[webkit-changes] [WebKit/WebKit] 06b56b: [Yarr] ASSERTION FAILED: m_setOp == CharacterClass...

Michael Saboff noreply at github.com
Wed May 17 09:40:00 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 06b56b4c9d0015be87161819dd740b686827980e
      https://github.com/WebKit/WebKit/commit/06b56b4c9d0015be87161819dd740b686827980e
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2023-05-17 (Wed, 17 May 2023)

  Changed paths:
    M JSTests/stress/regexp-vflag-property-of-strings.js
    M Source/JavaScriptCore/yarr/YarrParser.h

  Log Message:
  -----------
  [Yarr] ASSERTION FAILED: m_setOp == CharacterClassSetOp::Default || m_setOp == setOp
https://bugs.webkit.org/show_bug.cgi?id=256822
rdar://108256053

Reviewed by Yusuke Suzuki.

Refactored ClassSetParserDelegate state transitions.  Prior to this refactoring, ClassSetConstructionState::Empty
was used at both the start of a class set and after a class set operation with its left and right operands.
Given that this bug occurred with standalone class set operator, the prior use of ClassSetConstructionState::Empty
didn't allow for proper detection of the bug case.  Changed the state after the right hand operand of a class set
operator to be ClassSetConstructionState::AfterSetOperand Most of the refactoring occurs in
ClassSetParserDelegate::atomPatternCharacter() and ClassSetParserDelegate::atomBuiltInCharacterClass().

This change necessitated some other changes.  Added a new ClassSet parseEscape() mode to simplify processing of
\q{} class disjunction escapes.  Since class set disjunctions may return strings, a parsed class set disjunction
returns a new TokenType, SetDisjunction, to distinguish it from the other parse escapes results that resolve to
either a single character, via atomPatternCharacter(), or a builtin character class, via atomBuiltInCharacterClass().

Updated regexp-vflag-property-of-strings.js with new test cases.

* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrParser.h:
(JSC::Yarr::Parser::ClassSetParserDelegate::nestedClassEnd):
(JSC::Yarr::Parser::ClassSetParserDelegate::setSubtractOp):
(JSC::Yarr::Parser::ClassSetParserDelegate::setIntersectionOp):
(JSC::Yarr::Parser::ClassSetParserDelegate::afterSetOperand):
(JSC::Yarr::Parser::ClassSetParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::ClassSetParserDelegate::atomBuiltInCharacterClass):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::parseClassSetEscape):
(JSC::Yarr::Parser::parseClassSet):
(JSC::Yarr::Parser::parseClassStringDisjunction):
(JSC::Yarr::Parser::ClassSetParserDelegate::afterOperand): Deleted.

Canonical link: https://commits.webkit.org/264153@main

More information about the webkit-changes mailing list