. */
+ if (!NativeObject::addPropertyInReservedSlot(cx, self, cx->names().lastIndex,
+ LAST_INDEX_SLOT,
+ {PropertyFlag::Writable})) {
+ return nullptr;
+ }
+
+ return self->sharedShape();
+}
+
+void RegExpObject::initIgnoringLastIndex(JSAtom* source, RegExpFlags flags) {
+ // If this is a re-initialization with an existing RegExpShared, 'flags'
+ // may not match getShared()->flags, so forget the RegExpShared.
+ clearShared();
+
+ setSource(source);
+ setFlags(flags);
+}
+
+void RegExpObject::initAndZeroLastIndex(JSAtom* source, RegExpFlags flags,
+ JSContext* cx) {
+ initIgnoringLastIndex(source, flags);
+ zeroLastIndex(cx);
+}
+
+static MOZ_ALWAYS_INLINE bool IsRegExpLineTerminator(const JS::Latin1Char c) {
+ return c == '\n' || c == '\r';
+}
+
+static MOZ_ALWAYS_INLINE bool IsRegExpLineTerminator(const char16_t c) {
+ return c == '\n' || c == '\r' || c == 0x2028 || c == 0x2029;
+}
+
+static MOZ_ALWAYS_INLINE bool AppendEscapedLineTerminator(
+ StringBuffer& sb, const JS::Latin1Char c) {
+ switch (c) {
+ case '\n':
+ if (!sb.append('n')) {
+ return false;
+ }
+ break;
+ case '\r':
+ if (!sb.append('r')) {
+ return false;
+ }
+ break;
+ default:
+ MOZ_CRASH("Bad LineTerminator");
+ }
+ return true;
+}
+
+static MOZ_ALWAYS_INLINE bool AppendEscapedLineTerminator(StringBuffer& sb,
+ const char16_t c) {
+ switch (c) {
+ case '\n':
+ if (!sb.append('n')) {
+ return false;
+ }
+ break;
+ case '\r':
+ if (!sb.append('r')) {
+ return false;
+ }
+ break;
+ case 0x2028:
+ if (!sb.append("u2028")) {
+ return false;
+ }
+ break;
+ case 0x2029:
+ if (!sb.append("u2029")) {
+ return false;
+ }
+ break;
+ default:
+ MOZ_CRASH("Bad LineTerminator");
+ }
+ return true;
+}
+
+template <typename CharT>
+static MOZ_ALWAYS_INLINE bool SetupBuffer(StringBuffer& sb,
+ const CharT* oldChars, size_t oldLen,
+ const CharT* it) {
+ if constexpr (std::is_same_v<CharT, char16_t>) {
+ if (!sb.ensureTwoByteChars()) {
+ return false;
+ }
+ }
+
+ if (!sb.reserve(oldLen + 1)) {
+ return false;
+ }
+
+ sb.infallibleAppend(oldChars, size_t(it - oldChars));
+ return true;
+}
+
+// Note: leaves the string buffer empty if no escaping need be performed.
+template <typename CharT>
+static bool EscapeRegExpPattern(StringBuffer& sb, const CharT* oldChars,
+ size_t oldLen) {
+ bool inBrackets = false;
+ bool previousCharacterWasBackslash = false;
+
+ for (const CharT* it = oldChars; it < oldChars + oldLen; ++it) {
+ CharT ch = *it;
+ if (!previousCharacterWasBackslash) {
+ if (inBrackets) {
+ if (ch == ']') {
+ inBrackets = false;
+ }
+ } else if (ch == '/') {
+ // There's a forward slash that needs escaping.
+ if (sb.empty()) {
+ // This is the first char we've seen that needs escaping,
+ // copy everything up to this point.
+ if (!SetupBuffer(sb, oldChars, oldLen, it)) {
+ return false;
+ }
+ }
+ if (!sb.append('\\')) {
+ return false;
+ }
+ } else if (ch == '[') {
+ inBrackets = true;
+ }
+ }
+
+ if (IsRegExpLineTerminator(ch)) {
+ // There's LineTerminator that needs escaping.
+ if (sb.empty()) {
+ // This is the first char we've seen that needs escaping,
+ // copy everything up to this point.
