AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[regexp] do not assume short external strings have a minimum size.

Browse Source 
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.

R=jkummerow@chromium.org
BUG=v8:4923,chromium:604897
LOG=N

Review URL: https://codereview.chromium.org/1901573003

Cr-Commit-Position: refs/heads/master@{#35660}
This commit is contained in:
yangguo 2016-04-20 06:55:20 -07:00 committed by Commit bot
parent 4e93ce4f62
commit 3518e492c0
9 changed files with 172 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/arm/code-stubs-arm.cc
View File

@ -1577,34 +1577,33 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ ldr(subject, MemOperand(sp, kSubjectOffset));
__ JumpIfSmi(subject, &runtime);
__ mov(r3, subject); // Make a copy of the original subject string.
__ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
// subject: subject string
// r3: subject string
// r0: subject string instance type
// regexp_data: RegExp data (FixedArray)
// Handle subject string according to its encoding and representation:
// (1) Sequential string? If yes, go to (5).
// (2) Anything but sequential or cons? If yes, go to (6).
// (3) Cons string. If the string is flat, replace subject with first string.
// Otherwise bailout.
// (4) Is subject external? If yes, go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (1) Sequential string? If yes, go to (4).
// (2) Sequential or cons? If not, go to (5).
// (3) Cons string. If the string is flat, replace subject with first string
// and go to (1). Otherwise bail out to runtime.
// (4) Sequential string. Load regexp code according to encoding.
// (E) Carry on.
/// [...]
// Deferred code at the end of the stub:
// (6) Not a long external string? If yes, go to (8).
// (7) External string. Make it, offset-wise, look like a sequential string.
// Go to (5).
// (8) Short external string or not a string? If yes, bail out to runtime.
// (9) Sliced string. Replace subject with parent. Go to (4).
// (5) Long external string? If not, go to (7).
// (6) External string. Make it, offset-wise, look like a sequential string.
// Go to (4).
// (7) Short external string or not a string? If yes, bail out to runtime.
// (8) Sliced string. Replace subject with parent. Go to (1).
Label seq_string /* 5 */, external_string /* 7 */,
check_underlying /* 4 */, not_seq_nor_cons /* 6 */,
not_long_external /* 8 */;
Label seq_string /* 4 */, external_string /* 6 */, check_underlying /* 1 */,
not_seq_nor_cons /* 5 */, not_long_external /* 7 */;
// (1) Sequential string? If yes, go to (5).
__ bind(&check_underlying);
__ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
// (1) Sequential string? If yes, go to (4).
__ and_(r1,
r0,
Operand(kIsNotStringMask |
@ -1612,15 +1611,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
kShortExternalStringMask),
SetCC);
STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
__ b(eq, &seq_string); // Go to (5).
__ b(eq, &seq_string); // Go to (4).
// (2) Anything but sequential or cons? If yes, go to (6).
// (2) Sequential or cons? If not, go to (5).
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
__ cmp(r1, Operand(kExternalStringTag));
__ b(ge, &not_seq_nor_cons); // Go to (6).
__ b(ge, &not_seq_nor_cons); // Go to (5).
// (3) Cons string. Check that it's flat.
// Replace subject with first string and reload instance type.
@ -1628,19 +1627,9 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ CompareRoot(r0, Heap::kempty_stringRootIndex);
__ b(ne, &runtime);
__ ldr(subject, FieldMemOperand(subject, ConsString::kFirstOffset));
__ jmp(&check_underlying);
// (4) Is subject external? If yes, go to (7).
__ bind(&check_underlying);
__ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
STATIC_ASSERT(kSeqStringTag == 0);
__ tst(r0, Operand(kStringRepresentationMask));
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ b(ne, &external_string); // Go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (4) Sequential string. Load regexp code according to encoding.
__ bind(&seq_string);
// subject: sequential subject string (or look-alike, external string)
// r3: original subject string
@ -1873,12 +1862,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ TailCallRuntime(Runtime::kRegExpExec);
// Deferred code for string handling.
// (6) Not a long external string? If yes, go to (8).
// (5) Long external string? If not, go to (7).
__ bind(&not_seq_nor_cons);
// Compare flags are still set.
__ b(gt, &not_long_external); // Go to (8).
__ b(gt, &not_long_external); // Go to (7).
// (7) External string. Make it, offset-wise, look like a sequential string.
// (6) External string. Make it, offset-wise, look like a sequential string.
__ bind(&external_string);
__ ldr(r0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ ldrb(r0, FieldMemOperand(r0, Map::kInstanceTypeOffset));
@ -1895,15 +1884,15 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ sub(subject,
subject,
Operand(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
__ jmp(&seq_string); // Go to (5).
__ jmp(&seq_string); // Go to (4).
// (8) Short external string or not a string? If yes, bail out to runtime.
// (7) Short external string or not a string? If yes, bail out to runtime.
__ bind(&not_long_external);
STATIC_ASSERT(kNotStringTag != 0 && kShortExternalStringTag !=0);
__ tst(r1, Operand(kIsNotStringMask | kShortExternalStringMask));
__ b(ne, &runtime);
// (9) Sliced string. Replace subject with parent. Go to (4).
// (8) Sliced string. Replace subject with parent. Go to (4).
// Load offset into r9 and replace subject string with parent.
__ ldr(r9, FieldMemOperand(subject, SlicedString::kOffsetOffset));
__ SmiUntag(r9);

