Backed out 3 changesets (bug 1636495) for SM bustages at huge-01.binjs. CLOSED TREE

Backed out changeset 5be0a4315674 (bug 1636495) Backed out changeset 7ac33283a786 (bug 1636495) Backed out changeset 4b98c08423c9 (bug 1636495)
2024-10-22 09:45:41 +00:00 · 2020-05-12 20:19:37 +03:00 · 2020-05-12 20:19:37 +03:00 · a1b92d521b
commit a1b92d521b
parent 8cebe6f218
8 changed files with 27 additions and 84 deletions
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -6390,14 +6390,26 @@ nsContentUtils::FindInternalContentViewer(const nsACString& aType,

 static void ReportPatternCompileFailure(nsAString& aPattern,
                                        const Document* aDocument,
-                                        JS::MutableHandle<JS::Value> error,
                                        JSContext* cx) {
+  MOZ_ASSERT(JS_IsExceptionPending(cx));
+
+  JS::RootedValue exn(cx);
+  if (!JS_GetPendingException(cx, &exn)) {
+    return;
+  }
+  if (!exn.isObject()) {
+    // If pending exception is not an object, it should be OOM.
+    return;
+  }
+
  JS::AutoSaveExceptionState savedExc(cx);
-  JS::RootedObject exnObj(cx, &error.toObject());
+  JS::RootedObject exnObj(cx, &exn.toObject());
  JS::RootedValue messageVal(cx);
  if (!JS_GetProperty(cx, exnObj, "message", &messageVal)) {
    return;
  }
+  MOZ_ASSERT(messageVal.isString());
+
  JS::RootedString messageStr(cx, messageVal.toString());
  MOZ_ASSERT(messageStr);

@ -6434,16 +6446,15 @@ Maybe<bool> nsContentUtils::IsPatternMatching(nsAString& aValue,

  // Check if the pattern by itself is valid first, and not that it only becomes
  // valid once we add ^(?: and )$.
-  JS::RootedValue error(cx);
-  if (!JS::CheckRegExpSyntax(
-          cx, static_cast<char16_t*>(aPattern.BeginWriting()),
-          aPattern.Length(), JS::RegExpFlag::Unicode, &error)) {
-    return Nothing();
-  }
-
-  if (!error.isUndefined()) {
-    ReportPatternCompileFailure(aPattern, aDocument, &error, cx);
-    return Some(true);
+  {
+    JS::Rooted<JSObject*> testRe(
+        cx, JS::NewUCRegExpObject(
+                cx, static_cast<char16_t*>(aPattern.BeginWriting()),
+                aPattern.Length(), JS::RegExpFlag::Unicode));
+    if (!testRe) {
+      ReportPatternCompileFailure(aPattern, aDocument, cx);
+      return Some(true);
+    }
  }

  // The pattern has to match the entire value.
@ -6454,9 +6465,8 @@ Maybe<bool> nsContentUtils::IsPatternMatching(nsAString& aValue,
      cx,
      JS::NewUCRegExpObject(cx, static_cast<char16_t*>(aPattern.BeginWriting()),
                            aPattern.Length(), JS::RegExpFlag::Unicode));
-  if (!re) {
-    return Nothing();
-  }
+  // We checked that the pattern is valid above.
+  MOZ_ASSERT(re, "Adding ^(?: and )$ shouldn't make a valid regexp invalid");

  JS::Rooted<JS::Value> rval(cx, JS::NullValue());
  size_t idx = 0;
--- a/js/public/RegExp.h
+++ b/js/public/RegExp.h
@ -79,16 +79,6 @@ extern JS_PUBLIC_API RegExpFlags GetRegExpFlags(JSContext* cx,
 */
 extern JS_PUBLIC_API JSString* GetRegExpSource(JSContext* cx,
                                               Handle<JSObject*> obj);
-/**
- * Check whether the given source is a valid regexp. If the regexp parses
- * successfully, returns true and sets |error| to undefined. If the regexp
- * has a syntax error, returns true, sets |error| to that error object, and
- * clears the exception. Returns false on OOM or over-recursion.
- */
-extern JS_PUBLIC_API bool CheckRegExpSyntax(JSContext* cx,
-                                            const char16_t* chars,
-                                            size_t length, RegExpFlags flags,
-                                            MutableHandle<Value> error);

