archives

« Bugzilla Issues Index

#1575 — 15.10.6.2 (RegExpExec): Access to [[RegExpMatcher]] in step 2 is visible by non-standard RegExp.p.compile


The [[Match]] property was accessed in step 9 in ES5.1 (cf. 15.10.6.2 RegExp.prototype.exec), but has been changed to step 2 (cf. [[RegExpMatcher]] in RegExpExec abstract operation). This change is potentially user due to the non-standard RegExp.prototype.compile function.

Example:
---
var r = /a/;
r.lastIndex = {valueOf: function(){ print("compile"); r.compile("b","g") }}; r.exec("b")
---

V8 and Opera(12.15 - not V8 based) both return `["b"]`, whereas SpiderMonkey returns `null`. (JSC and IE10 don't even execute the valueOf function.)

Per the current ES6 draft, the expected result is `null`.


In ES6 compile is defined in annex B

moved capture of [[RegExpMatcher]] beyond the initial side-effects. A put access for "lastIndex" could still cause side effects within the match loop, but I don't think they should be allowed to change the matcher used within the loop.

Fixed in rev17 editor's draft


fixed in rev17, August 23, 2013 draft