76
src/arm64/code-stubs-arm64.cc
View File

@ -1743,35 +1743,35 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ Peek(subject, kSubjectOffset);
__ JumpIfSmi(subject, &runtime);
__ Ldr(x10, FieldMemOperand(subject, HeapObject::kMapOffset));
__ Ldrb(string_type, FieldMemOperand(x10, Map::kInstanceTypeOffset));
__ Ldr(jsstring_length, FieldMemOperand(subject, String::kLengthOffset));
// Handle subject string according to its encoding and representation:
// (1) Sequential string? If yes, go to (5).
// (2) Anything but sequential or cons? If yes, go to (6).
// (3) Cons string. If the string is flat, replace subject with first string.
// Otherwise bailout.
// (4) Is subject external? If yes, go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (1) Sequential string? If yes, go to (4).
// (2) Sequential or cons? If not, go to (5).
// (3) Cons string. If the string is flat, replace subject with first string
// and go to (1). Otherwise bail out to runtime.
// (4) Sequential string. Load regexp code according to encoding.
// (E) Carry on.
/// [...]
// Deferred code at the end of the stub:
// (6) Not a long external string? If yes, go to (8).
// (7) External string. Make it, offset-wise, look like a sequential string.
// Go to (5).
// (8) Short external string or not a string? If yes, bail out to runtime.
// (9) Sliced string. Replace subject with parent. Go to (4).
// (5) Long external string? If not, go to (7).
// (6) External string. Make it, offset-wise, look like a sequential string.
// Go to (4).
// (7) Short external string or not a string? If yes, bail out to runtime.
// (8) Sliced string. Replace subject with parent. Go to (1).
Label check_underlying; // (4)
Label seq_string; // (5)
Label not_seq_nor_cons; // (6)
Label external_string; // (7)
Label not_long_external; // (8)
Label check_underlying; // (1)
Label seq_string; // (4)
Label not_seq_nor_cons; // (5)
Label external_string; // (6)
Label not_long_external; // (7)
// (1) Sequential string? If yes, go to (5).
__ Bind(&check_underlying);
__ Ldr(x10, FieldMemOperand(subject, HeapObject::kMapOffset));
__ Ldrb(string_type, FieldMemOperand(x10, Map::kInstanceTypeOffset));
// (1) Sequential string? If yes, go to (4).
__ And(string_representation,
string_type,
kIsNotStringMask |
@ -1788,36 +1788,24 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
// is a String
STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
STATIC_ASSERT(kShortExternalStringTag != 0);
__ Cbz(string_representation, &seq_string); // Go to (5).
__ Cbz(string_representation, &seq_string); // Go to (4).
// (2) Anything but sequential or cons? If yes, go to (6).
// (2) Sequential or cons? If not, go to (5).
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
__ Cmp(string_representation, kExternalStringTag);
__ B(ge, &not_seq_nor_cons); // Go to (6).
__ B(ge, &not_seq_nor_cons); // Go to (5).
// (3) Cons string. Check that it's flat.
__ Ldr(x10, FieldMemOperand(subject, ConsString::kSecondOffset));
__ JumpIfNotRoot(x10, Heap::kempty_stringRootIndex, &runtime);
// Replace subject with first string.
__ Ldr(subject, FieldMemOperand(subject, ConsString::kFirstOffset));
__ B(&check_underlying);
// (4) Is subject external? If yes, go to (7).
__ Bind(&check_underlying);
// Reload the string type.
__ Ldr(x10, FieldMemOperand(subject, HeapObject::kMapOffset));
__ Ldrb(string_type, FieldMemOperand(x10, Map::kInstanceTypeOffset));
STATIC_ASSERT(kSeqStringTag == 0);
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ TestAndBranchIfAnySet(string_type.X(),
kStringRepresentationMask,
&external_string); // Go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (4) Sequential string. Load regexp code according to encoding.
__ Bind(&seq_string);
// Check that the third argument is a positive smi less than the subject
@ -2087,12 +2075,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ TailCallRuntime(Runtime::kRegExpExec);
// Deferred code for string handling.
// (6) Not a long external string? If yes, go to (8).
// (5) Long external string? If not, go to (7).
__ Bind(&not_seq_nor_cons);
// Compare flags are still set.
__ B(ne, &not_long_external); // Go to (8).
__ B(ne, &not_long_external); // Go to (7).
// (7) External string. Make it, offset-wise, look like a sequential string.
// (6) External string. Make it, offset-wise, look like a sequential string.
__ Bind(&external_string);
if (masm->emit_debug_code()) {
// Assert that we do not have a cons or slice (indirect strings) here.
@ -2110,9 +2098,9 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
// Move the pointer so that offset-wise, it looks like a sequential string.
STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
__ Sub(subject, subject, SeqTwoByteString::kHeaderSize - kHeapObjectTag);
__ B(&seq_string); // Go to (5).
__ B(&seq_string); // Go to (4).
// (8) If this is a short external string or not a string, bail out to
// (7) If this is a short external string or not a string, bail out to
// runtime.
__ Bind(&not_long_external);
STATIC_ASSERT(kShortExternalStringTag != 0);
@ -2120,11 +2108,11 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
kShortExternalStringMask | kIsNotStringMask,
&runtime);
// (9) Sliced string. Replace subject with parent.
// (8) Sliced string. Replace subject with parent.
__ Ldr(sliced_string_offset,
UntagSmiFieldMemOperand(subject, SlicedString::kOffsetOffset));
__ Ldr(subject, FieldMemOperand(subject, SlicedString::kParentOffset));
__ B(&check_underlying); // Go to (4).
__ B(&check_underlying); // Go to (1).
#endif
}

