irregexp cometh [Fx32] - Githubissues

https://bugzilla.mozilla.org/show_bug.cgi?id=976446

It appears to use the existing MacroAssemblers (yay!), so we just need to adopt 
the ARM LR usage, and probe for endian problems. At least it landed in 32, so 
there won't be much difference from 31.

Original issue reported on code.google.com by classi...@floodgap.com on 22 May 2014 at 3:28

Big problems with irregexp.

print("1".match(/[123]/))
returns (correctly) 1 on 31
returns null on 33

print("12".match(/1./))
returns (correctly) 12 on 31
asserts on 33:

Assertion failure: size_t(p.limit) <= inputLength, at 
/Volumes/BruceDeuce/src/mozilla-33a/js/src/vm/MatchPairs.h:91

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x00628874 in js::MatchPairs::checkAgainst (this=<value temporarily 
unavailable, due to optimizations>, inputLength=<value temporarily unavailable, 
due to optimizations>) at MatchPairs.h:50
50              JS_ASSERT_IF(limit < 0, limit == -1);

If we run with --no-native-regexp, both work correctly, so the problem is 
within the assembler.

We cannot advance without fixing this; this is too large a regression.

Original comment by classi...@floodgap.com on 25 Aug 2014 at 2:24

Added labels: Priority-Critical
Removed labels: Priority-Medium

Similarly,

print("1".match(/./))
returns (correctly) 1 on 31
returns (correctly) 1 on 33 with --no-native-regexp
returns null on 33

Original comment by classi...@floodgap.com on 25 Aug 2014 at 2:26

GNU gdb 6.3.50-20050815 (Apple version gdb-768 TenFourFox patch 2) (Sun Oct  6 
02:44:03 GMT 2013)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-apple-darwin"...
warning: --arch option not supported in this gdb.
Reading symbols for shared libraries ........... done

(gdb) run
Starting program: /Volumes/BruceDeuce/src/mozilla-33a/obj-ff-dbg/dist/bin/js 
--no-ion --no-baseline
warning: Could not find malloc init callback function.  
Make sure malloc is initialized before calling functions.
Reading symbols for shared libraries 
...........................................................................++ 
done
js> print("1".match(/./))

[Codegen] Starting RegExp (input_end_pointer r3) (current_character r4) 
(current_position r5) (backtrack_stack_pointer r6) (temp0 r7) temp1 (r8) temp2 
(r9)
[Codegen] == jump(l) ==
[Codegen] bfffc55c --- b .+8
[Codegen] ##setNextJump (bfffc55c -> ffffffff) (48000008)

[Codegen] #label     ((8))
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((8))
[Codegen] bfffc564 --- lis r7,0 (0x0)
[Codegen] bfffc568 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc56c --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc570 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc574 --- lis r12,385 (0x1810000)
[Codegen] bfffc578 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc57c --- lwz r0,0(r12)
[Codegen] bfffc580 --- cmplw cr0,r0,r6
[Codegen] bfffc584 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc584 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc58c --- or r9,sp,sp
[Codegen] bfffc590 --- bl .+8
[Codegen] ##setNextJump (bfffc590 -> ffffffff) (48000009)

[Codegen] #label     ((60))
[Codegen] ##linkPendedJump @ bfffc584
[Codegen] ##link2    ((0xbfffc584)) jumps to ((0xbfffc598))
[Codegen] #label     ((60))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc598 --- and. r0,r7,r7
[Codegen] bfffc59c --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc59c -> ffffffff) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! LoadCurrentCharacter(0, 1)
[Codegen] !!! CheckPosition(0)
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc5a4 --- cmplwi r5,0 (0x0)
[Codegen] bfffc5a8 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc5a8 -> ffffffff) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] bfffc5b0 --- lbzx r4,r3,r5
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] bfffc5b4 --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] bfffc5b8 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc5bc --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] bfffc5c0 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc5c4 --- cmplwi r7,1 (0x1)
[Codegen] bfffc5c8 --- bc 4, 1, 8
[Codegen] ##setNextJump (bfffc5c8 -> 00000054) (40810008)

[Codegen] !!! PushCurrentPosition
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc5d0 --- stw r5,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc5d4 --- addi r6,r6,4 (0x4)
[Codegen] !!! WriteCurrentPositionToRegister(0, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc5d8 --- stw r5,28(sp)
[Codegen] !!! WriteCurrentPositionToRegister(1, 1)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] bfffc5dc --- addi r7,r5,1 (0x1)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc5e0 --- stw r7,32(sp)
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc5e4 --- addi r5,r5,1 (0x1)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((140))
[Codegen] bfffc5e8 --- lis r7,0 (0x0)
[Codegen] bfffc5ec --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc5f0 --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc5f4 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc5f8 --- lis r12,385 (0x1810000)
[Codegen] bfffc5fc --- ori r12,r12,204 (0xcc)
[Codegen] bfffc600 --- lwz r0,0(r12)
[Codegen] bfffc604 --- cmplw cr0,r0,r6
[Codegen] bfffc608 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc608 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc610 --- or r9,sp,sp
[Codegen] bfffc614 --- bl .+8
[Codegen] ##setNextJump (bfffc614 -> 0000003c) (48000009)

[Codegen] #label     ((192))
[Codegen] ##linkPendedJump @ bfffc608
[Codegen] ##link2    ((0xbfffc608)) jumps to ((0xbfffc61c))
[Codegen] #label     ((192))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc61c --- and. r0,r7,r7
[Codegen] bfffc620 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc620 -> 00000048) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((204))
[Codegen] !!! Succeed
[Codegen] == jump(l) ==
[Codegen] bfffc628 --- b .+8
[Codegen] ##setNextJump (bfffc628 -> ffffffff) (48000008)

[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((212))
[Codegen] !!! PopCurrentPosition
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc630 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] bfffc634 --- lwz r5,0(r6)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] bfffc638 --- b .+8
[Codegen] ##setNextJump (bfffc638 -> 00000074) (48000008)

[Codegen] !!! Bind
[Codegen] #label     ((228))
[Codegen] ##linkPendedJump @ bfffc638
[Codegen] ##link2    ((0xbfffc638)) jumps to ((0xbfffc640))
[Codegen] #label     ((228))
[Codegen] ##linkPendedJump @ bfffc5c8
[Codegen] ##link2    ((0xbfffc5c8)) jumps to ((0xbfffc640))
[Codegen] #label     ((228))
[Codegen] ##linkPendedJump @ bfffc5a8
[Codegen] ##link2    ((0xbfffc5a8)) jumps to ((0xbfffc640))
[Codegen] #label     ((228))
[Codegen] !!! Bind
[Codegen] #label     ((228))
[Codegen] !!! CheckPosition(0)
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc640 --- cmplwi r5,0 (0x0)
[Codegen] bfffc644 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc644 -> ffffffff) (40800008)

[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc64c --- addi r5,r5,1 (0x1)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] bfffc650 --- b .+8
[Codegen] ##link2    ((0xbfffc650)) jumps to ((0xbfffc5a4))
[Codegen] !!! Bind
[Codegen] #label     ((252))
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((252))
[Codegen] !!! Fail
[Codegen] == movePtr(immw, reg) ==
[Codegen] bfffc658 --- li r7,2 (0x2)
[Codegen] == jump(l) ==
[Codegen] 0201f100 --- b .+8
[Codegen] ##setNextJump (0201f100 -> ffffffff) (48000008)

[Codegen] # Emitting exception tail stub
[Codegen] bfffaf2c --- lwz r3,12(sp)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffaf30 --- cmpwi r3,0 (0x0)
[Codegen] bfffaf34 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffaf34 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffaf3c --- cmpwi r3,1 (0x1)
[Codegen] bfffaf40 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffaf40 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffaf48 --- cmpwi r3,2 (0x2)
[Codegen] bfffaf4c --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffaf4c -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffaf54 --- cmpwi r3,3 (0x3)
[Codegen] bfffaf58 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffaf58 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffaf60 --- cmpwi r3,4 (0x4)
[Codegen] bfffaf64 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffaf64 -> ffffffff) (41820008)

[Codegen] bfffaf6c --- trap
[Codegen] #label     ((68))
[Codegen] ##linkPendedJump @ bfffaf34
[Codegen] ##link2    ((0xbfffaf34)) jumps to ((0xbfffaf70))
[Codegen] #label     ((68))
[Codegen] bfffaf70 --- lwz sp,4(sp)
[Codegen] bfffaf74 --- lwz r3,0(sp)
[Codegen] bfffaf78 --- mtspr ctr, r3
[Codegen] bfffaf7c --- addi sp,sp,4 (0x4)
[Codegen] == moveValue(jsval, vo) ==
[Codegen] == moveValue(jsval, reg, reg) ==
[Codegen] bfffaf80 --- li r6,-124 (0xffffff84)
[Codegen] bfffaf84 --- li r5,14 (0xe)
[Codegen] bfffaf88 --- bctr
[Codegen] #label     ((96))
[Codegen] ##linkPendedJump @ bfffaf40
[Codegen] ##link2    ((0xbfffaf40)) jumps to ((0xbfffaf8c))
[Codegen] #label     ((96))
[Codegen] bfffaf8c --- lwz r3,8(sp)
[Codegen] bfffaf90 --- mtspr ctr, r3
[Codegen] bfffaf94 --- lwz r13,0(sp)
[Codegen] bfffaf98 --- lwz sp,4(sp)
[Codegen] bfffaf9c --- bctr
[Codegen] #label     ((116))
[Codegen] ##linkPendedJump @ bfffaf4c
[Codegen] ##link2    ((0xbfffaf4c)) jumps to ((0xbfffafa0))
[Codegen] #label     ((116))
[Codegen] == [[ loadValue(reg, o) ==
[Codegen] == loadPayload(o, reg) ==
[Codegen] bfffafa0 --- lwz r5,20(sp)
[Codegen] == loadType(o, reg) ==
[Codegen] bfffafa4 --- lwz r4,16(sp)
[Codegen] ==    loadValue(reg, o) ]] ==
[Codegen] bfffafa8 --- lwz r3,8(sp)
[Codegen] bfffafac --- mtspr ctr, r3
[Codegen] bfffafb0 --- lwz r13,0(sp)
[Codegen] bfffafb4 --- lwz sp,4(sp)
[Codegen] == pushValue(jsval) ==
[Codegen] bfffafb8 --- addi sp,sp,4294967288 (0xfffffff8)
[Codegen] bfffafbc --- li r0,1 (0x1)
[Codegen] bfffafc0 --- li r12,-125 (0xffffff83)
[Codegen] bfffafc4 --- stw r0,4(sp)
[Codegen] bfffafc8 --- stw r12,0(sp)
[Codegen] == pushValue(vo) ==
[Codegen] bfffafcc --- addi sp,sp,4294967288 (0xfffffff8)
[Codegen] bfffafd0 --- stw r5,4(sp)
[Codegen] bfffafd4 --- stw r4,0(sp)
[Codegen] bfffafd8 --- bctr
[Codegen] #label     ((176))
[Codegen] ##linkPendedJump @ bfffaf58
[Codegen] ##link2    ((0xbfffaf58)) jumps to ((0xbfffafdc))
[Codegen] #label     ((176))
[Codegen] bfffafdc --- lwz r13,0(sp)
[Codegen] bfffafe0 --- lwz sp,4(sp)
[Codegen] == loadValue(adr, vo) ==
[Codegen] == [[ loadValue(reg, o) ==
[Codegen] == loadPayload(o, reg) ==
[Codegen] bfffafe4 --- lwz r5,-32(r13)
[Codegen] == loadType(o, reg) ==
[Codegen] bfffafe8 --- lwz r6,-36(r13)
[Codegen] ==    loadValue(reg, o) ]] ==
[Codegen] bfffafec --- or sp,r13,r13
[Codegen] == pop(reg) ==
[Codegen] bfffaff0 --- lwz r13,0(sp)
[Codegen] bfffaff4 --- addi sp,sp,4 (0x4)
[Codegen] == retn(imm) ==
[Codegen] bfffaff8 --- lwz r0,0(sp)
[Codegen] bfffaffc --- mtspr ctr, r0
[Codegen] bfffb000 --- addi sp,sp,4 (0x4)
[Codegen] bfffb004 --- bctr
[Codegen] #label     ((220))
[Codegen] ##linkPendedJump @ bfffaf64
[Codegen] ##link2    ((0xbfffaf64)) jumps to ((0xbfffb008))
[Codegen] #label     ((220))
[Codegen] bfffb008 --- lwz r4,8(sp)
[Codegen] bfffb00c --- mtspr ctr, r4
[Codegen] bfffb010 --- li r3,0 (0x0)
[Codegen] bfffb014 --- lwz r5,24(sp)
[Codegen] bfffb018 --- bctr
[Codegen]  -- FLUSHING CONSTANT POOL WITH 15 CONSTANTS --

