• Jakob Gruber's avatar
    [regexp] Use the correct native context for the regexp species protector · 1e88fece
    Jakob Gruber authored
    The regexp species protector was recently moved from the isolate onto
    the native context to avoid cross-context pollution of the regexp fast
    path state.
    
    The implementation was incomplete. We unconditionally used the isolate's
    current native context, but it is possible for the object we are looking
    at to come from a different context (= its creation context).
    
    The fix is two-fold. 1. when speed is not too important (e.g. when
    invalidating the protector), grab the creation context off the object.
    2. in the regexp fast path check, just document how our current solution
    is sufficient: although we may initially look at the wrong protector
    cell, we'd later bail out when comparing the object's map against the
    initial regexp map (stored on the current native context).
    
    Bug: v8:9463
    Change-Id: I653732b573f2dd456b3c6b723653dcacf9ead591
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776078
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
    Auto-Submit: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#63520}
    1e88fece
regexp-utils.cc 8.1 KB