• Jakob Gruber's avatar
    [regexp] Move the RegExpSpeciesProtector to the native context · fa2bed3f
    Jakob Gruber authored
    Prior to this CL, it was possible to pollute another context's
    fast/slow-path state for RegExp builtins due to the species protector
    being per-isolate rather than per-context. Among other things, this
    means that iframes can slow down the main site, and slowdowns persist
    across page reloads and navigation within the same tab.
    
    This CL thus moves the RegExpSpeciesProtector to the native context.
    
    The same should be done for all other protectors in the future.
    
    Bug: chromium:977382, v8:5577, v8:9463
    Change-Id: I577f470229cb9dfcd4a88c20b1b9111c65a9b85f
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695465
    Auto-Submit: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#62631}
    fa2bed3f
isolate.cc 172 KB