[Codegen]  -- FLUSHING CONSTANT POOL WITH 0 CONSTANTS --

[Codegen] ##executableCopy finished to 0188d010
[Codegen] !!! GenerateCode
[Codegen] #label     ((264))
[Codegen] ##linkPendedJump @ 0201f000
[Codegen] ##link2    ((0x201f000)) jumps to ((0x201f108))
[Codegen] #label     ((264))
[Codegen] 0201f108 --- mfspr r0,lr
[Codegen] == push(reg) ==
[Codegen] 0201f10c --- stwu r0,-4(sp)
[Codegen] == push(reg) ==
[Codegen] 0201f110 --- stwu r3,-4(sp)
[Codegen] == reserveStack(u32) ==
[Codegen] 0201f114 --- subi sp,sp,40
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] 0201f118 --- lis r12,385 (0x1810000)
[Codegen] 0201f11c --- ori r12,r12,192 (0xc0)
[Codegen] 0201f120 --- lwz r0,0(r12)
[Codegen] 0201f124 --- cmplw cr0,r0,sp
[Codegen] 0201f128 --- bc 12, 0, 8
[Codegen] ##setNextJump (0201f128 -> ffffffff) (41800008)

[Codegen] == movePtr(immw, reg) ==
[Codegen] 0201f130 --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 0201f134 --- b .+8
[Codegen] ##setNextJump (0201f134 -> ffffffff) (48000008)

[Codegen] #label     ((316))
[Codegen] ##linkPendedJump @ 0201f128
[Codegen] ##link2    ((0x201f128)) jumps to ((0x201f13c))
[Codegen] #label     ((316))
[Codegen] 0201f13c --- trap
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0201f140 --- lwz r7,40(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0201f144 --- lwz r3,12(r7)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0201f148 --- lwz r8,8(r3)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f14c --- stw r8,12(sp)
[Codegen] == load32(adr, reg) ==
[Codegen] 0201f150 --- lwz r8,4(r3)
[Codegen] == lshiftPtr(imm, reg) ==
[Codegen] 0201f154 --- slwi r8,r8,1
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f158 --- stw r8,16(sp)
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] 0201f15c --- cmplwi r8,2 (0x2)
[Codegen] 0201f160 --- bc 4, 0, 8
[Codegen] ##setNextJump (0201f160 -> ffffffff) (40800008)

[Codegen] == reserveStack(u32) ==
[Codegen] 0201f168 --- subi sp,sp,32
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f16c --- stw r10,28(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f170 --- stw r9,24(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f174 --- stw r8,20(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f178 --- stw r7,16(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f17c --- stw r6,12(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f180 --- stw r5,8(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f184 --- stw r4,4(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0201f188 --- stw r3,0(sp)
[Codegen] == reserveStack(u32) ==
[Codegen] 0201f18c --- subi sp,sp,88
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f190 --- stfd f13,80(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f194 --- stfd f12,72(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f198 --- stfd f11,64(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f19c --- stfd f10,56(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1a0 --- stfd f9,48(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1a4 --- stfd f8,40(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1a8 --- stfd f7,32(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1ac --- stfd f6,24(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1b0 --- stfd f5,16(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1b4 --- stfd f4,8(sp)
[Codegen] == storeDouble(fpr, adr) ==
[Codegen] 0201f1b8 --- stfd f3,0(sp)
[Codegen] == setupUnalignedABICall ==
[Codegen] == movePtr(immptr, reg) ==
[Codegen] 0201f1bc --- lis r3,109 (0x6d0000)
[Codegen] 0201f1c0 --- ori r3,r3,44428 (0xad8c)
[Codegen] state, passABIArg: gprs 0 fprs 0

[Codegen] == [[ callWithABI  ==
[Codegen] == freeStack(u32) ==
[Codegen] 0201f1c4 --- andi. r0,sp,15 (0xf)
[Codegen] 0201f1c8 --- or r16,sp,sp
[Codegen] 0201f1cc --- subf sp,r0,sp
[Codegen] 0201f1d0 --- subi sp,sp,256
[Codegen] 0201f1d4 --- stw r18,0(sp)
[Codegen] 0201f1d8 --- mfspr r18,lr
[Codegen] == checkStackAlignmentPriorToABICall() ==
[Codegen] 0201f1dc --- andi. r0,sp,15 (0xf)
[Codegen] 0201f1e0 --- bc 12, 2, 8
[Codegen] ##setNextJump (0201f1e0 -> ffffffff) (41820008)

[Codegen] 0201f1e8 --- trap
[Codegen] #label     ((492))
[Codegen] ##linkPendedJump @ 0201f1e0
[Codegen] ##link2    ((0x201f1e0)) jumps to ((0x201f1ec))
[Codegen] #label     ((492))
[Codegen] 0201f1ec --- bl .+8
[Codegen] ##addPendingCall offs 000001ec to 00343264

[Codegen] 0201f1f4 --- mtspr lr, r18
[Codegen] 0201f1f8 --- lwz r18,0(sp)
[Codegen] 0201f1fc --- or sp,r16,r16
[Codegen] ==    callWithABI ]] ==
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0201f200 --- lfd f13,80(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e404 --- lfd f12,72(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e408 --- lfd f11,64(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e40c --- lfd f10,56(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e410 --- lfd f9,48(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e414 --- lfd f8,40(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e418 --- lfd f7,32(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e41c --- lfd f6,24(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e420 --- lfd f5,16(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e424 --- lfd f4,8(sp)
[Codegen] == loadDouble(adr, fpr) ==
[Codegen] 0207e428 --- lfd f3,0(sp)
[Codegen] == freeStack(u32) ==
[Codegen] 0207e42c --- addi sp,sp,88 (0x58)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e430 --- lwz r10,28(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e434 --- lwz r9,24(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e438 --- lwz r8,20(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e43c --- lwz r7,16(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e440 --- lwz r6,12(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e444 --- lwz r5,8(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e448 --- lwz r4,4(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e44c --- lwz r3,0(sp)
[Codegen] == freeStack(u32) ==
[Codegen] 0207e450 --- addi sp,sp,32 (0x20)
[Codegen] 0207e454 --- trap
[Codegen] #label     ((600))
[Codegen] ##linkPendedJump @ 0207e360
[Codegen] ##link2    ((0x207e360)) jumps to ((0x207e458))
[Codegen] #label     ((600))
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e458 --- lwz r3,4(r7)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e45c --- lwz r5,0(r7)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e460 --- stw r5,0(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e464 --- lwz r8,8(r7)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e468 --- stw r8,4(sp)
[Codegen] == subPtr(reg, reg) ==
[Codegen] 0207e46c --- subf r5,r5,r3
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] 0207e470 --- addi r7,r5,4294967295 (0xffffffff)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e474 --- stw r7,8(sp)
[Codegen] == computeEffectiveAddress(bi, reg) ==
[Codegen] 0207e478 --- add r5,r5,r8
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(adr, immw) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e47c --- lwz r0,4(sp)
[Codegen] 0207e480 --- li r12,0 (0x0)
[Codegen] 0207e484 --- cmplw cr0,r0,r12
[Codegen] 0207e488 --- bc 4, 2, 8
[Codegen] ##setNextJump (0207e488 -> ffffffff) (40820008)

[Codegen] == movePtr(immw, reg) ==
[Codegen] 0207e490 --- li r4,10 (0xa)
[Codegen] == jump(l) ==
[Codegen] 0207e494 --- b .+8
[Codegen] ##setNextJump (0207e494 -> ffffffff) (48000008)

