• Jakob Gruber's avatar
    [regexp] Ensure ToString(replaceValue) is called once in @@replace · f8d11696
    Jakob Gruber authored
    @@replace should only call ToString(replaceValue) once. Prior to this
    CL this was not the case when
    
    1. the given regexp is fast
    2. the replacement is not callable
    3. and its string representation contains a '$'.
    
    In such a situation we'd call ToString both in the RegExpReplace
    builtin, and after bailing out again in the RegExpReplaceRT runtime
    function.
    
    The fix is to pass the result of ToString(replaceValue) to the runtime
    function. ToString in RegExpReplaceRT will be a no-op since the value
    is already guaranteed to be a string.
    
    Bug: chromium:947822
    Change-Id: I14b4932a5ee29e49de4c2131dc2e98b50d93da49
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559739
    Auto-Submit: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60733}
    f8d11696
regress-947822.js 451 Bytes