+ if (!SetupBuffer(sb, oldChars, oldLen, it)) {
+ return false;
+ }
+ }
+ if (!previousCharacterWasBackslash) {
+ if (!sb.append('\\')) {
+ return false;
+ }
+ }
+ if (!AppendEscapedLineTerminator(sb, ch)) {
+ return false;
+ }
+ } else if (!sb.empty()) {
+ if (!sb.append(ch)) {
+ return false;
+ }
+ }
+
+ if (previousCharacterWasBackslash) {
+ previousCharacterWasBackslash = false;
+ } else if (ch == '\\') {
+ previousCharacterWasBackslash = true;
+ }
+ }
+
+ return true;
+}
+
+// ES6 draft rev32 21.2.3.2.4.
+JSLinearString* js::EscapeRegExpPattern(JSContext* cx, Handle<JSAtom*> src) {
+ // Step 2.
+ if (src->length() == 0) {
+ return cx->names().emptyRegExp;
+ }
+
+ // We may never need to use |sb|. Start using it lazily.
+ JSStringBuilder sb(cx);
+ bool escapeFailed = false;
+ if (src->hasLatin1Chars()) {
+ JS::AutoCheckCannotGC nogc;
+ escapeFailed =
+ !::EscapeRegExpPattern(sb, src->latin1Chars(nogc), src->length());
+ } else {
+ JS::AutoCheckCannotGC nogc;
+ escapeFailed =
+ !::EscapeRegExpPattern(sb, src->twoByteChars(nogc), src->length());
+ }
+ if (escapeFailed) {
+ return nullptr;
+ }
+
+ // Step 3.
+ if (sb.empty()) {
+ return src;
+ }
+ return sb.finishString();
+}
+
+// ES6 draft rev32 21.2.5.14. Optimized for RegExpObject.
+JSLinearString* RegExpObject::toString(JSContext* cx,
+ Handle<RegExpObject*> obj) {
+ // Steps 3-4.
+ Rooted<JSAtom*> src(cx, obj->getSource());
+ if (!src) {
+ return nullptr;
+ }
+ Rooted<JSLinearString*> escapedSrc(cx, EscapeRegExpPattern(cx, src));
+
+ // Step 7.
+ JSStringBuilder sb(cx);
+ size_t len = escapedSrc->length();
+ if (!sb.reserve(len + 2)) {
+ return nullptr;
+ }
+ sb.infallibleAppend('/');
+ if (!sb.append(escapedSrc)) {
+ return nullptr;
+ }
+ sb.infallibleAppend('/');
+
+ // Steps 5-7.
+ if (obj->hasIndices() && !sb.append('d')) {
+ return nullptr;
+ }
+ if (obj->global() && !sb.append('g')) {
+ return nullptr;
+ }
+ if (obj->ignoreCase() && !sb.append('i')) {
+ return nullptr;
+ }
+ if (obj->multiline() && !sb.append('m')) {
+ return nullptr;
+ }
+ if (obj->dotAll() && !sb.append('s')) {
+ return nullptr;
+ }
+ if (obj->unicode() && !sb.append('u')) {
+ return nullptr;
+ }
+ if (obj->sticky() && !sb.append('y')) {
+ return nullptr;
+ }
+
+ return sb.finishString();
+}
+
+template <typename CharT>
+static MOZ_ALWAYS_INLINE bool IsRegExpMetaChar(CharT ch) {
+ switch (ch) {
+ /* ES 2016 draft Mar 25, 2016 21.2.1 SyntaxCharacter. */
+ case '^':
+ case '$':
+ case '\\':
+ case '.':
+ case '*':
+ case '+':
+ case '?':
+ case '(':
+ case ')':
+ case '[':
+ case ']':
+ case '{':
+ case '}':
+ case '|':
+ return true;
+ default:
+ return false;
+ }
+}
+
+template <typename CharT>
+bool js::HasRegExpMetaChars(const CharT* chars, size_t length) {
+ for (size_t i = 0; i < length; ++i) {
+ if (IsRegExpMetaChar<CharT>(chars[i])) {
+ return true;
+ }
+ }
+ return false;
+}
+
+template bool js::HasRegExpMetaChars<Latin1Char>(const Latin1Char* chars,
+ size_t length);
+
+template bool js::HasRegExpMetaChars<char16_t>(const char16_t* chars,