[Codegen] #label     ((668))
[Codegen] ##linkPendedJump @ 0207e488
[Codegen] ##link2    ((0x207e488)) jumps to ((0x207e49c))
[Codegen] #label     ((668))
[Codegen] !!! LoadCurrentCharacterUnchecked(-1, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 0207e49c --- addi r12,r5,4294967295 (0xffffffff)
[Codegen] 0207e4a0 --- lbzx r4,r3,r12
[Codegen] #label     ((676))
[Codegen] ##linkPendedJump @ 0207e494
[Codegen] ##link2    ((0x207e494)) jumps to ((0x207e4a4))
[Codegen] #label     ((676))
[Codegen] 0207e4a4 --- trap
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4a8 --- stw r7,28(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4ac --- stw r7,32(sp)
[Codegen] == loadPtr(aadr, reg) ==
[Codegen] 0207e4b0 --- lis r12,385 (0x1810000)
[Codegen] 0207e4b4 --- ori r12,r12,196 (0xc4)
[Codegen] 0207e4b8 --- lwz r6,0(r12)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4bc --- stw r6,24(sp)
[Codegen] == jump(l) ==
[Codegen] 0207e4c0 --- b .+8
[Codegen] ##link2    ((0x207e4c0)) jumps to ((0x207e208))
[Codegen] #label     ((712))
[Codegen] ##linkPendedJump @ 0207e2cc
[Codegen] ##link2    ((0x207e2cc)) jumps to ((0x207e4c8))
[Codegen] #label     ((712))
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4c8 --- lwz r8,12(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4cc --- lwz r7,40(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4d0 --- lwz r6,4(r7)
[Codegen] == subPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4d4 --- lwz r0,0(r7)
[Codegen] 0207e4d8 --- subf r6,r6,r0
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4dc --- lwz r7,28(sp)
[Codegen] == addPtr(reg, reg) ==
[Codegen] 0207e4e0 --- add r7,r6,r7
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4e4 --- stw r7,0(r8)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4e8 --- lwz r7,32(sp)
[Codegen] == addPtr(reg, reg) ==
[Codegen] 0207e4ec --- add r7,r6,r7
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4f0 --- stw r7,4(r8)
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0207e4f4 --- li r7,1 (0x1)
[Codegen] #label     ((760))
[Codegen] ##linkPendedJump @ 0207e300
[Codegen] ##link2    ((0x207e300)) jumps to ((0x207e4f8))
[Codegen] #label     ((760))
[Codegen] #label     ((760))
[Codegen] ##linkPendedJump @ 0207e334
[Codegen] ##link2    ((0x207e334)) jumps to ((0x207e4f8))
[Codegen] #label     ((760))
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e4f8 --- lwz r8,40(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e4fc --- stw r7,16(r8)
[Codegen] 0207e500 --- trap
[Codegen] == freeStack(u32) ==
[Codegen] 0207e504 --- addi sp,sp,44 (0x2c)
[Codegen] == pop(reg) ==
[Codegen] 0207e508 --- lwz r0,0(sp)
[Codegen] 0207e50c --- addi sp,sp,4 (0x4)
[Codegen] 0207e510 --- mtspr lr, r0
[Codegen] == abiret() ==
[Codegen] 0207e514 --- blr
[Codegen] #label     ((792))
[Codegen] ##linkPendedJump @ 0207e2e8
[Codegen] ##link2    ((0x207e2e8)) jumps to ((0x207e518))
[Codegen] #label     ((792))
[Codegen] !!! Backtrack
[Codegen] == [[ branch32(cond, aadr, imm, l) ==
[Codegen] == load32(aadr, reg) ==
[Codegen] 0207e518 --- lis r12,385 (0x1810000)
[Codegen] 0207e51c --- ori r12,r12,240 (0xf0)
[Codegen] 0207e520 --- lwz r12,0(r12)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 0207e524 --- cmpwi r12,0 (0x0)
[Codegen] 0207e528 --- bc 12, 2, 8
[Codegen] ##setNextJump (0207e528 -> ffffffff) (41820008)

[Codegen] ==    branch32(cond, aadr, imm, l) ]] ==
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0207e530 --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 0207e534 --- b .+8
[Codegen] ##link2    ((0x207e534)) jumps to ((0x207e4f8))
[Codegen] #label     ((828))
[Codegen] ##linkPendedJump @ 0207e528
[Codegen] ##link2    ((0x207e528)) jumps to ((0x207e53c))
[Codegen] #label     ((828))
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 0207e53c --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e540 --- lwz r7,0(r6)
[Codegen] == jump(reg) ==
[Codegen] 0207e544 --- mtspr ctr, r7
[Codegen] 0207e548 --- bctr
[Codegen] #label     ((844))
[Codegen] ##linkPendedJump @ 0207e2b8
[Codegen] ##link2    ((0x207e2b8)) jumps to ((0x207e54c))
[Codegen] #label     ((844))
[Codegen] ##linkPendedJump @ 0207e234
[Codegen] ##link2    ((0x207e234)) jumps to ((0x207e54c))
[Codegen] #label     ((844))
[Codegen] == movePtr(immptr, reg) ==
[Codegen] 0207e54c --- lis r8,385 (0x1810000)
[Codegen] 0207e550 --- mfspr r0,lr
[Codegen] == push(reg) ==
[Codegen] 0207e554 --- stwu r0,-4(sp)
[Codegen] == reserveStack(u32) ==
[Codegen] 0207e558 --- subi sp,sp,24
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e55c --- stw r10,20(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e560 --- stw r9,16(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e564 --- stw r6,12(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e568 --- stw r5,8(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e56c --- stw r4,4(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e570 --- stw r3,0(sp)
[Codegen] == reserveStack(u32) ==
[Codegen] == setupUnalignedABICall ==
[Codegen] state, passABIArg: gprs 0 fprs 0

[Codegen] == [[ callWithABI  ==
[Codegen] 0207e574 --- or r3,r8,r8
[Codegen] == freeStack(u32) ==
[Codegen] 0207e578 --- andi. r0,sp,15 (0xf)
[Codegen] 0207e57c --- or r16,sp,sp
[Codegen] 0207e580 --- subf sp,r0,sp
[Codegen] 0207e584 --- subi sp,sp,256
[Codegen] 0207e588 --- stw r18,0(sp)
[Codegen] 0207e58c --- mfspr r18,lr
[Codegen] == checkStackAlignmentPriorToABICall() ==
[Codegen] 0207e590 --- andi. r0,sp,15 (0xf)
[Codegen] 0207e594 --- bc 12, 2, 8
[Codegen] ##setNextJump (0207e594 -> ffffffff) (41820008)

[Codegen] 0207e59c --- trap
[Codegen] #label     ((928))
[Codegen] ##linkPendedJump @ 0207e594
[Codegen] ##link2    ((0x207e594)) jumps to ((0x207e5a0))
[Codegen] #label     ((928))
[Codegen] 0207e5a0 --- bl .+8
[Codegen] ##addPendingCall offs 000003a0 to 001d99e0

[Codegen] 0207e5a8 --- mtspr lr, r18
[Codegen] 0207e5ac --- lwz r18,0(sp)
[Codegen] 0207e5b0 --- or sp,r16,r16
[Codegen] ==    callWithABI ]] ==
[Codegen] == mov(reg, reg) ==
[Codegen] 0207e5b4 --- or r7,r3,r3
[Codegen] == freeStack(u32) ==
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5b8 --- lwz r10,20(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5bc --- lwz r9,16(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5c0 --- lwz r6,12(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5c4 --- lwz r5,8(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5c8 --- lwz r4,4(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5cc --- lwz r3,0(sp)
[Codegen] == freeStack(u32) ==
[Codegen] 0207e5d0 --- addi sp,sp,24 (0x18)
[Codegen] == pop(reg) ==
[Codegen] 0207e5d4 --- lwz r0,0(sp)
[Codegen] 0207e5d8 --- addi sp,sp,4 (0x4)
[Codegen] 0207e5dc --- mtspr lr, r0
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] 0207e5e0 --- and. r0,r7,r7
[Codegen] 0207e5e4 --- bc 12, 2, 8
[Codegen] ##setNextJump (0207e5e4 -> ffffffff) (41820008)

[Codegen] == subPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e5ec --- lwz r0,24(r9)
[Codegen] 0207e5f0 --- subf r6,r6,r0
[Codegen] == loadPtr(aadr, reg) ==
[Codegen] 0207e5f4 --- lis r12,385 (0x1810000)
[Codegen] 0207e5f8 --- ori r12,r12,196 (0xc4)
[Codegen] 0207e5fc --- lwz r8,0(r12)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e600 --- stw r8,24(r9)
[Codegen] == addPtr(reg, reg) ==
[Codegen] 0207e604 --- add r6,r8,r6
[Codegen] #label     ((1032))
[Codegen] ##linkPendedJump @ 0207e5e4
[Codegen] ##link2    ((0x207e5e4)) jumps to ((0x207e608))
[Codegen] #label     ((1032))
[Codegen] == abiret() ==
[Codegen] 0207e608 --- blr
[Codegen] #label     ((1036))
[Codegen] ##linkPendedJump @ 0207e2c4
[Codegen] ##link2    ((0x207e2c4)) jumps to ((0x207e60c))
[Codegen] #label     ((1036))
[Codegen] ##linkPendedJump @ 0207e240
[Codegen] ##link2    ((0x207e240)) jumps to ((0x207e60c))
[Codegen] #label     ((1036))
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0207e60c --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 0207e610 --- b .+8
[Codegen] ##link2    ((0x207e610)) jumps to ((0x207e4f8))
[Codegen]  -- FLUSHING CONSTANT POOL WITH 84 CONSTANTS --

[Codegen]  -- FLUSHING CONSTANT POOL WITH 0 CONSTANTS --

[Codegen] ##pendingJump 018a1b0c from 000001ec -> 00343264
[Codegen] ##pendingJump 018a1cc0 from 000003a0 -> 001d99e0
[Codegen] ##executableCopy finished to 018a1920

[Codegen] ##PatchDataWithValueCheck evaluating lis=018a1928 ori=018a192c
[Codegen] ##PatchDataWithValueCheck evaluating lis=018a19ac ori=018a19b0
[Codegen]  -- FLUSHING CONSTANT POOL WITH 0 CONSTANTS --

[Codegen] Created RegExp (raw 0x18a1920 length 1384)

Original comment by classi...@floodgap.com on 27 Aug 2014 at 3:36

If I put a trap in the call to the SpecialCharacterClass, it never gets called!

Original comment by classi...@floodgap.com on 27 Aug 2014 at 3:48

CheckPosition(0) is failing. r5 is 1.

Original comment by classi...@floodgap.com on 27 Aug 2014 at 3:55

I think we're going wrong somewhere in here, but I'm not sure what the state of 
the registers is supposed to be.