75
src/ia32/code-stubs-ia32.cc
View File

@ -776,39 +776,37 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ mov(eax, Operand(esp, kSubjectOffset));
__ JumpIfSmi(eax, &runtime);
__ mov(edx, eax); // Make a copy of the original subject string.
__ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
__ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
// eax: subject string
// edx: subject string
// ebx: subject string instance type
// ecx: RegExp data (FixedArray)
// Handle subject string according to its encoding and representation:
// (1) Sequential two byte? If yes, go to (9).
// (2) Sequential one byte? If yes, go to (6).
// (3) Anything but sequential or cons? If yes, go to (7).
// (4) Cons string. If the string is flat, replace subject with first string.
// Otherwise bailout.
// (5a) Is subject sequential two byte? If yes, go to (9).
// (5b) Is subject external? If yes, go to (8).
// (6) One byte sequential. Load regexp code for one byte.
// (2) Sequential one byte? If yes, go to (5).
// (3) Sequential or cons? If not, go to (6).
// (4) Cons string. If the string is flat, replace subject with first string
// and go to (1). Otherwise bail out to runtime.
// (5) One byte sequential. Load regexp code for one byte.
// (E) Carry on.
/// [...]
// Deferred code at the end of the stub:
// (7) Not a long external string? If yes, go to (10).
// (8) External string. Make it, offset-wise, look like a sequential string.
// (8a) Is the external string one byte? If yes, go to (6).
// (9) Two byte sequential. Load regexp code for one byte. Go to (E).
// (6) Long external string? If not, go to (10).
// (7) External string. Make it, offset-wise, look like a sequential string.
// (8) Is the external string one byte? If yes, go to (5).
// (9) Two byte sequential. Load regexp code for two byte. Go to (E).
// (10) Short external string or not a string? If yes, bail out to runtime.
// (11) Sliced string. Replace subject with parent. Go to (5a).
// (11) Sliced string. Replace subject with parent. Go to (1).
Label seq_one_byte_string /* 6 */, seq_two_byte_string /* 9 */,
external_string /* 8 */, check_underlying /* 5a */,
not_seq_nor_cons /* 7 */, check_code /* E */,
not_long_external /* 10 */;
Label seq_one_byte_string /* 5 */, seq_two_byte_string /* 9 */,
external_string /* 7 */, check_underlying /* 1 */,
not_seq_nor_cons /* 6 */, check_code /* E */, not_long_external /* 10 */;
__ bind(&check_underlying);
// (1) Sequential two byte? If yes, go to (9).
__ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
__ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
__ and_(ebx, kIsNotStringMask |
kStringRepresentationMask |
kStringEncodingMask |
@ -816,14 +814,14 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string); // Go to (9).
// (2) Sequential one byte? If yes, go to (6).
// (2) Sequential one byte? If yes, go to (5).
// Any other sequential string must be one byte.
__ and_(ebx, Immediate(kIsNotStringMask |
kStringRepresentationMask |
kShortExternalStringMask));
__ j(zero, &seq_one_byte_string, Label::kNear); // Go to (6).
__ j(zero, &seq_one_byte_string, Label::kNear); // Go to (5).
// (3) Anything but sequential or cons? If yes, go to (7).
// (3) Sequential or cons? If not, go to (6).
// We check whether the subject string is a cons, since sequential strings
// have already been covered.
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
@ -831,32 +829,19 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