+ size_t length);
+
+bool js::StringHasRegExpMetaChars(JSLinearString* str) {
+ AutoCheckCannotGC nogc;
+ if (str->hasLatin1Chars()) {
+ return HasRegExpMetaChars(str->latin1Chars(nogc), str->length());
+ }
+
+ return HasRegExpMetaChars(str->twoByteChars(nogc), str->length());
+}
+
+/* RegExpShared */
+
+RegExpShared::RegExpShared(JSAtom* source, RegExpFlags flags)
+ : CellWithTenuredGCPointer(source), pairCount_(0), flags(flags) {}
+
+void RegExpShared::traceChildren(JSTracer* trc) {
+ TraceNullableCellHeaderEdge(trc, this, "RegExpShared source");
+ if (kind() == RegExpShared::Kind::Atom) {
+ TraceNullableEdge(trc, &patternAtom_, "RegExpShared pattern atom");
+ } else {
+ for (auto& comp : compilationArray) {
+ TraceNullableEdge(trc, &comp.jitCode, "RegExpShared code");
+ }
+ TraceNullableEdge(trc, &groupsTemplate_, "RegExpShared groups template");
+ }
+}
+
+void RegExpShared::discardJitCode() {
+ for (auto& comp : compilationArray) {
+ comp.jitCode = nullptr;
+ }
+
+ // We can also purge the tables used by JIT code.
+ tables.clearAndFree();
+}
+
+void RegExpShared::finalize(JS::GCContext* gcx) {
+ for (auto& comp : compilationArray) {
+ if (comp.byteCode) {
+ size_t length = comp.byteCodeLength();
+ gcx->free_(this, comp.byteCode, length, MemoryUse::RegExpSharedBytecode);
+ }
+ }
+ if (namedCaptureIndices_) {
+ size_t length = numNamedCaptures() * sizeof(uint32_t);
+ gcx->free_(this, namedCaptureIndices_, length,
+ MemoryUse::RegExpSharedNamedCaptureData);
+ }
+ tables.~JitCodeTables();
+}
+
+/* static */
+bool RegExpShared::compileIfNecessary(JSContext* cx,
+ MutableHandleRegExpShared re,
+ Handle<JSLinearString*> input,
+ RegExpShared::CodeKind codeKind) {
+ if (codeKind == RegExpShared::CodeKind::Any) {
+ // We start by interpreting regexps, then compile them once they are
+ // sufficiently hot. For very long input strings, we tier up eagerly.
+ codeKind = RegExpShared::CodeKind::Bytecode;
+ if (re->markedForTierUp() || input->length() > 1000) {
+ codeKind = RegExpShared::CodeKind::Jitcode;
+ }
+ }
+
+ // Fall back to bytecode if native codegen is not available.
+ if (!IsNativeRegExpEnabled() && codeKind == RegExpShared::CodeKind::Jitcode) {
+ codeKind = RegExpShared::CodeKind::Bytecode;
+ }
+
+ bool needsCompile = false;
+ if (re->kind() == RegExpShared::Kind::Unparsed) {
+ needsCompile = true;
+ }
+ if (re->kind() == RegExpShared::Kind::RegExp) {
+ if (!re->isCompiled(input->hasLatin1Chars(), codeKind)) {
+ needsCompile = true;
+ }
+ }
+ if (needsCompile) {
+ return irregexp::CompilePattern(cx, re, input, codeKind);
+ }
+ return true;
+}
+
+/* static */
+RegExpRunStatus RegExpShared::execute(JSContext* cx,
+ MutableHandleRegExpShared re,
+ Handle<JSLinearString*> input,
+ size_t start, VectorMatchPairs* matches) {
+ MOZ_ASSERT(matches);
+
+ // TODO: Add tracelogger support
+
+ /* Compile the code at point-of-use. */
+ if (!compileIfNecessary(cx, re, input, RegExpShared::CodeKind::Any)) {
+ return RegExpRunStatus_Error;
+ }
+
+ /*
+ * Ensure sufficient memory for output vector.