[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e458 --- lwz r3,4(r7)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e45c --- lwz r5,0(r7)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e460 --- stw r5,0(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0207e464 --- lwz r8,8(r7)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e468 --- stw r8,4(sp)
[Codegen] == subPtr(reg, reg) ==
[Codegen] 0207e46c --- subf r5,r5,r3
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] 0207e470 --- addi r7,r5,4294967295 (0xffffffff)
[Codegen] == store32(reg, adr) ==
[Codegen] 0207e474 --- stw r7,8(sp)
[Codegen] == computeEffectiveAddress(bi, reg) ==
[Codegen] 0207e478 --- add r5,r5,r8

Original comment by classi...@floodgap.com on 27 Aug 2014 at 4:09

(gdb) 
0x018a1b84 in ?? ()
11: x/i $pc  0x18a1b84: lwz     r3,4(r7)
10: x/i $pc + 4  0x18a1b88:     lwz     r5,0(r7)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x2
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x80
4: /x $r4 = 0x48
3: /x $r3 = 0xbfffe348
(gdb) 
0x018a1b88 in ?? ()
11: x/i $pc  0x18a1b88: lwz     r5,0(r7)
10: x/i $pc + 4  0x18a1b8c:     stw     r5,0(r1)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x2
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x80
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1b8c in ?? ()
11: x/i $pc  0x18a1b8c: stw     r5,0(r1)
10: x/i $pc + 4  0x18a1b90:     lwz     r8,8(r7)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x2
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x1b00328
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1b90 in ?? ()
11: x/i $pc  0x18a1b90: lwz     r8,8(r7)
10: x/i $pc + 4  0x18a1b94:     stw     r8,4(r1)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x2
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x1b00328
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1b94 in ?? ()
11: x/i $pc  0x18a1b94: stw     r8,4(r1)
10: x/i $pc + 4  0x18a1b98:     subf    r5,r5,r3
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x0
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x1b00328
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1b98 in ?? ()
11: x/i $pc  0x18a1b98: subf    r5,r5,r3
10: x/i $pc + 4  0x18a1b9c:     addi    r7,r5,-1
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x0
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x1b00328
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1b9c in ?? ()
11: x/i $pc  0x18a1b9c: addi    r7,r5,-1
10: x/i $pc + 4  0x18a1ba0:     stw     r7,8(r1)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x0
7: /x $r7 = 0xbfffe180
6: /x $r6 = 0x0
5: /x $r5 = 0x1
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1ba0 in ?? ()
11: x/i $pc  0x18a1ba0: stw     r7,8(r1)
10: x/i $pc + 4  0x18a1ba4:     add     r5,r5,r8
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x0
7: /x $r7 = 0x0
6: /x $r6 = 0x0
5: /x $r5 = 0x1
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329
(gdb) 
0x018a1ba4 in ?? ()
11: x/i $pc  0x18a1ba4: add     r5,r5,r8
10: x/i $pc + 4  0x18a1ba8:     lwz     r0,4(r1)
9: /x $r1 = 0xbfffe110
8: /x $r8 = 0x0
7: /x $r7 = 0x0
6: /x $r6 = 0x0
5: /x $r5 = 0x1
4: /x $r4 = 0x48
3: /x $r3 = 0x1b00329

Original comment by classi...@floodgap.com on 27 Aug 2014 at 4:09

It seems like r5 should be negative, so that lbzx r4,r3,r5 gets 0x1b00329 - 1 = 
0x1b00328, which is the number 1.

Original comment by classi...@floodgap.com on 27 Aug 2014 at 4:24

Fixed subPtr, and print("12".match(/1./)) no longer crashes, but it still 
doesn't work.

Original comment by classi...@floodgap.com on 30 Aug 2014 at 4:57

The lhzx/lwz for loading characters for matches did so big-endian, but the 
match masks were little-endian. Replacing them with lhbrx/lwbrx properly swaps 
the bytes, so it finds something, but the offsets are wrong:

Starting program: /Volumes/BruceDeuce/src/mozilla-33a/obj-ff-dbg/dist/bin/js 
--no-ion --no-baseline --no-native-regexp
warning: Could not find malloc init callback function.  
Make sure malloc is initialized before calling functions.
Reading symbols for shared libraries 
...........................................................................++ 
done
js> print("1".match(/./))
check() 1 0
check() 1 0
1

Starting program: /Volumes/BruceDeuce/src/mozilla-33a/obj-ff-dbg/dist/bin/js 
--no-ion --no-baseline
warning: Could not find malloc init callback function.  
Make sure malloc is initialized before calling functions.
Reading symbols for shared libraries 
...........................................................................++ 
done
js> print("1".match(/./))
check() -1 -2
Assertion failure: start == -1, at 
/Volumes/BruceDeuce/src/mozilla-33a/js/src/vm/MatchPairs.h:50

Original comment by classi...@floodgap.com on 2 Sep 2014 at 12:56

js> print("12".match(/1./))
check() 2 0
check() 2 0
12

js> print("12".match(/1./))
check() -2 -4
Assertion failure: start == -1, at 
/Volumes/BruceDeuce/src/mozilla-33a/js/src/vm/MatchPairs.h:50

Original comment by classi...@floodgap.com on 2 Sep 2014 at 1:04

Found another problem with subPtr. These now work!!

Original comment by classi...@floodgap.com on 2 Sep 2014 at 2:52

Passes V8!

Original comment by classi...@floodgap.com on 2 Sep 2014 at 2:59

Failing basic/bug599854.js. The first two regexps work fine. The third doesn't:

/<script\s*(?![^>]*type=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:src=(['"]?)([^>
]*?)\1[^>]*)?)*>([\s\S]*?)<\/script>/gi.exec('<script type="text/javascript" 
src="..."></script>')

Correct answer, with --no-native-regexp:
["<script type=\"text/javascript\" src=\"...\"></script>", "\"", "...", ""]

With --no-baseline, it generates, incorrectly,
["<script type=\"text/javascript\" src=\"...\"></script>", "", "", ""]

With --baseline-eager, it CRASHES:

Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
0xbfffdcb0 in ?? () << WTF?
(gdb) bt 3
#0  0xbfffdcb0 in ?? ()
Cannot access memory at address 0x0
#1  0x018a5a5c in ?? ()
Cannot access memory at address 0x0
Cannot access memory at address 0x8
(gdb) bt 5
#0  0xbfffdcb0 in ?? ()
#1  0x018a5a5c in ?? ()
Cannot access memory at address 0x8
(gdb)

It does not crash, *and* gets the right answer, with --baseline-eager 
--no-native-regexp.

Current working theory: when it expands the stack for backtracking, it does not 
properly unwind it.

Original comment by classi...@floodgap.com on 3 Sep 2014 at 3:08

As the length of the pattern shortens, its behaviour changes:

/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/javascript" s="...">')
still crashes

/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/j" s="...">')
does not crash, but yields same wrong answer

/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*([\s\S]*?)/gi.exec('st="text/j" s="..."')
YIELDS CORRECT ANSWER

js> 
/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*([\s\S]*?)/gi.exec('st="text/j" s="..."')
["st=\"text/j\" s=\"...\"", "\"", "...", ""]
js> 
/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/j" s="...">')
["st=\"text/j\" s=\"...\">", "", "", ""]
js> 
/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/javascript" s="...">')

Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
0xbfffde60 in ?? ()

Original comment by classi...@floodgap.com on 3 Sep 2014 at 3:29

The crashing versions do indeed trap on GrowBacktrackStack. (Oddly, the wrong 
answer one didn't.)

Original comment by classi...@floodgap.com on 3 Sep 2014 at 3:36

By expanding the base stack allocation, we don't crash anymore, but the answer 
is still wrong. So we should explore that.

Original comment by classi...@floodgap.com on 3 Sep 2014 at 3:54

Distilled down to a minimal test case:

/<script\s*(?![^>]*type=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:src=(['"]?)([^>
]*?)\1[^>]*)?)*>([\s\S]*?)<\/script>/gi.exec('<script type="text/javascript" 
src="..."></script>')

/s(?![^>]*type=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:src=(['"]?)([^>]*?)\1[^>
]*)?)*>([\s\S]*?)<\/script>/gi.exec('stype="text/javascript" 
src="..."></script>')

/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)<\/script>/gi.exec('st="text/javascript" s="..."></script>')

/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/javascript" s="...">')

DOES NOT CRASH (but still wrong)
/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*>([\s\S]*?)/gi.exec('st="text/j" s="...">')
/s(?![^>]*t=['"]?(?:dojo\/|text\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)
*.([\s\S]*?)/gi.exec('st="text/j" s="...">')

/s(?![^>]*t=['"]?(?:dojo\/|tex\/html\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)*
.([\s\S]*?)/gi.exec('st="tex/j" s="...">')
/s(?![^>]*t=['"]?(?:d|tl\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)*.([\s\S]*?)/
gi.exec('st="tex/j" s="...">')

/s(?![^>]*t=['"]?(?:d|tl\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1[^>]*)?)*./gi.exec('s
t="tex/j" s="...">')

/s(?![^>]*t=['"]?(?:d|tl\b))(?:[^>]*?(?:s=(['"]?)([^>]*?)\1)?)*./gi.exec('st="te
x/j" s="...">') << becomes void 0 instead of "" (still correct in 31-js)

/s(?:[^>]*?(?:s=(['"]?)([^>]*?)\1)?)*./gi.exec('ss="...">')

/s(?:(?:s=(['"]?)([^>]*?)\1)?)*./gi.exec('ss="...">') << wrong, and wrong first 
string too

/(?:(?:s=(['"]?)([^>]*?)\1)?)*./gi.exec('s="...">')

/(?:(?:s(['"]?)([^>]*?)\1)?)*./gi.exec('s".">')

/(?:(?:s(['"]?)(.)\1)?)*./gi.exec('s".">') << still wrong

/(?:(?:(['"]?)(.)\1)?)*./gi.exec('".">')

/(?:(?:(.)(.)\1)?)*./gi.exec('".">')

/(?:(?:(.)(.).)?)*./gi.exec('".">') << CORRECT
/(?:(?:(.)(.)\1)?)./gi.exec('".">')

/(?:(?:(.)(.)\1)?)/gi.exec('"."') << CORRECT
/(?:(?:(.)\1)?)./gi.exec('"">')
/(?:(?:(.)\1))./gi.exec('"">')
/(?:(?:(.)\1))/gi.exec('""') << CORRECT

So the minimal case appears to be /(?:(?:(.)\1))./gi.exec('"">') .

31:
["\"\"", "\""]
33:
null

Original comment by classi...@floodgap.com on 3 Sep 2014 at 4:28

Correction, /(?:(.)\1)./.exec('"">') is smaller still.

31:
js> /(?:(.)\1)./.exec('"">')
["\"\">", "\""]
33:
null

Making it .. or . or anything eliminating the capture and backtrack w/i the 
non-capturing parentheses is okay, along with eliminating the final capture.