__ cmp(ebx, Immediate(kExternalStringTag));
__ j(greater_equal, &not_seq_nor_cons); // Go to (7).
__ j(greater_equal, &not_seq_nor_cons); // Go to (6).
// (4) Cons string. Check that it's flat.
// Replace subject with first string and reload instance type.
__ cmp(FieldOperand(eax, ConsString::kSecondOffset), factory->empty_string());
__ j(not_equal, &runtime);
__ mov(eax, FieldOperand(eax, ConsString::kFirstOffset));
__ bind(&check_underlying);
__ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
__ mov(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
// (5a) Is subject sequential two byte? If yes, go to (9).
__ test_b(ebx, Immediate(kStringRepresentationMask | kStringEncodingMask));
STATIC_ASSERT((kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string); // Go to (9).
// (5b) Is subject external? If yes, go to (8).
__ test_b(ebx, Immediate(kStringRepresentationMask));
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ j(not_zero, &external_string); // Go to (8).
__ jmp(&check_underlying);
// eax: sequential subject string (or look-alike, external string)
// edx: original subject string
// ecx: RegExp data (FixedArray)
// (6) One byte sequential. Load regexp code for one byte.
// (5) One byte sequential. Load regexp code for one byte.
__ bind(&seq_one_byte_string);
// Load previous index and check range before edx is overwritten. We have
// to use edx instead of eax here because it might have been only made to
@ -1083,12 +1068,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ TailCallRuntime(Runtime::kRegExpExec);
// Deferred code for string handling.
// (7) Not a long external string? If yes, go to (10).
// (6) Long external string? If not, go to (10).
__ bind(&not_seq_nor_cons);
// Compare flags are still set from (3).
__ j(greater, &not_long_external, Label::kNear); // Go to (10).
// (8) External string. Short external strings have been ruled out.
// (7) External string. Short external strings have been ruled out.
__ bind(&external_string);
// Reload instance type.
__ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
@ -1104,14 +1089,14 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
__ sub(eax, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
STATIC_ASSERT(kTwoByteStringTag == 0);
// (8a) Is the external string one byte? If yes, go to (6).
// (8) Is the external string one byte? If yes, go to (5).
__ test_b(ebx, Immediate(kStringEncodingMask));
__ j(not_zero, &seq_one_byte_string); // Goto (6).
__ j(not_zero, &seq_one_byte_string); // Go to (5).
// eax: sequential subject string (or look-alike, external string)
// edx: original subject string
// ecx: RegExp data (FixedArray)
// (9) Two byte sequential. Load regexp code for one byte. Go to (E).
// (9) Two byte sequential. Load regexp code for two byte. Go to (E).
__ bind(&seq_two_byte_string);
// Load previous index and check range before edx is overwritten. We have
// to use edx instead of eax here because it might have been only made to
@ -1131,11 +1116,11 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ test(ebx, Immediate(kIsNotStringMask | kShortExternalStringTag));
__ j(not_zero, &runtime);
// (11) Sliced string. Replace subject with parent. Go to (5a).
// (11) Sliced string. Replace subject with parent. Go to (1).
// Load offset into edi and replace subject string with parent.
__ mov(edi, FieldOperand(eax, SlicedString::kOffsetOffset));
__ mov(eax, FieldOperand(eax, SlicedString::kParentOffset));
__ jmp(&check_underlying); // Go to (5a).
__ jmp(&check_underlying); // Go to (1).
#endif // V8_INTERPRETED_REGEXP
}