+ * No need to initialize it. The RegExp engine fills them in on a match.
+ */
+ if (!matches->allocOrExpandArray(re->pairCount())) {
+ ReportOutOfMemory(cx);
+ return RegExpRunStatus_Error;
+ }
+
+ if (re->kind() == RegExpShared::Kind::Atom) {
+ return RegExpShared::executeAtom(re, input, start, matches);
+ }
+
+ /*
+ * Ensure sufficient memory for output vector.
+ * No need to initialize it. The RegExp engine fills them in on a match.
+ */
+ if (!matches->allocOrExpandArray(re->pairCount())) {
+ ReportOutOfMemory(cx);
+ return RegExpRunStatus_Error;
+ }
+
+ uint32_t interruptRetries = 0;
+ const uint32_t maxInterruptRetries = 4;
+ do {
+ DebugOnly<bool> alreadyThrowing = cx->isExceptionPending();
+ RegExpRunStatus result = irregexp::Execute(cx, re, input, start, matches);
+#ifdef DEBUG
+ // Check if we must simulate the interruption
+ if (js::irregexp::IsolateShouldSimulateInterrupt(cx->isolate)) {
+ js::irregexp::IsolateClearShouldSimulateInterrupt(cx->isolate);
+ cx->requestInterrupt(InterruptReason::CallbackUrgent);
+ }
+#endif
+ if (result == RegExpRunStatus_Error) {
+ /* Execute can return RegExpRunStatus_Error:
+ *
+ * 1. If the native stack overflowed
+ * 2. If the backtrack stack overflowed
+ * 3. If an interrupt was requested during execution.
+ *
+ * In the first two cases, we want to throw an error. In the
+ * third case, we want to handle the interrupt and try again.
+ * We cap the number of times we will retry.
+ */
+ if (cx->isExceptionPending()) {
+ // If this regexp is being executed by recovery instructions
+ // while bailing out to handle an exception, there may already
+ // be an exception pending. If so, just return that exception
+ // instead of reporting a new one.
+ MOZ_ASSERT(alreadyThrowing);
+ return RegExpRunStatus_Error;
+ }
+ if (cx->hasAnyPendingInterrupt()) {
+ if (!CheckForInterrupt(cx)) {
+ return RegExpRunStatus_Error;
+ }
+ if (interruptRetries++ < maxInterruptRetries) {
+ // The initial execution may have been interpreted, or the
+ // interrupt may have triggered a GC that discarded jitcode.
+ // To maximize the chance of succeeding before being
+ // interrupted again, we want to ensure we are compiled.
+ if (!compileIfNecessary(cx, re, input,
+ RegExpShared::CodeKind::Jitcode)) {
+ return RegExpRunStatus_Error;
+ }
+ continue;
+ }
+ }
+ // If we have run out of retries, this regexp takes too long to execute.
+ ReportOverRecursed(cx);
+ return RegExpRunStatus_Error;
+ }
+
+ MOZ_ASSERT(result == RegExpRunStatus_Success ||
+ result == RegExpRunStatus_Success_NotFound);
+
+ return result;
+ } while (true);
+
+ MOZ_CRASH("Unreachable");
+}
+
+void RegExpShared::useAtomMatch(Handle<JSAtom*> pattern) {
+ MOZ_ASSERT(kind() == RegExpShared::Kind::Unparsed);
+ kind_ = RegExpShared::Kind::Atom;
+ patternAtom_ = pattern;
+ pairCount_ = 1;
+}
+
+void RegExpShared::useRegExpMatch(size_t pairCount) {
+ MOZ_ASSERT(kind() == RegExpShared::Kind::Unparsed);
+ kind_ = RegExpShared::Kind::RegExp;
+ pairCount_ = pairCount;
+ ticks_ = jit::JitOptions.regexpWarmUpThreshold;
+}
+
+/* static */
+void RegExpShared::InitializeNamedCaptures(JSContext* cx, HandleRegExpShared re,