Original comment by classi...@floodgap.com on 3 Sep 2014 at 4:46

GNU gdb 6.3.50-20050815 (Apple version gdb-768 TenFourFox patch 2) (Sun Oct  6 
02:44:03 GMT 2013)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-apple-darwin"...
warning: --arch option not supported in this gdb.
Reading symbols for shared libraries ........... done

(gdb) run
Starting program: /Volumes/BruceDeuce/src/mozilla-33a/obj-ff-dbg/dist/bin/js 
--no-ion --no-baseline
warning: Could not find malloc init callback function.  
Make sure malloc is initialized before calling functions.
Reading symbols for shared libraries 
...........................................................................++ 
done
js> /(?:(.)\1)./.exec('"">')

[Codegen] Starting RegExp (input_end_pointer r3) (current_character r4) 
(current_position r5) (backtrack_stack_pointer r6) (temp0 r7) temp1 (r8) temp2 
(r9)
[Codegen] == jump(l) ==
[Codegen] bfffc46c --- b .+8
[Codegen] ##setNextJump (bfffc46c -> ffffffff) (48000008)

[Codegen] #label     ((8))
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((8))
[Codegen] bfffc474 --- lis r7,0 (0x0)
[Codegen] bfffc478 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc47c --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc480 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc484 --- lis r12,385 (0x1810000)
[Codegen] bfffc488 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc48c --- lwz r0,0(r12)
[Codegen] bfffc490 --- cmplw cr0,r0,r6
[Codegen] bfffc494 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc494 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc49c --- or r9,sp,sp
[Codegen] bfffc4a0 --- bl .+8
[Codegen] ##setNextJump (bfffc4a0 -> ffffffff) (48000009)

[Codegen] #label     ((60))
[Codegen] ##linkPendedJump @ bfffc494
[Codegen] ##link2    ((0xbfffc494)) jumps to ((0xbfffc4a8))
[Codegen] #label     ((60))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc4a8 --- and. r0,r7,r7
[Codegen] bfffc4ac --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc4ac -> ffffffff) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! LoadCurrentCharacter(0, 1)
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc4b4 --- cmpwi r5,0 (0x0)
[Codegen] bfffc4b8 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc4b8 -> ffffffff) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] bfffc4c0 --- lbzx r4,r3,r5
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] bfffc4c4 --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] bfffc4c8 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4cc --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] bfffc4d0 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc4d4 --- cmplwi r7,1 (0x1)
[Codegen] bfffc4d8 --- bc 4, 1, 8
[Codegen] ##setNextJump (bfffc4d8 -> 00000054) (40810008)

[Codegen] !!! PushCurrentPosition
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4e0 --- stw r5,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4e4 --- addi r6,r6,4 (0x4)
[Codegen] !!! WriteCurrentPositionToRegister(0, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4e8 --- stw r5,28(sp)
[Codegen] !!! WriteCurrentPositionToRegister(2, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4ec --- stw r5,36(sp)
[Codegen] !!! WriteCurrentPositionToRegister(3, 1)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] bfffc4f0 --- addi r7,r5,1 (0x1)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4f4 --- stw r7,40(sp)
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4f8 --- addi r5,r5,1 (0x1)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((144))
[Codegen] bfffc4fc --- lis r7,0 (0x0)
[Codegen] bfffc500 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc504 --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc508 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc50c --- lis r12,385 (0x1810000)
[Codegen] bfffc510 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc514 --- lwz r0,0(r12)
[Codegen] bfffc518 --- cmplw cr0,r0,r6
[Codegen] bfffc51c --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc51c -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc524 --- or r9,sp,sp
[Codegen] bfffc528 --- bl .+8
[Codegen] ##setNextJump (bfffc528 -> 0000003c) (48000009)

[Codegen] #label     ((196))
[Codegen] ##linkPendedJump @ bfffc51c
[Codegen] ##link2    ((0xbfffc51c)) jumps to ((0xbfffc530))
[Codegen] #label     ((196))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc530 --- and. r0,r7,r7
[Codegen] bfffc534 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc534 -> 00000048) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((208))
[Codegen] !!! CheckNotBackReference(2)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] bfffc53c --- lwz r4,36(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] bfffc540 --- lwz r7,40(sp)
[Codegen] == subPtr(reg, reg) ==
[Codegen] bfffc544 --- subf r7,r4,r7
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc548 --- cmplwi r7,0 (0x0)
[Codegen] bfffc54c --- bc 12, 0, 8
[Codegen] ##setNextJump (bfffc54c -> ffffffff) (41800008)

[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc554 --- cmplwi r7,0 (0x0)
[Codegen] bfffc558 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc558 -> ffffffff) (41820008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc560 --- or r8,r5,r5
[Codegen] == addPtr(reg, reg) ==
[Codegen] bfffc564 --- add r8,r7,r8
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc568 --- cmplwi r8,0 (0x0)
[Codegen] 02017900 --- bc 12, 1, 8
[Codegen] ##setNextJump (02017900 -> 000000e8) (41810008)

[Codegen] == push(reg) ==
[Codegen] 02017908 --- stwu r6,-4(sp)
[Codegen] == computeEffectiveAddress(bi, reg) ==
[Codegen] 0201790c --- add r8,r3,r5
[Codegen] == addPtr(reg, reg) ==
[Codegen] 02017910 --- add r4,r3,r4
[Codegen] == computeEffectiveAddress(bi, reg) ==
[Codegen] 02017914 --- add r6,r7,r8
[Codegen] #label     ((280))
[Codegen] == load8ZeroExtend(adr, reg) ==
[Codegen] 02017918 --- lbz r7,0(r4)
[Codegen] == load8ZeroExtend(adr, reg) ==
[Codegen] 0201791c --- lbz r9,0(r8)
[Codegen] == branch32(cond, reg, reg, l) ==
[Codegen] 02017920 --- cmpw cr0,r7,r9
[Codegen] 02017924 --- bc 4, 2, 8
[Codegen] ##setNextJump (02017924 -> ffffffff) (40820008)

[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 0201792c --- addi r4,r4,1 (0x1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02017930 --- addi r8,r8,1 (0x1)
[Codegen] == branchPtr(cond, reg, reg, l) ==
[Codegen] 02017934 --- cmplw cr0,r8,r6
[Codegen] 02017938 --- bc 12, 0, 8
[Codegen] ##link2    ((0x2017938)) jumps to ((0x2017918))
[Codegen] == jump(l) ==
[Codegen] 02017940 --- b .+8
[Codegen] ##setNextJump (02017940 -> ffffffff) (48000008)

[Codegen] #label     ((328))
[Codegen] ##linkPendedJump @ 02017924
[Codegen] ##link2    ((0x2017924)) jumps to ((0x2017948))
[Codegen] #label     ((328))
[Codegen] == pop(reg) ==
[Codegen] 02017948 --- lwz r6,0(sp)
[Codegen] 0201794c --- addi sp,sp,4 (0x4)
[Codegen] !!! JumpOrBacktrack
[Codegen] !!! Backtrack
[Codegen] == [[ branch32(cond, aadr, imm, l) ==
[Codegen] == load32(aadr, reg) ==
[Codegen] 02017950 --- lis r12,385 (0x1810000)
[Codegen] 02017954 --- ori r12,r12,240 (0xf0)
[Codegen] 02017958 --- lwz r12,0(r12)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 0201795c --- cmpwi r12,0 (0x0)
[Codegen] 02017960 --- bc 12, 2, 8
[Codegen] ##setNextJump (02017960 -> ffffffff) (41820008)

[Codegen] ==    branch32(cond, aadr, imm, l) ]] ==
[Codegen] == movePtr(immw, reg) ==
[Codegen] 02017968 --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 0201796c --- b .+8
[Codegen] ##setNextJump (0201796c -> ffffffff) (48000008)

[Codegen] #label     ((372))
[Codegen] ##linkPendedJump @ 02017960
[Codegen] ##link2    ((0x2017960)) jumps to ((0x2017974))
[Codegen] #label     ((372))
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02017974 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 02017978 --- lwz r7,0(r6)
[Codegen] == jump(reg) ==
[Codegen] 0201797c --- mtspr ctr, r7
[Codegen] 02017980 --- bctr
[Codegen] #label     ((388))
[Codegen] ##linkPendedJump @ 02017940
[Codegen] ##link2    ((0x2017940)) jumps to ((0x2017984))
[Codegen] #label     ((388))
[Codegen] == movePtr(reg, reg) ==
[Codegen] 02017984 --- or r5,r6,r6
[Codegen] == subPtr(reg, reg) ==
[Codegen] 02017988 --- subf r5,r3,r5
[Codegen] == pop(reg) ==
[Codegen] 0201798c --- lwz r6,0(sp)
[Codegen] 02017990 --- addi sp,sp,4 (0x4)
[Codegen] #label     ((404))
[Codegen] ##linkPendedJump @ 020178ec
[Codegen] ##link2    ((0x20178ec)) jumps to ((0x2017994))
[Codegen] #label     ((404))
[Codegen] !!! Bind
[Codegen] #label     ((404))
[Codegen] !!! LoadCurrentCharacter(0, 1)
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02017994 --- cmpwi r5,0 (0x0)
[Codegen] 02017998 --- bc 4, 0, 8
[Codegen] ##setNextJump (02017998 -> 00000108) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] 020179a0 --- lbzx r4,r3,r5
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] 020179a4 --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] 020179a8 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179ac --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] 020179b0 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 020179b4 --- cmplwi r7,1 (0x1)
[Codegen] 020179b8 --- bc 4, 1, 8
[Codegen] ##setNextJump (020179b8 -> 000001a0) (40810008)

[Codegen] !!! WriteCurrentPositionToRegister(1, 1)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] 020179c0 --- addi r7,r5,1 (0x1)
[Codegen] == store32(reg, adr) ==
[Codegen] 020179c4 --- stw r7,32(sp)
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179c8 --- addi r5,r5,1 (0x1)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((460))
[Codegen] 020179cc --- lis r7,0 (0x0)
[Codegen] 020179d0 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] 020179d4 --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179d8 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] 020179dc --- lis r12,385 (0x1810000)
[Codegen] 020179e0 --- ori r12,r12,204 (0xcc)
[Codegen] 020179e4 --- lwz r0,0(r12)
[Codegen] 020179e8 --- cmplw cr0,r0,r6
[Codegen] 020179ec --- bc 4, 0, 8
[Codegen] ##setNextJump (020179ec -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] 020179f4 --- or r9,sp,sp
[Codegen] 020179f8 --- bl .+8
[Codegen] ##setNextJump (020179f8 -> 000000c4) (48000009)

[Codegen] #label     ((512))
[Codegen] ##linkPendedJump @ 020179ec
[Codegen] ##link2    ((0x20179ec)) jumps to ((0x2017a00))
[Codegen] #label     ((512))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] 02017a00 --- and. r0,r7,r7
[Codegen] 02060604 --- bc 12, 2, 8
[Codegen] ##setNextJump (02060604 -> 000000d0) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((524))
[Codegen] !!! Succeed
[Codegen] == jump(l) ==
[Codegen] 0206060c --- b .+8
[Codegen] ##setNextJump (0206060c -> ffffffff) (48000008)

