Fix crash: handle all flat string types in regexp replace.

src/runtime.cc

 // Copyright 2006-2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 2266 matching lines @@
     matched = !match->IsNull();
   } while (matched);
 
   if (prev < length) {
     builder.AddSubjectSlice(prev, length);
   }
 
   return *(builder.ToString());
 }
 
+
 template <typename ResultSeqString>
-static Object* StringReplaceRegExpWithEmptyString(ResultSeqString* subject,
+static Object* StringReplaceRegExpWithEmptyString(String* subject,
                                                   JSRegExp* regexp,
                                                   JSArray* last_match_info) {
   ASSERT(subject->IsFlat());
 
   HandleScope handles;
 
   Handle<String> subject_handle(subject);
   Handle<JSRegExp> regexp_handle(regexp);
   Handle<JSArray> last_match_info_handle(last_match_info);
   Handle<Object> match = RegExpImpl::Exec(regexp_handle,
@@ skipping 14 matching lines @@
 
     start = RegExpImpl::GetCapture(match_info_array, 0);
     end = RegExpImpl::GetCapture(match_info_array, 1);
   }
 
   int length = subject->length();
   int new_length = length - (end - start);
   if (new_length == 0) {
     return Heap::empty_string();
   }
-  // TODO(sandholm) try to use types statically to determine this.
   Handle<ResultSeqString> answer;
-  if (subject_handle->IsAsciiRepresentation()) {
+  if (ResultSeqString::kHasAsciiEncoding) {
     answer =
         Handle<ResultSeqString>::cast(Factory::NewRawAsciiString(new_length));
   } else {
     answer =
         Handle<ResultSeqString>::cast(Factory::NewRawTwoByteString(new_length));
   }
 
   // If the regexp isn't global, only match once.
   if (!regexp_handle->GetFlags().is_global()) {
     if (start > 0) {
@@ skipping 97 matching lines @@
     }
     replacement = String::cast(flat_replacement);
   }
 
   CONVERT_CHECKED(JSRegExp, regexp, args[1]);
   CONVERT_CHECKED(JSArray, last_match_info, args[3]);
 
   ASSERT(last_match_info->HasFastElements());
 
   if (replacement->length() == 0) {
-    if (subject->IsAsciiRepresentation()) {
-      return StringReplaceRegExpWithEmptyString(SeqAsciiString::cast(subject),
-                                                regexp,
-                                                last_match_info);
+    if (subject->IsAsciiRepresentation() || subject->HasOnlyAsciiChars()) {

[Lasse Reichstein, 2010/07/06 12:09:36]

Does subject->IsAsciiRepresentation() imply subject->HasOnlyAsciiChars()? (I.e.,
could we do with just HasOnlyAsciiChars?)

[Vitaly Repeshko, 2010/07/06 12:22:39]

Done.

+      return StringReplaceRegExpWithEmptyString<SeqAsciiString>(
+          subject, regexp, last_match_info);
     } else {
-      return StringReplaceRegExpWithEmptyString(SeqTwoByteString::cast(subject),
-                                                regexp,
-                                                last_match_info);
+      return StringReplaceRegExpWithEmptyString<SeqTwoByteString>(
+          subject, regexp, last_match_info);
     }
   }
 
   return StringReplaceRegExpWithString(subject,
                                        regexp,
                                        replacement,
                                        last_match_info);
 }
 
 
@@ skipping 8077 matching lines @@
   } else {
     // Handle last resort GC and make sure to allow future allocations
     // to grow the heap without causing GCs (if possible).
     Counters::gc_last_resort_from_js.Increment();
     Heap::CollectAllGarbage(false);
   }
 }
 
 
 } }  // namespace v8::internal