+ uint32_t numNamedCaptures,
+ Handle<PlainObject*> templateObject,
+ uint32_t* captureIndices) {
+ MOZ_ASSERT(!re->groupsTemplate_);
+ MOZ_ASSERT(!re->namedCaptureIndices_);
+
+ re->numNamedCaptures_ = numNamedCaptures;
+ re->groupsTemplate_ = templateObject;
+ re->namedCaptureIndices_ = captureIndices;
+
+ uint32_t arraySize = numNamedCaptures * sizeof(uint32_t);
+ js::AddCellMemory(re, arraySize, MemoryUse::RegExpSharedNamedCaptureData);
+}
+
+void RegExpShared::tierUpTick() {
+ MOZ_ASSERT(kind() == RegExpShared::Kind::RegExp);
+ if (ticks_ > 0) {
+ ticks_--;
+ }
+}
+
+bool RegExpShared::markedForTierUp() const {
+ if (!IsNativeRegExpEnabled()) {
+ return false;
+ }
+ if (kind() != RegExpShared::Kind::RegExp) {
+ return false;
+ }
+ return ticks_ == 0;
+}
+
+static RegExpRunStatus ExecuteAtomImpl(RegExpShared* re, JSLinearString* input,
+ size_t start, MatchPairs* matches) {
+ MOZ_ASSERT(re->pairCount() == 1);
+ size_t length = input->length();
+ size_t searchLength = re->patternAtom()->length();
+
+ if (re->sticky()) {
+ // First part checks size_t overflow.
+ if (searchLength + start < searchLength || searchLength + start > length) {
+ return RegExpRunStatus_Success_NotFound;
+ }
+ if (!HasSubstringAt(input, re->patternAtom(), start)) {
+ return RegExpRunStatus_Success_NotFound;
+ }
+
+ (*matches)[0].start = start;
+ (*matches)[0].limit = start + searchLength;
+ matches->checkAgainst(input->length());
+ return RegExpRunStatus_Success;
+ }
+
+ int res = StringFindPattern(input, re->patternAtom(), start);
+ if (res == -1) {
+ return RegExpRunStatus_Success_NotFound;
+ }
+
+ (*matches)[0].start = res;
+ (*matches)[0].limit = res + searchLength;
+ matches->checkAgainst(input->length());
+ return RegExpRunStatus_Success;
+}
+
+RegExpRunStatus js::ExecuteRegExpAtomRaw(RegExpShared* re,
+ JSLinearString* input, size_t start,
+ MatchPairs* matchPairs) {
+ AutoUnsafeCallWithABI unsafe;
+ return ExecuteAtomImpl(re, input, start, matchPairs);
+}
+
+/* static */
+RegExpRunStatus RegExpShared::executeAtom(MutableHandleRegExpShared re,
+ Handle<JSLinearString*> input,
+ size_t start,
+ VectorMatchPairs* matches) {
+ return ExecuteAtomImpl(re, input, start, matches);
+}
+
+size_t RegExpShared::sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) {
+ size_t n = 0;
+
+ for (const auto& compilation : compilationArray) {
+ if (compilation.byteCode) {
+ n += mallocSizeOf(compilation.byteCode);
+ }
+ }
+
+ n += tables.sizeOfExcludingThis(mallocSizeOf);
+ for (size_t i = 0; i < tables.length(); i++) {
+ n += mallocSizeOf(tables[i].get());
+ }
+
+ return n;
+}
+
+/* RegExpRealm */
+
+RegExpRealm::RegExpRealm()
+ : optimizableRegExpPrototypeShape_(nullptr),
+ optimizableRegExpInstanceShape_(nullptr) {
+ for (auto& templateObj : matchResultTemplateObjects_) {
+ templateObj = nullptr;
+ }
+}
+
+ArrayObject* RegExpRealm::createMatchResultTemplateObject(
+ JSContext* cx, ResultTemplateKind kind) {
+ MOZ_ASSERT(!matchResultTemplateObjects_[kind]);
+
+ /* Create template array object */
+ Rooted<ArrayObject*> templateObject(
+ cx,