 }  // namespace JS

--- a/js/src/jit-test/tests/binast/lazy/regexp/huge-01.binjs
+++ b/js/src/jit-test/tests/binast/lazy/regexp/huge-01.binjs
--- a/js/src/jit-test/tests/binast/nonlazy/regexp/huge-01.binjs
+++ b/js/src/jit-test/tests/binast/nonlazy/regexp/huge-01.binjs
--- a/js/src/jit-test/tests/regexp/huge-01.js
+++ b/js/src/jit-test/tests/regexp/huge-01.js
@ -10,9 +10,7 @@ function g(N, p) {
        // 1. Regexp too big is raised by the lack of the 64k virtual registers
        // reserved for the regexp evaluation.
        // 2. The stack overflow can occur during the analysis of the regexp
-        assertEq(e.message.includes("regexp too big") ||
-		 e.message.includes("Stack overflow") ||
-		 e.message.includes("too much recursion"), true);
+        assertEq(e.message.includes("regexp too big") || e.message.includes("Stack overflow"), true);
    }
 }

--- a/js/src/new-regexp/RegExpAPI.cpp
+++ b/js/src/new-regexp/RegExpAPI.cpp
@ -153,11 +153,6 @@ static void ReportSyntaxError(TokenStreamAnyChars& ts,
  gc::AutoSuppressGC suppressGC(ts.context());
  uint32_t errorNumber = ErrorNumber(result.error);

-  if (errorNumber == JSMSG_OVER_RECURSED) {
-    ReportOverRecursed(ts.context());
-    return;
-  }
-
  uint32_t offset = std::max(result.error_pos, 0);
  MOZ_ASSERT(offset <= length);

@ -432,7 +427,7 @@ bool CompilePattern(JSContext* cx, MutableHandleRegExpShared re,
  data.error = AnalyzeRegExp(cx->isolate, isLatin1, data.node);
  if (data.error != RegExpError::kNone) {
    MOZ_ASSERT(data.error == RegExpError::kAnalysisStackOverflow);
-    ReportOverRecursed(cx);
+    JS_ReportErrorASCII(cx, "Stack overflow");
    return false;
  }

--- a/js/src/vm/RegExpObject.cpp
+++ b/js/src/vm/RegExpObject.cpp
@ -1758,36 +1758,3 @@ JS_PUBLIC_API JSString* JS::GetRegExpSource(JSContext* cx, HandleObject obj) {
  }
  return shared->getSource();
 }
-
-JS_PUBLIC_API bool JS::CheckRegExpSyntax(JSContext* cx, const char16_t* chars,
-                                         size_t length, RegExpFlags flags,
-                                         MutableHandleValue error) {
-  AssertHeapIsIdle();
-  CHECK_THREAD(cx);
-
-  CompileOptions dummyOptions(cx);
-  frontend::DummyTokenStream dummyTokenStream(cx, dummyOptions);
-
-  LifoAllocScope allocScope(&cx->tempLifoAlloc());
-
-  mozilla::Range<const char16_t> source(chars, length);
-#ifdef ENABLE_NEW_REGEXP
-  bool success =
-      irregexp::CheckPatternSyntax(cx, dummyTokenStream, source, flags);
-#else
-  bool success = irregexp::ParsePatternSyntax(
-      dummyTokenStream, allocScope.alloc(), source, flags.unicode());
-#endif
-  error.set(UndefinedValue());
-  if (!success) {
-    // We can fail because of OOM or over-recursion even if the syntax is valid.
-    if (cx->isThrowingOutOfMemory() || cx->isThrowingOverRecursed()) {
-      return false;
-    }
-    if (!cx->getPendingException(error)) {
-      return false;
-    }
-    cx->clearPendingException();
-  }
-  return true;
-}
--- a/testing/web-platform/tests/html/semantics/forms/constraints/input-pattern-dynamic-value.html
+++ b/testing/web-platform/tests/html/semantics/forms/constraints/input-pattern-dynamic-value.html
@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Pattern dynamic value attribute change</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<link rel="help" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1636495">
-<input pattern="a" value="a">
-<script>
-test(function() {
-  let i = document.querySelector("input");
-  assert_false(i.matches(":invalid"));
-  i.pattern = "b";
-  assert_true(i.matches(":invalid"));
-  i.pattern = "(";
-  assert_false(i.matches(":invalid"));
-}, "input validation is updated after pattern attribute change");
-</script>