67
src/mips/code-stubs-mips.cc
View File

@ -1602,7 +1602,6 @@ void FunctionPrototypeStub::Generate(MacroAssembler* masm) {
masm, PropertyAccessCompiler::MissBuiltin(Code::LOAD_IC));
}
void RegExpExecStub::Generate(MacroAssembler* masm) {
// Just jump directly to runtime if native RegExp is not selected at compile
// time or if regexp entry in generated code is turned off runtime switch or
@ -1635,8 +1634,7 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
// Ensure that a RegExp stack is allocated.
ExternalReference address_of_regexp_stack_memory_address =
ExternalReference::address_of_regexp_stack_memory_address(
isolate());
ExternalReference::address_of_regexp_stack_memory_address(isolate());
ExternalReference address_of_regexp_stack_memory_size =
ExternalReference::address_of_regexp_stack_memory_size(isolate());
__ li(a0, Operand(address_of_regexp_stack_memory_size));
@ -1688,34 +1686,33 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ lw(subject, MemOperand(sp, kSubjectOffset));
__ JumpIfSmi(subject, &runtime);
__ mov(a3, subject); // Make a copy of the original subject string.
__ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
// subject: subject string
// a3: subject string
// a0: subject string instance type
// regexp_data: RegExp data (FixedArray)
// Handle subject string according to its encoding and representation:
// (1) Sequential string? If yes, go to (5).
// (2) Anything but sequential or cons? If yes, go to (6).
// (3) Cons string. If the string is flat, replace subject with first string.
// Otherwise bailout.
// (4) Is subject external? If yes, go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (1) Sequential string? If yes, go to (4).
// (2) Sequential or cons? If not, go to (5).
// (3) Cons string. If the string is flat, replace subject with first string
// and go to (1). Otherwise bail out to runtime.
// (4) Sequential string. Load regexp code according to encoding.
// (E) Carry on.
/// [...]
// Deferred code at the end of the stub:
// (6) Not a long external string? If yes, go to (8).
// (7) External string. Make it, offset-wise, look like a sequential string.
// Go to (5).
// (8) Short external string or not a string? If yes, bail out to runtime.
// (9) Sliced string. Replace subject with parent. Go to (4).
// (5) Long external string? If not, go to (7).
// (6) External string. Make it, offset-wise, look like a sequential string.
// Go to (4).
// (7) Short external string or not a string? If yes, bail out to runtime.
// (8) Sliced string. Replace subject with parent. Go to (1).
Label seq_string /* 5 */, external_string /* 7 */,
check_underlying /* 4 */, not_seq_nor_cons /* 6 */,
not_long_external /* 8 */;
Label seq_string /* 4 */, external_string /* 6 */, check_underlying /* 1 */,
not_seq_nor_cons /* 5 */, not_long_external /* 7 */;
// (1) Sequential string? If yes, go to (5).
__ bind(&check_underlying);
__ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
// (1) Sequential string? If yes, go to (4).
__ And(a1,
a0,
Operand(kIsNotStringMask |
@ -1724,12 +1721,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT((kStringTag | kSeqStringTag) == 0);
__ Branch(&seq_string, eq, a1, Operand(zero_reg)); // Go to (5).
// (2) Anything but sequential or cons? If yes, go to (6).
// (2) Sequential or cons? If not, go to (5).
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
// Go to (6).
// Go to (5).
__ Branch(&not_seq_nor_cons, ge, a1, Operand(kExternalStringTag));
// (3) Cons string. Check that it's flat.
@ -1738,19 +1735,9 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ LoadRoot(a1, Heap::kempty_stringRootIndex);
__ Branch(&runtime, ne, a0, Operand(a1));
__ lw(subject, FieldMemOperand(subject, ConsString::kFirstOffset));
__ jmp(&check_underlying);
// (4) Is subject external? If yes, go to (7).
__ bind(&check_underlying);
__ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
STATIC_ASSERT(kSeqStringTag == 0);
__ And(at, a0, Operand(kStringRepresentationMask));
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ Branch(&external_string, ne, at, Operand(zero_reg)); // Go to (7).
// (5) Sequential string. Load regexp code according to encoding.
// (4) Sequential string. Load regexp code according to encoding.
__ bind(&seq_string);
// subject: sequential subject string (or look-alike, external string)
// a3: original subject string
@ -1992,12 +1979,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ TailCallRuntime(Runtime::kRegExpExec);
// Deferred code for string handling.
// (6) Not a long external string? If yes, go to (8).
// (5) Long external string? If not, go to (7).
__ bind(&not_seq_nor_cons);
// Go to (8).
// Go to (7).
__ Branch(&not_long_external, gt, a1, Operand(kExternalStringTag));
// (7) External string. Make it, offset-wise, look like a sequential string.
// (6) External string. Make it, offset-wise, look like a sequential string.
__ bind(&external_string);
__ lw(a0, FieldMemOperand(subject, HeapObject::kMapOffset));
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
@ -2019,13 +2006,13 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
SeqTwoByteString::kHeaderSize - kHeapObjectTag);
__ jmp(&seq_string); // Go to (5).
// (8) Short external string or not a string? If yes, bail out to runtime.
// (7) Short external string or not a string? If yes, bail out to runtime.
__ bind(&not_long_external);
STATIC_ASSERT(kNotStringTag != 0 && kShortExternalStringTag !=0);
__ And(at, a1, Operand(kIsNotStringMask | kShortExternalStringMask));
__ Branch(&runtime, ne, at, Operand(zero_reg));
// (9) Sliced string. Replace subject with parent. Go to (4).
// (8) Sliced string. Replace subject with parent. Go to (4).
// Load offset into t0 and replace subject string with parent.
__ lw(t0, FieldMemOperand(subject, SlicedString::kOffsetOffset));
__ sra(t0, t0, kSmiTagSize);

3
src/mips64/code-stubs-mips64.cc
View File

@ -1742,9 +1742,6 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ lbu(a0, FieldMemOperand(a0, Map::kInstanceTypeOffset));
STATIC_ASSERT(kSeqStringTag == 0);
__ And(at, a0, Operand(kStringRepresentationMask));
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ Branch(&external_string, ne, at, Operand(zero_reg)); // Go to (7).
// (5) Sequential string. Load regexp code according to encoding.