+ NewDenseUnallocatedArray(cx, RegExpObject::MaxPairCount, TenuredObject));
+ if (!templateObject) {
+ return nullptr;
+ }
+
+ if (kind == ResultTemplateKind::Indices) {
+ /* The |indices| array only has a |groups| property. */
+ RootedValue groupsVal(cx, UndefinedValue());
+ if (!NativeDefineDataProperty(cx, templateObject, cx->names().groups,
+ groupsVal, JSPROP_ENUMERATE)) {
+ return nullptr;
+ }
+ MOZ_ASSERT(templateObject->getLastProperty().slot() == IndicesGroupsSlot);
+
+ matchResultTemplateObjects_[kind].set(templateObject);
+ return matchResultTemplateObjects_[kind];
+ }
+
+ /* Set dummy index property */
+ RootedValue index(cx, Int32Value(0));
+ if (!NativeDefineDataProperty(cx, templateObject, cx->names().index, index,
+ JSPROP_ENUMERATE)) {
+ return nullptr;
+ }
+ MOZ_ASSERT(templateObject->getLastProperty().slot() ==
+ MatchResultObjectIndexSlot);
+
+ /* Set dummy input property */
+ RootedValue inputVal(cx, StringValue(cx->runtime()->emptyString));
+ if (!NativeDefineDataProperty(cx, templateObject, cx->names().input, inputVal,
+ JSPROP_ENUMERATE)) {
+ return nullptr;
+ }
+ MOZ_ASSERT(templateObject->getLastProperty().slot() ==
+ MatchResultObjectInputSlot);
+
+ /* Set dummy groups property */
+ RootedValue groupsVal(cx, UndefinedValue());
+ if (!NativeDefineDataProperty(cx, templateObject, cx->names().groups,
+ groupsVal, JSPROP_ENUMERATE)) {
+ return nullptr;
+ }
+ MOZ_ASSERT(templateObject->getLastProperty().slot() ==
+ MatchResultObjectGroupsSlot);
+
+ if (kind == ResultTemplateKind::WithIndices) {
+ /* Set dummy indices property */
+ RootedValue indicesVal(cx, UndefinedValue());
+ if (!NativeDefineDataProperty(cx, templateObject, cx->names().indices,
+ indicesVal, JSPROP_ENUMERATE)) {
+ return nullptr;
+ }
+ MOZ_ASSERT(templateObject->getLastProperty().slot() ==
+ MatchResultObjectIndicesSlot);
+ }
+
+ matchResultTemplateObjects_[kind].set(templateObject);
+
+ return matchResultTemplateObjects_[kind];
+}
+
+void RegExpRealm::traceWeak(JSTracer* trc) {
+ for (auto& templateObject : matchResultTemplateObjects_) {
+ TraceWeakEdge(trc, &templateObject,
+ "RegExpRealm::matchResultTemplateObject_");
+ }
+
+ TraceWeakEdge(trc, &optimizableRegExpPrototypeShape_,
+ "RegExpRealm::optimizableRegExpPrototypeShape_");
+
+ TraceWeakEdge(trc, &optimizableRegExpInstanceShape_,
+ "RegExpRealm::optimizableRegExpInstanceShape_");
+}
+
+RegExpShared* RegExpZone::get(JSContext* cx, Handle<JSAtom*> source,
+ RegExpFlags flags) {
+ DependentAddPtr<Set> p(cx, set_, Key(source, flags));
+ if (p) {
+ return *p;
+ }
+
+ auto* shared = cx->newCell<RegExpShared>(source, flags);
+ if (!shared) {
+ return nullptr;
+ }
+
+ if (!p.add(cx, set_, Key(source, flags), shared)) {
+ return nullptr;
+ }
+
+ return shared;
+}
+
+size_t RegExpZone::sizeOfIncludingThis(
+ mozilla::MallocSizeOf mallocSizeOf) const {
+ return mallocSizeOf(this) + set_.sizeOfExcludingThis(mallocSizeOf);
+}
+
+RegExpZone::RegExpZone(Zone* zone) : set_(zone, zone) {}
+
+/* Functions */
+
+JSObject* js::CloneRegExpObject(JSContext* cx, Handle<RegExpObject*> regex) {
+ // Unlike RegExpAlloc, all clones must use |regex|'s group.