[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((532))
[Codegen] !!! Backtrack
[Codegen] == [[ branch32(cond, aadr, imm, l) ==
[Codegen] == load32(aadr, reg) ==
[Codegen] 02060614 --- lis r12,385 (0x1810000)
[Codegen] 02060618 --- ori r12,r12,240 (0xf0)
[Codegen] 0206061c --- lwz r12,0(r12)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02060620 --- cmpwi r12,0 (0x0)
[Codegen] 02060624 --- bc 12, 2, 8
[Codegen] ##setNextJump (02060624 -> ffffffff) (41820008)

[Codegen] ==    branch32(cond, aadr, imm, l) ]] ==
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0206062c --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 02060630 --- b .+8
[Codegen] ##setNextJump (02060630 -> 00000174) (48000008)

[Codegen] #label     ((568))
[Codegen] ##linkPendedJump @ 02060624
[Codegen] ##link2    ((0x2060624)) jumps to ((0x2060638))
[Codegen] #label     ((568))
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060638 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0206063c --- lwz r7,0(r6)
[Codegen] == jump(reg) ==
[Codegen] 02060640 --- mtspr ctr, r7
[Codegen] 02060644 --- bctr
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((584))
[Codegen] !!! ClearRegisters(2, 3)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 02060648 --- lwz r7,8(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0206064c --- stw r7,36(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 02060650 --- stw r7,40(sp)
[Codegen] !!! PopCurrentPosition
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060654 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 02060658 --- lwz r5,0(r6)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] 0206065c --- b .+8
[Codegen] ##setNextJump (0206065c -> 00000074) (48000008)

[Codegen] !!! Bind
[Codegen] #label     ((612))
[Codegen] ##linkPendedJump @ 0206065c
[Codegen] ##link2    ((0x206065c)) jumps to ((0x2060664))
[Codegen] #label     ((612))
[Codegen] ##linkPendedJump @ 0206046c
[Codegen] ##link2    ((0x206046c)) jumps to ((0x2060664))
[Codegen] #label     ((612))
[Codegen] ##linkPendedJump @ 0206044c
[Codegen] ##link2    ((0x206044c)) jumps to ((0x2060664))
[Codegen] #label     ((612))
[Codegen] !!! Bind
[Codegen] #label     ((612))
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02060664 --- cmpwi r5,0 (0x0)
[Codegen] 02060668 --- bc 4, 0, 8
[Codegen] ##setNextJump (02060668 -> 000001c0) (40800008)

[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060670 --- addi r5,r5,1 (0x1)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] 02060674 --- b .+8
[Codegen] ##link2    ((0x2060674)) jumps to ((0x2060448))
[Codegen] !!! Bind
[Codegen] #label     ((636))
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((636))
[Codegen] !!! Fail
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0206067c --- li r7,2 (0x2)
[Codegen] == jump(l) ==
[Codegen] 02060680 --- b .+8
[Codegen] ##setNextJump (02060680 -> 00000238) (48000008)

[Codegen] # Emitting exception tail stub
[Codegen] bfffae3c --- lwz r3,12(sp)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffae40 --- cmpwi r3,0 (0x0)
[Codegen] bfffae44 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffae44 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffae4c --- cmpwi r3,1 (0x1)
[Codegen] bfffae50 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffae50 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffae58 --- cmpwi r3,2 (0x2)
[Codegen] bfffae5c --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffae5c -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffae64 --- cmpwi r3,3 (0x3)
[Codegen] bfffae68 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffae68 -> ffffffff) (41820008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffae70 --- cmpwi r3,4 (0x4)
[Codegen] bfffae74 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffae74 -> ffffffff) (41820008)

[Codegen] bfffae7c --- trap
[Codegen] #label     ((68))
[Codegen] ##linkPendedJump @ bfffae44
[Codegen] ##link2    ((0xbfffae44)) jumps to ((0xbfffae80))
[Codegen] #label     ((68))
[Codegen] bfffae80 --- lwz sp,4(sp)
[Codegen] bfffae84 --- lwz r3,0(sp)
[Codegen] bfffae88 --- mtspr ctr, r3
[Codegen] bfffae8c --- addi sp,sp,4 (0x4)
[Codegen] == moveValue(jsval, vo) ==
[Codegen] == moveValue(jsval, reg, reg) ==
[Codegen] bfffae90 --- li r6,-124 (0xffffff84)
[Codegen] bfffae94 --- li r5,14 (0xe)
[Codegen] bfffae98 --- bctr
[Codegen] #label     ((96))
[Codegen] ##linkPendedJump @ bfffae50
[Codegen] ##link2    ((0xbfffae50)) jumps to ((0xbfffae9c))
[Codegen] #label     ((96))
[Codegen] bfffae9c --- lwz r3,8(sp)
[Codegen] bfffaea0 --- mtspr ctr, r3
[Codegen] bfffaea4 --- lwz r13,0(sp)
[Codegen] bfffaea8 --- lwz sp,4(sp)
[Codegen] bfffaeac --- bctr
[Codegen] #label     ((116))
[Codegen] ##linkPendedJump @ bfffae5c
[Codegen] ##link2    ((0xbfffae5c)) jumps to ((0xbfffaeb0))
[Codegen] #label     ((116))
[Codegen] == [[ loadValue(reg, o) ==
[Codegen] == loadPayload(o, reg) ==
[Codegen] bfffaeb0 --- lwz r5,20(sp)
[Codegen] == loadType(o, reg) ==
[Codegen] bfffaeb4 --- lwz r4,16(sp)
[Codegen] ==    loadValue(reg, o) ]] ==
[Codegen] bfffaeb8 --- lwz r3,8(sp)
[Codegen] bfffaebc --- mtspr ctr, r3
[Codegen] bfffaec0 --- lwz r13,0(sp)
[Codegen] bfffaec4 --- lwz sp,4(sp)
[Codegen] == pushValue(jsval) ==
[Codegen] bfffaec8 --- addi sp,sp,4294967288 (0xfffffff8)
[Codegen] bfffaecc --- li r0,1 (0x1)
[Codegen] bfffaed0 --- li r12,-125 (0xffffff83)
[Codegen] bfffaed4 --- stw r0,4(sp)
[Codegen] bfffaed8 --- stw r12,0(sp)
[Codegen] == pushValue(vo) ==
[Codegen] bfffaedc --- addi sp,sp,4294967288 (0xfffffff8)
[Codegen] bfffaee0 --- stw r5,4(sp)
[Codegen] bfffaee4 --- stw r4,0(sp)
[Codegen] bfffaee8 --- bctr
[Codegen] #label     ((176))
[Codegen] ##linkPendedJump @ bfffae68
[Codegen] ##link2    ((0xbfffae68)) jumps to ((0xbfffaeec))
[Codegen] #label     ((176))
[Codegen] bfffaeec --- lwz r13,0(sp)
[Codegen] bfffaef0 --- lwz sp,4(sp)
[Codegen] == loadValue(adr, vo) ==
[Codegen] == [[ loadValue(reg, o) ==
[Codegen] == loadPayload(o, reg) ==
[Codegen] bfffaef4 --- lwz r5,-32(r13)
[Codegen] == loadType(o, reg) ==
[Codegen] bfffaef8 --- lwz r6,-36(r13)
[Codegen] ==    loadValue(reg, o) ]] ==
[Codegen] bfffaefc --- or sp,r13,r13
[Codegen] == pop(reg) ==
[Codegen] bfffaf00 --- lwz r13,0(sp)
[Codegen] bfffaf04 --- addi sp,sp,4 (0x4)
[Codegen] == retn(imm) ==
[Codegen] bfffaf08 --- lwz r0,0(sp)
[Codegen] bfffaf0c --- mtspr ctr, r0
[Codegen] bfffaf10 --- addi sp,sp,4 (0x4)
[Codegen] bfffaf14 --- bctr
[Codegen] #label     ((220))
[Codegen] ##linkPendedJump @ bfffae74
[Codegen] ##link2    ((0xbfffae74)) jumps to ((0xbfffaf18))
[Codegen] #label     ((220))
[Codegen] bfffaf18 --- lwz r4,8(sp)
[Codegen] bfffaf1c --- mtspr ctr, r4
[Codegen] bfffaf20 --- li r3,0 (0x0)
[Codegen] bfffaf24 --- lwz r5,24(sp)
[Codegen] bfffaf28 --- bctr
[Codegen]  -- FLUSHING CONSTANT POOL WITH 15 CONSTANTS --

[Codegen]  -- FLUSHING CONSTANT POOL WITH 0 CONSTANTS --

[Codegen] ##executableCopy finished to 0188d010

Original comment by classi...@floodgap.com on 3 Sep 2014 at 4:49

In CheckNotBackReference, the third branchPtr needs to be a branch32. That 
seems to work for the minimal case; now to test the others, and then to find 
out what's up with growing the backtrack stack.

Original comment by classi...@floodgap.com on 5 Sep 2014 at 5:47

Doesn't work for /(?:(?:(.)\1))./gi.exec('"">'), so let's move one level up.