3
src/objects.h
View File

@ -9238,9 +9238,6 @@ class ExternalString: public String {
static const int kResourceDataOffset = kResourceOffset + kPointerSize;
static const int kSize = kResourceDataOffset + kPointerSize;
static const int kMaxShortLength =
(kShortSize - SeqString::kHeaderSize) / kCharSize;
// Return whether external string is short (data pointer is not cached).
inline bool is_short();

72
src/x64/code-stubs-x64.cc
View File

@ -644,35 +644,34 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ movp(rdi, args.GetArgumentOperand(SUBJECT_STRING_ARGUMENT_INDEX));
__ JumpIfSmi(rdi, &runtime);
__ movp(r15, rdi); // Make a copy of the original subject string.
__ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
__ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
// rax: RegExp data (FixedArray)
// rdi: subject string
// r15: subject string
// Handle subject string according to its encoding and representation:
// (1) Sequential two byte? If yes, go to (9).
// (2) Sequential one byte? If yes, go to (6).
// (3) Anything but sequential or cons? If yes, go to (7).
// (4) Cons string. If the string is flat, replace subject with first string.
// Otherwise bailout.
// (5a) Is subject sequential two byte? If yes, go to (9).
// (5b) Is subject external? If yes, go to (8).
// (6) One byte sequential. Load regexp code for one byte.
// (2) Sequential one byte? If yes, go to (5).
// (3) Sequential or cons? If not, go to (6).
// (4) Cons string. If the string is flat, replace subject with first string
// and go to (1). Otherwise bail out to runtime.
// (5) One byte sequential. Load regexp code for one byte.
// (E) Carry on.
/// [...]
// Deferred code at the end of the stub:
// (7) Not a long external string? If yes, go to (10).
// (8) External string. Make it, offset-wise, look like a sequential string.
// (8a) Is the external string one byte? If yes, go to (6).
// (9) Two byte sequential. Load regexp code for one byte. Go to (E).
// (6) Long external string? If not, go to (10).
// (7) External string. Make it, offset-wise, look like a sequential string.
// (8) Is the external string one byte? If yes, go to (5).
// (9) Two byte sequential. Load regexp code for two byte. Go to (E).
// (10) Short external string or not a string? If yes, bail out to runtime.
// (11) Sliced string. Replace subject with parent. Go to (5a).
// (11) Sliced string. Replace subject with parent. Go to (1).
Label seq_one_byte_string /* 6 */, seq_two_byte_string /* 9 */,
external_string /* 8 */, check_underlying /* 5a */,
not_seq_nor_cons /* 7 */, check_code /* E */,
not_long_external /* 10 */;
Label seq_one_byte_string /* 5 */, seq_two_byte_string /* 9 */,
external_string /* 7 */, check_underlying /* 1 */,
not_seq_nor_cons /* 6 */, check_code /* E */, not_long_external /* 10 */;
__ bind(&check_underlying);
__ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
__ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
// (1) Sequential two byte? If yes, go to (9).
__ andb(rbx, Immediate(kIsNotStringMask |
@ -682,14 +681,14 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string); // Go to (9).
// (2) Sequential one byte? If yes, go to (6).
// (2) Sequential one byte? If yes, go to (5).
// Any other sequential string must be one byte.
__ andb(rbx, Immediate(kIsNotStringMask |
kStringRepresentationMask |
kShortExternalStringMask));
__ j(zero, &seq_one_byte_string, Label::kNear); // Go to (6).
__ j(zero, &seq_one_byte_string, Label::kNear); // Go to (5).
// (3) Anything but sequential or cons? If yes, go to (7).
// (3) Sequential or cons? If not, go to (6).