+ Rooted<TaggedProto> proto(cx, regex->staticPrototype());
+ Rooted<RegExpObject*> clone(
+ cx, NewObjectWithGivenTaggedProto<RegExpObject>(cx, proto));
+ if (!clone) {
+ return nullptr;
+ }
+
+ clone->clearShared();
+
+ clone->setShape(regex->shape());
+
+ RegExpShared* shared = RegExpObject::getShared(cx, regex);
+ if (!shared) {
+ return nullptr;
+ }
+
+ clone->initAndZeroLastIndex(shared->getSource(), shared->getFlags(), cx);
+ clone->setShared(shared);
+
+ return clone;
+}
+
+template <typename CharT>
+static bool ParseRegExpFlags(const CharT* chars, size_t length,
+ RegExpFlags* flagsOut, char16_t* invalidFlag) {
+ *flagsOut = RegExpFlag::NoFlags;
+
+ for (size_t i = 0; i < length; i++) {
+ uint8_t flag;
+ switch (chars[i]) {
+ case 'd':
+ flag = RegExpFlag::HasIndices;
+ break;
+ case 'g':
+ flag = RegExpFlag::Global;
+ break;
+ case 'i':
+ flag = RegExpFlag::IgnoreCase;
+ break;
+ case 'm':
+ flag = RegExpFlag::Multiline;
+ break;
+ case 's':
+ flag = RegExpFlag::DotAll;
+ break;
+ case 'u':
+ flag = RegExpFlag::Unicode;
+ break;
+ case 'y':
+ flag = RegExpFlag::Sticky;
+ break;
+ default:
+ *invalidFlag = chars[i];
+ return false;
+ }
+ if (*flagsOut & flag) {
+ *invalidFlag = chars[i];
+ return false;
+ }
+ *flagsOut |= flag;
+ }
+
+ return true;
+}
+
+bool js::ParseRegExpFlags(JSContext* cx, JSString* flagStr,
+ RegExpFlags* flagsOut) {
+ JSLinearString* linear = flagStr->ensureLinear(cx);
+ if (!linear) {
+ return false;
+ }
+
+ size_t len = linear->length();
+
+ bool ok;
+ char16_t invalidFlag;
+ if (linear->hasLatin1Chars()) {
+ AutoCheckCannotGC nogc;
+ ok = ::ParseRegExpFlags(linear->latin1Chars(nogc), len, flagsOut,
+ &invalidFlag);
+ } else {
+ AutoCheckCannotGC nogc;
+ ok = ::ParseRegExpFlags(linear->twoByteChars(nogc), len, flagsOut,
+ &invalidFlag);
+ }
+
+ if (!ok) {
+ JS::TwoByteChars range(&invalidFlag, 1);
+ UniqueChars utf8(JS::CharsToNewUTF8CharsZ(cx, range).c_str());
+ if (!utf8) {
+ return false;
+ }
+ JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr,
+ JSMSG_BAD_REGEXP_FLAG, utf8.get());
+ return false;
+ }
+
+ return true;
+}
+
+JS::ubi::Node::Size JS::ubi::Concrete<RegExpShared>::size(
+ mozilla::MallocSizeOf mallocSizeOf) const {
+ return js::gc::Arena::thingSize(gc::AllocKind::REGEXP_SHARED) +
+ get().sizeOfExcludingThis(mallocSizeOf);
+}
+
+/*
+ * Regular Expressions.
