src/init · 91154b3706d09f7c584032ab0c3faf4a93909756 · Linshizhi / V8

[regexp] Move the RegExpSpeciesProtector to the native context · fa2bed3f

Jakob Gruber authored Jul 11, 2019

Prior to this CL, it was possible to pollute another context's
fast/slow-path state for RegExp builtins due to the species protector
being per-isolate rather than per-context. Among other things, this
means that iframes can slow down the main site, and slowdowns persist
across page reloads and navigation within the same tab.

This CL thus moves the RegExpSpeciesProtector to the native context.

The same should be done for all other protectors in the future.

Bug: chromium:977382, v8:5577, v8:9463
Change-Id: I577f470229cb9dfcd4a88c20b1b9111c65a9b85f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695465
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62631}

fa2bed3f

Name	Last commit	Last update
..
OWNERS		Loading commit data...
bootstrapper.cc		Loading commit data...
bootstrapper.h		Loading commit data...
heap-symbols.h		Loading commit data...
icu_util.cc		Loading commit data...
icu_util.h		Loading commit data...
isolate-allocator.cc		Loading commit data...
isolate-allocator.h		Loading commit data...
setup-isolate-deserialize.cc		Loading commit data...
setup-isolate-full.cc		Loading commit data...
setup-isolate.h		Loading commit data...
startup-data-util.cc		Loading commit data...
startup-data-util.h		Loading commit data...
v8.cc		Loading commit data...
v8.h		Loading commit data...