Original comment by classi...@floodgap.com on 7 Sep 2014 at 4:37

GNU gdb 6.3.50-20050815 (Apple version gdb-768 TenFourFox patch 2) (Sun Oct  6 
02:44:03 GMT 2013)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-apple-darwin"...
warning: --arch option not supported in this gdb.
Reading symbols for shared libraries ........... done

(gdb) run
Starting program: /Volumes/BruceDeuce/src/mozilla-33a/obj-ff-dbg/dist/bin/js 
--no-ion --no-baseline
warning: Could not find malloc init callback function.  
Make sure malloc is initialized before calling functions.
Reading symbols for shared libraries 
...........................................................................++ 
done
js> /(?:(?:(.)\1))./gi.exec('"">')

[Codegen] Starting RegExp (input_end_pointer r3) (current_character r4) 
(current_position r5) (backtrack_stack_pointer r6) (temp0 r7) temp1 (r8) temp2 
(r9)
[Codegen] == jump(l) ==
[Codegen] bfffc46c --- b .+8
[Codegen] ##setNextJump (bfffc46c -> ffffffff) (48000008)

[Codegen] #label     ((8))
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((8))
[Codegen] bfffc474 --- lis r7,0 (0x0)
[Codegen] bfffc478 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc47c --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc480 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc484 --- lis r12,385 (0x1810000)
[Codegen] bfffc488 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc48c --- lwz r0,0(r12)
[Codegen] bfffc490 --- cmplw cr0,r0,r6
[Codegen] bfffc494 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc494 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc49c --- or r9,sp,sp
[Codegen] bfffc4a0 --- bl .+8
[Codegen] ##setNextJump (bfffc4a0 -> ffffffff) (48000009)

[Codegen] #label     ((60))
[Codegen] ##linkPendedJump @ bfffc494
[Codegen] ##link2    ((0xbfffc494)) jumps to ((0xbfffc4a8))
[Codegen] #label     ((60))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc4a8 --- and. r0,r7,r7
[Codegen] bfffc4ac --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc4ac -> ffffffff) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! LoadCurrentCharacter(0, 1)
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc4b4 --- cmpwi r5,0 (0x0)
[Codegen] bfffc4b8 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc4b8 -> ffffffff) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] bfffc4c0 --- lbzx r4,r3,r5
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] bfffc4c4 --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] bfffc4c8 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4cc --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] bfffc4d0 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc4d4 --- cmplwi r7,1 (0x1)
[Codegen] bfffc4d8 --- bc 4, 1, 8
[Codegen] ##setNextJump (bfffc4d8 -> 00000054) (40810008)

[Codegen] !!! PushCurrentPosition
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4e0 --- stw r5,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4e4 --- addi r6,r6,4 (0x4)
[Codegen] !!! WriteCurrentPositionToRegister(0, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4e8 --- stw r5,28(sp)
[Codegen] !!! WriteCurrentPositionToRegister(2, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4ec --- stw r5,36(sp)
[Codegen] !!! WriteCurrentPositionToRegister(3, 1)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] bfffc4f0 --- addi r7,r5,1 (0x1)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc4f4 --- stw r7,40(sp)
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc4f8 --- addi r5,r5,1 (0x1)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((144))
[Codegen] bfffc4fc --- lis r7,0 (0x0)
[Codegen] bfffc500 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc504 --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc508 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc50c --- lis r12,385 (0x1810000)
[Codegen] bfffc510 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc514 --- lwz r0,0(r12)
[Codegen] bfffc518 --- cmplw cr0,r0,r6
[Codegen] bfffc51c --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc51c -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc524 --- or r9,sp,sp
[Codegen] bfffc528 --- bl .+8
[Codegen] ##setNextJump (bfffc528 -> 0000003c) (48000009)

[Codegen] #label     ((196))
[Codegen] ##linkPendedJump @ bfffc51c
[Codegen] ##link2    ((0xbfffc51c)) jumps to ((0xbfffc530))
[Codegen] #label     ((196))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc530 --- and. r0,r7,r7
[Codegen] bfffc534 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc534 -> 00000048) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((208))
[Codegen] !!! CheckNotBackReferenceIgnoreCase(2)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] bfffc53c --- lwz r4,36(sp)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] bfffc540 --- lwz r8,40(sp)
[Codegen] == subPtr(reg, reg) ==
[Codegen] bfffc544 --- subf r8,r4,r8
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc548 --- cmplwi r8,0 (0x0)
[Codegen] bfffc54c --- bc 12, 0, 8
[Codegen] ##setNextJump (bfffc54c -> ffffffff) (41800008)

[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc554 --- cmplwi r8,0 (0x0)
[Codegen] bfffc558 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc558 -> ffffffff) (41820008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc560 --- or r7,r5,r5
[Codegen] == addPtr(reg, reg) ==
[Codegen] bfffc564 --- add r7,r8,r7
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(reg, immw) ==
[Codegen] bfffc568 --- cmplwi r7,0 (0x0)
[Codegen] 02017900 --- bc 12, 1, 8
[Codegen] ##setNextJump (02017900 -> 000000e8) (41810008)

[Codegen] == push(reg) ==
[Codegen] 02017908 --- stwu r5,-4(sp)
[Codegen] == addPtr(reg, reg) ==
[Codegen] 0201790c --- add r4,r3,r4
[Codegen] == addPtr(reg, reg) ==
[Codegen] 02017910 --- add r5,r3,r5
[Codegen] == addPtr(reg, reg) ==
[Codegen] 02017914 --- add r8,r5,r8
[Codegen] #label     ((280))
[Codegen] == load8ZeroExtend(adr, reg) ==
[Codegen] 02017918 --- lbz r7,0(r5)
[Codegen] == load8ZeroExtend(adr, reg) ==
[Codegen] 0201791c --- lbz r9,0(r4)
[Codegen] == branch32(cond, reg, reg, l) ==
[Codegen] 02017920 --- cmpw cr0,r7,r9
[Codegen] 02017924 --- bc 12, 2, 8
[Codegen] ##setNextJump (02017924 -> ffffffff) (41820008)

[Codegen] == or32(imm, reg) ==
[Codegen] 0201792c --- ori r7,r7,32 (0x20)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] 02017930 --- addi r9,r7,4294967199 (0xffffff9f)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02017934 --- cmplwi r9,25 (0x19)
[Codegen] 02017938 --- bc 4, 1, 8
[Codegen] ##setNextJump (02017938 -> ffffffff) (40810008)

[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02017940 --- addi r9,r9,4294967169 (0xffffff81)
[Codegen] 02017944 --- cmpwi r9,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02017948 --- cmplwi r9,30 (0x1e)
[Codegen] 0201794c --- bc 12, 1, 8
[Codegen] ##setNextJump (0201794c -> ffffffff) (41810008)

[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02017954 --- cmpwi r9,23 (0x17)
[Codegen] 02017958 --- bc 12, 2, 8
[Codegen] ##setNextJump (02017958 -> 00000154) (41820008)

[Codegen] #label     ((352))
[Codegen] ##linkPendedJump @ 02017938
[Codegen] ##link2    ((0x2017938)) jumps to ((0x2017960))
[Codegen] #label     ((352))
[Codegen] == load8ZeroExtend(adr, reg) ==
[Codegen] 02017960 --- lbz r9,0(r4)
[Codegen] == or32(imm, reg) ==
[Codegen] 02017964 --- ori r9,r9,32 (0x20)
[Codegen] == branch32(cond, reg, reg, l) ==
[Codegen] 02017968 --- cmpw cr0,r7,r9
[Codegen] 0201796c --- bc 4, 2, 8
[Codegen] ##setNextJump (0201796c -> 00000160) (40820008)

[Codegen] #label     ((372))
[Codegen] ##linkPendedJump @ 02017924
[Codegen] ##link2    ((0x2017924)) jumps to ((0x2017974))
[Codegen] #label     ((372))
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02017974 --- addi r4,r4,1 (0x1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02017978 --- addi r5,r5,1 (0x1)
[Codegen] == branchPtr(cond, reg, reg, l) ==
[Codegen] 0201797c --- cmplw cr0,r5,r8
[Codegen] 02017980 --- bc 12, 0, 8
[Codegen] ##link2    ((0x2017980)) jumps to ((0x2017918))
[Codegen] == jump(l) ==
[Codegen] 02017988 --- b .+8
[Codegen] ##setNextJump (02017988 -> ffffffff) (48000008)

[Codegen] #label     ((400))
[Codegen] ##linkPendedJump @ 0201796c
[Codegen] ##link2    ((0x201796c)) jumps to ((0x2017990))
[Codegen] #label     ((400))
[Codegen] ##linkPendedJump @ 02017958
[Codegen] ##link2    ((0x2017958)) jumps to ((0x2017990))
[Codegen] #label     ((400))
[Codegen] ##linkPendedJump @ 0201794c
[Codegen] ##link2    ((0x201794c)) jumps to ((0x2017990))
[Codegen] #label     ((400))
[Codegen] == pop(reg) ==
[Codegen] 02017990 --- lwz r5,0(sp)
[Codegen] 02017994 --- addi sp,sp,4 (0x4)
[Codegen] !!! JumpOrBacktrack
[Codegen] !!! Backtrack
[Codegen] == [[ branch32(cond, aadr, imm, l) ==
[Codegen] == load32(aadr, reg) ==
[Codegen] 02017998 --- lis r12,385 (0x1810000)
[Codegen] 0201799c --- ori r12,r12,240 (0xf0)
[Codegen] 020179a0 --- lwz r12,0(r12)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 020179a4 --- cmpwi r12,0 (0x0)
[Codegen] 020179a8 --- bc 12, 2, 8
[Codegen] ##setNextJump (020179a8 -> ffffffff) (41820008)

[Codegen] ==    branch32(cond, aadr, imm, l) ]] ==
[Codegen] == movePtr(immw, reg) ==
[Codegen] 020179b0 --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 020179b4 --- b .+8
[Codegen] ##setNextJump (020179b4 -> ffffffff) (48000008)

[Codegen] #label     ((444))
[Codegen] ##linkPendedJump @ 020179a8
[Codegen] ##link2    ((0x20179a8)) jumps to ((0x20179bc))
[Codegen] #label     ((444))
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179bc --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 020179c0 --- lwz r7,0(r6)
[Codegen] == jump(reg) ==
[Codegen] 020179c4 --- mtspr ctr, r7
[Codegen] 020179c8 --- bctr
[Codegen] #label     ((460))
[Codegen] ##linkPendedJump @ 02017988
[Codegen] ##link2    ((0x2017988)) jumps to ((0x20179cc))
[Codegen] #label     ((460))
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179cc --- addi sp,sp,4 (0x4)
[Codegen] == subPtr(reg, reg) ==
[Codegen] 020179d0 --- subf r5,r3,r5
[Codegen] #label     ((468))
[Codegen] ##linkPendedJump @ 020178ec
[Codegen] ##link2    ((0x20178ec)) jumps to ((0x20179d4))
[Codegen] #label     ((468))
[Codegen] !!! Bind
[Codegen] #label     ((468))
[Codegen] !!! LoadCurrentCharacter(0, 1)
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 020179d4 --- cmpwi r5,0 (0x0)
[Codegen] 020179d8 --- bc 4, 0, 8
[Codegen] ##setNextJump (020179d8 -> 00000108) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 1)
[Codegen] == load8ZeroExtend(bi, reg) ==
[Codegen] 020179e0 --- lbzx r4,r3,r5
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] 020179e4 --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] 020179e8 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020179ec --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] 020179f0 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 020179f4 --- cmplwi r7,1 (0x1)
[Codegen] 020179f8 --- bc 4, 1, 8
[Codegen] ##setNextJump (020179f8 -> 000001e0) (40810008)