// We check whether the subject string is a cons, since sequential strings
// have already been covered.
STATIC_ASSERT(kConsStringTag < kExternalStringTag);
@ -697,7 +696,7 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
__ cmpp(rbx, Immediate(kExternalStringTag));
__ j(greater_equal, &not_seq_nor_cons); // Go to (7).
__ j(greater_equal, &not_seq_nor_cons); // Go to (6).
// (4) Cons string. Check that it's flat.
// Replace subject with first string and reload instance type.
@ -705,22 +704,9 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
Heap::kempty_stringRootIndex);
__ j(not_equal, &runtime);
__ movp(rdi, FieldOperand(rdi, ConsString::kFirstOffset));
__ bind(&check_underlying);
__ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
__ movp(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
__ jmp(&check_underlying);
// (5a) Is subject sequential two byte? If yes, go to (9).
__ testb(rbx, Immediate(kStringRepresentationMask | kStringEncodingMask));
STATIC_ASSERT((kSeqStringTag | kTwoByteStringTag) == 0);
__ j(zero, &seq_two_byte_string); // Go to (9).
// (5b) Is subject external? If yes, go to (8).
__ testb(rbx, Immediate(kStringRepresentationMask));
// The underlying external string is never a short external string.
STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
__ j(not_zero, &external_string); // Go to (8)
// (6) One byte sequential. Load regexp code for one byte.
// (5) One byte sequential. Load regexp code for one byte.
__ bind(&seq_one_byte_string);
// rax: RegExp data (FixedArray)
__ movp(r11, FieldOperand(rax, JSRegExp::kDataOneByteCodeOffset));
@ -967,12 +953,12 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ TailCallRuntime(Runtime::kRegExpExec);
// Deferred code for string handling.
// (7) Not a long external string? If yes, go to (10).
// (6) Long external string? If not, go to (10).
__ bind(&not_seq_nor_cons);
// Compare flags are still set from (3).
__ j(greater, &not_long_external, Label::kNear); // Go to (10).
// (8) External string. Short external strings have been ruled out.
// (7) External string. Short external strings have been ruled out.
__ bind(&external_string);
__ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
__ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
@ -987,13 +973,13 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
__ subp(rdi, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
STATIC_ASSERT(kTwoByteStringTag == 0);
// (8a) Is the external string one byte? If yes, go to (6).
// (8) Is the external string one byte? If yes, go to (5).
__ testb(rbx, Immediate(kStringEncodingMask));
__ j(not_zero, &seq_one_byte_string); // Goto (6).
__ j(not_zero, &seq_one_byte_string); // Go to (5).
// rdi: subject string (flat two-byte)
// rax: RegExp data (FixedArray)
// (9) Two byte sequential. Load regexp code for one byte. Go to (E).
// (9) Two byte sequential. Load regexp code for two byte. Go to (E).
__ bind(&seq_two_byte_string);
__ movp(r11, FieldOperand(rax, JSRegExp::kDataUC16CodeOffset));
__ Set(rcx, 0); // Type is two byte.
@ -1006,7 +992,7 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {
__ testb(rbx, Immediate(kIsNotStringMask | kShortExternalStringMask));
__ j(not_zero, &runtime);
// (11) Sliced string. Replace subject with parent. Go to (5a).
// (11) Sliced string. Replace subject with parent. Go to (1).
// Load offset into r14 and replace subject string with parent.
__ SmiToInteger32(r14, FieldOperand(rdi, SlicedString::kOffsetOffset));
__ movp(rdi, FieldOperand(rdi, SlicedString::kParentOffset));