+ */
+JS_PUBLIC_API JSObject* JS::NewRegExpObject(JSContext* cx, const char* bytes,
+ size_t length, RegExpFlags flags) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ UniqueTwoByteChars chars(InflateString(cx, bytes, length));
+ if (!chars) {
+ return nullptr;
+ }
+
+ return RegExpObject::create(cx, chars.get(), length, flags, GenericObject);
+}
+
+JS_PUBLIC_API JSObject* JS::NewUCRegExpObject(JSContext* cx,
+ const char16_t* chars,
+ size_t length,
+ RegExpFlags flags) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ return RegExpObject::create(cx, chars, length, flags, GenericObject);
+}
+
+JS_PUBLIC_API bool JS::SetRegExpInput(JSContext* cx, HandleObject obj,
+ HandleString input) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+ cx->check(input);
+
+ Handle<GlobalObject*> global = obj.as<GlobalObject>();
+ RegExpStatics* res = GlobalObject::getRegExpStatics(cx, global);
+ if (!res) {
+ return false;
+ }
+
+ res->reset(input);
+ return true;
+}
+
+JS_PUBLIC_API bool JS::ClearRegExpStatics(JSContext* cx, HandleObject obj) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+ MOZ_ASSERT(obj);
+
+ Handle<GlobalObject*> global = obj.as<GlobalObject>();
+ RegExpStatics* res = GlobalObject::getRegExpStatics(cx, global);
+ if (!res) {
+ return false;
+ }
+
+ res->clear();
+ return true;
+}
+
+JS_PUBLIC_API bool JS::ExecuteRegExp(JSContext* cx, HandleObject obj,
+ HandleObject reobj, const char16_t* chars,
+ size_t length, size_t* indexp, bool test,
+ MutableHandleValue rval) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ Handle<GlobalObject*> global = obj.as<GlobalObject>();
+ RegExpStatics* res = GlobalObject::getRegExpStatics(cx, global);
+ if (!res) {
+ return false;
+ }
+
+ Rooted<JSLinearString*> input(cx, NewStringCopyN<CanGC>(cx, chars, length));
+ if (!input) {
+ return false;
+ }
+
+ return ExecuteRegExpLegacy(cx, res, reobj.as<RegExpObject>(), input, indexp,
+ test, rval);
+}
+
+JS_PUBLIC_API bool JS::ExecuteRegExpNoStatics(JSContext* cx, HandleObject obj,
+ const char16_t* chars,
+ size_t length, size_t* indexp,
+ bool test,
+ MutableHandleValue rval) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ Rooted<JSLinearString*> input(cx, NewStringCopyN<CanGC>(cx, chars, length));
+ if (!input) {
+ return false;
+ }
+
+ return ExecuteRegExpLegacy(cx, nullptr, obj.as<RegExpObject>(), input, indexp,
+ test, rval);
+}
+
+JS_PUBLIC_API bool JS::ObjectIsRegExp(JSContext* cx, HandleObject obj,
+ bool* isRegExp) {
+ cx->check(obj);
+
+ ESClass cls;
+ if (!GetBuiltinClass(cx, obj, &cls)) {
+ return false;
+ }
+
+ *isRegExp = cls == ESClass::RegExp;
+ return true;
+}
+
+JS_PUBLIC_API RegExpFlags JS::GetRegExpFlags(JSContext* cx, HandleObject obj) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ RegExpShared* shared = RegExpToShared(cx, obj);
+ if (!shared) {
+ return RegExpFlag::NoFlags;
+ }
+ return shared->getFlags();
+}
+
+JS_PUBLIC_API JSString* JS::GetRegExpSource(JSContext* cx, HandleObject obj) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ RegExpShared* shared = RegExpToShared(cx, obj);
+ if (!shared) {
+ return nullptr;
+ }
+ return shared->getSource();
+}
+
+JS_PUBLIC_API bool JS::CheckRegExpSyntax(JSContext* cx, const char16_t* chars,
+ size_t length, RegExpFlags flags,
+ MutableHandleValue error) {
+ AssertHeapIsIdle();
+ CHECK_THREAD(cx);
+
+ AutoReportFrontendContext fc(cx);
+ CompileOptions dummyOptions(cx);
+ frontend::DummyTokenStream dummyTokenStream(&fc, dummyOptions);
+
+ LifoAllocScope allocScope(&cx->tempLifoAlloc());
+
+ mozilla::Range<const char16_t> source(chars, length);
+ bool success = irregexp::CheckPatternSyntax(
+ cx->tempLifoAlloc(), cx->stackLimitForCurrentPrincipal(),
+ dummyTokenStream, source, flags);
+ error.set(UndefinedValue());
+ if (!success) {
+ if (!fc.convertToRuntimeErrorAndClear()) {
+ return false;
+ }
+ // We can fail because of OOM or over-recursion even if the syntax is valid.
+ if (cx->isThrowingOutOfMemory() || cx->isThrowingOverRecursed()) {
+ return false;
+ }
+
+ if (!cx->getPendingException(error)) {
+ return false;
+ }
+ cx->clearPendingException();
+ }
+ return true;
+}