3
test/cctest/cctest.status
View File

@ -86,6 +86,9 @@
'test-func-name-inference/UpperCaseClass': [FAIL],
'test-func-name-inference/LowerCaseClass': [FAIL],
# BUG(4923). MIPS64 port is missing.
'test-regexp/UncachedExternalString': [PASS, ['arch==mips64 or arch==mips64el', FAIL]],
##############################################################################
# TurboFan compiler failures.

23
test/cctest/test-regexp.cc
View File

@ -1973,3 +1973,26 @@ TEST(UseCountRegExp) {
CHECK_EQ(1, use_counts[v8::Isolate::kRegExpPrototypeToString]);
CHECK(resultToStringError->IsObject());
}
class UncachedExternalString
: public v8::String::ExternalOneByteStringResource {
public:
const char* data() const override { return "abcdefghijklmnopqrstuvwxyz"; }
size_t length() const override { return 26; }
bool IsCompressible() const override { return true; }
};
TEST(UncachedExternalString) {
v8::Isolate* isolate = CcTest::isolate();
v8::HandleScope scope(isolate);
LocalContext env;
v8::Local<v8::String> external =
v8::String::NewExternalOneByte(isolate, new UncachedExternalString())
.ToLocalChecked();
CHECK(v8::Utils::OpenHandle(*external)->map() ==
CcTest::i_isolate()->heap()->short_external_one_byte_string_map());
v8::Local<v8::Object> global = env->Global();
global->Set(env.local(), v8_str("external"), external).FromJust();
CompileRun("var re = /y(.)/; re.test('ab');");
ExpectString("external.substring(1).match(re)[1]", "z");
}