[Codegen] !!! WriteCurrentPositionToRegister(1, 1)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] 02017a00 --- addi r7,r5,1 (0x1)
[Codegen] == store32(reg, adr) ==
[Codegen] 02060604 --- stw r7,32(sp)
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060608 --- addi r5,r5,1 (0x1)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((524))
[Codegen] 0206060c --- lis r7,0 (0x0)
[Codegen] 02060610 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] 02060614 --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060618 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] 0206061c --- lis r12,385 (0x1810000)
[Codegen] 02060620 --- ori r12,r12,204 (0xcc)
[Codegen] 02060624 --- lwz r0,0(r12)
[Codegen] 02060628 --- cmplw cr0,r0,r6
[Codegen] 0206062c --- bc 4, 0, 8
[Codegen] ##setNextJump (0206062c -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] 02060634 --- or r9,sp,sp
[Codegen] 02060638 --- bl .+8
[Codegen] ##setNextJump (02060638 -> 000000c4) (48000009)

[Codegen] #label     ((576))
[Codegen] ##linkPendedJump @ 0206062c
[Codegen] ##link2    ((0x206062c)) jumps to ((0x2060640))
[Codegen] #label     ((576))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] 02060640 --- and. r0,r7,r7
[Codegen] 02060644 --- bc 12, 2, 8
[Codegen] ##setNextJump (02060644 -> 000000d0) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((588))
[Codegen] !!! Succeed
[Codegen] == jump(l) ==
[Codegen] 0206064c --- b .+8
[Codegen] ##setNextJump (0206064c -> ffffffff) (48000008)

[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((596))
[Codegen] !!! Backtrack
[Codegen] == [[ branch32(cond, aadr, imm, l) ==
[Codegen] == load32(aadr, reg) ==
[Codegen] 02060654 --- lis r12,385 (0x1810000)
[Codegen] 02060658 --- ori r12,r12,240 (0xf0)
[Codegen] 0206065c --- lwz r12,0(r12)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 02060660 --- cmpwi r12,0 (0x0)
[Codegen] 02060664 --- bc 12, 2, 8
[Codegen] ##setNextJump (02060664 -> ffffffff) (41820008)

[Codegen] ==    branch32(cond, aadr, imm, l) ]] ==
[Codegen] == movePtr(immw, reg) ==
[Codegen] 0206066c --- li r7,0 (0x0)
[Codegen] == jump(l) ==
[Codegen] 02060670 --- b .+8
[Codegen] ##setNextJump (02060670 -> 000001bc) (48000008)

[Codegen] #label     ((632))
[Codegen] ##linkPendedJump @ 02060664
[Codegen] ##link2    ((0x2060664)) jumps to ((0x2060678))
[Codegen] #label     ((632))
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060678 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 0206067c --- lwz r7,0(r6)
[Codegen] == jump(reg) ==
[Codegen] 02060680 --- mtspr ctr, r7
[Codegen] 02060684 --- bctr
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((648))
[Codegen] !!! ClearRegisters(2, 3)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 02060688 --- lwz r7,8(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 0206068c --- stw r7,36(sp)
[Codegen] == store32(reg, adr) ==
[Codegen] 02060690 --- stw r7,40(sp)
[Codegen] !!! PopCurrentPosition
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 02060694 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 02060698 --- lwz r5,0(r6)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] 0206069c --- b .+8
[Codegen] ##setNextJump (0206069c -> 00000074) (48000008)

[Codegen] !!! Bind
[Codegen] #label     ((676))
[Codegen] ##linkPendedJump @ 0206069c
[Codegen] ##link2    ((0x206069c)) jumps to ((0x20606a4))
[Codegen] #label     ((676))
[Codegen] ##linkPendedJump @ 0206046c
[Codegen] ##link2    ((0x206046c)) jumps to ((0x20606a4))
[Codegen] #label     ((676))
[Codegen] ##linkPendedJump @ 0206044c
[Codegen] ##link2    ((0x206044c)) jumps to ((0x20606a4))
[Codegen] #label     ((676))
[Codegen] !!! Bind
[Codegen] #label     ((676))
[Codegen] !!! CheckPosition(0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] 020606a4 --- cmpwi r5,0 (0x0)
[Codegen] 020606a8 --- bc 4, 0, 8
[Codegen] ##setNextJump (020606a8 -> 00000200) (40800008)

[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 020606b0 --- addi r5,r5,1 (0x1)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] 020606b4 --- b .+8
[Codegen] ##link2    ((0x20606b4)) jumps to ((0x2060448))
[Codegen] !!! Bind
[Codegen] #label     ((700))
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((700))
[Codegen] !!! Fail
[Codegen] == movePtr(immw, reg) ==
[Codegen] 020606bc --- li r7,2 (0x2)
[Codegen] == jump(l) ==
[Codegen] 020606c0 --- b .+8
[Codegen] ##setNextJump (020606c0 -> 00000278) (48000008)

[Codegen] # Emitting exception tail stub

Original comment by classi...@floodgap.com on 7 Sep 2014 at 4:39

Made similar change to CheckNotBackReferenceCaseIgnoreCase. All cases work, 
even the ones that used to crash.

Original comment by classi...@floodgap.com on 7 Sep 2014 at 4:47

But the test still crashes. So let's look at the backtrack, since it seems to 
be upsetting Baseline-eager.

Original comment by classi...@floodgap.com on 7 Sep 2014 at 4:52

If we make the backtrack stack sufficiently large to begin with, the test now 
passes with native regexps and baseline-eager. So it's the growth step that 
causes the crash.

Original comment by classi...@floodgap.com on 7 Sep 2014 at 4:57

[Codegen] Created RegExp (raw 0x18a9420 length 7604)
base: 0204ca00   size: 00000800

Program received signal SIGTRAP, Trace/breakpoint trap.
js::irregexp::GrowBacktrackStack (rt=0x1810000) at 
/Volumes/BruceDeuce/src/mozilla-33a/js/src/irregexp/RegExpStack.cpp:98
98      __asm("trap\n");
(gdb) ct

Program received signal SIGTRAP, Trace/breakpoint trap.
0x018aa894 in ?? ()
(gdb) disas 0x18aa880 0x018aa920
Dump of assembler code from 0x18aa880 to 0x18aa920:
0x018aa880:     addi    r1,r1,4
0x018aa884:     mtlr    r0
0x018aa888:     and.    r0,r7,r7
0x018aa88c:     beq-    0x18aa8b8
0x018aa890:     li      r0,2348
0x018aa894:     trap
0x018aa898:     lwz     r0,24(r9)
0x018aa89c:     subf    r6,r0,r6
0x018aa8a0:     lis     r12,385
0x018aa8a4:     ori     r12,r12,196
0x018aa8a8:     lwz     r8,0(r12)
0x018aa8ac:     stw     r8,24(r9)
0x018aa8b0:     trap
0x018aa8b4:     add     r6,r8,r6
0x018aa8b8:     blr
0x018aa8bc:     li      r7,0
0x018aa8c0:     b       0x18aa7a4
0x018aa8c4:     li      r0,2308
0x018aa8c8:     trap
0x018aa8cc:     trap
0x018aa8d0:     trap
0x018aa8d4:     trap
0x018aa8d8:     trap
0x018aa8dc:     trap
0x018aa8e0:     trap
0x018aa8e4:     trap
0x018aa8e8:     trap
0x018aa8ec:     trap
0x018aa8f0:     trap
0x018aa8f4:     trap
0x018aa8f8:     trap
0x018aa8fc:     trap
0x018aa900:     trap
0x018aa904:     trap
0x018aa908:     trap
0x018aa90c:     trap
0x018aa910:     trap
0x018aa914:     trap
0x018aa918:     trap
0x018aa91c:     trap
End of assembler dump.
(gdb) i reg r6
r6             0x2005d88        33578376
(gdb) i reg r9
r9             0xbfffdc90       3221216400
(gdb) x/4 $r9+24
0xbfffdca8:     0x02005a00      0xffffffce      0xffffffcd      0xffffffcd
(gdb) ct   

Program received signal SIGTRAP, Trace/breakpoint trap.
0x018aa8b0 in ?? ()
(gdb) x/4 $r9+24
0xbfffdca8:     0x0204ca00      0xffffffce      0xffffffcd      0xffffffcd
(gdb) i reg r6
r6             0x388    904
(gdb) i reg r8
r8             0x204ca00        33868288
(gdb) ct
[BaselineIC]   Added TypeMonitor stub 0x208cc98 for TypeObject 0x1c28660

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00262984
0xbfffdc90 in ?? ()

Original comment by classi...@floodgap.com on 7 Sep 2014 at 5:21

If we just bail out at the point of the call to GrowBacktrackStack, then we 
terminate more or less normally. So we go wrong in there.

Original comment by classi...@floodgap.com on 7 Sep 2014 at 5:42

We go wrong in GrowBacktrackStack. If we have the stack function in 
RegExpStack.cpp return false, then the crash does not occur. So somehow that's 
stepping on stuff. For now, we'll just wallpaper it with a large stack, and not 
allow it to grow.

Original comment by classi...@floodgap.com on 8 Sep 2014 at 2:12

Gets through test suite without crashes, but some tests still fail:

tests/basic/bug632964-regexp.js (big pattern, probably just needs more 
backtrackstack)
tests/latin1/regexp.js (actually wrong, line 25)
tests/latin1/replace.js (same underlying bug probably)

Original comment by classi...@floodgap.com on 10 Sep 2014 at 2:51

js> "foobAr1234\u1200".search(/b[aA]r/)
-1
js> "bar1234\u1200".search(/b[aA]r/)
-1
js> "bar1234\u1200".search(/./)     
0
js> "bar1234\u1200".search(/b/)
0
js> "bar1234\u1200".search(/ba/) 
0
js> "bar1234\u1200".search(/bar/)
0
js> "bar1234\u1200".search(/b.r/) 
-1

Looks like any multi-match character is where it fails.

Original comment by classi...@floodgap.com on 10 Sep 2014 at 4:00

js> "bar1234\u1200".search(/b./) 
-1
js> "bar1234\u1200".search(/../)
0
js> "bar1234\u1200".search(/b/) 
0
js> "bar1234\u1200".search(/1/)
3

I think that's because the last two end up getting turned into 
Boyer-Moore-Horspool matching.

Original comment by classi...@floodgap.com on 10 Sep 2014 at 4:07

[Codegen] Starting RegExp (input_end_pointer r3) (current_character r4) 
(current_position r5) (backtrack_stack_pointer r6) (temp0 r7) temp1 (r8) temp2 
(r9)
[Codegen] == jump(l) ==
[Codegen] bfffc8dc --- b .+8
[Codegen] ##setNextJump (bfffc8dc -> ffffffff) (48000008)

[Codegen] #label     ((8))
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((8))
[Codegen] bfffc8e4 --- lis r7,0 (0x0)
[Codegen] bfffc8e8 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc8ec --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc8f0 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc8f4 --- lis r12,385 (0x1810000)
[Codegen] bfffc8f8 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc8fc --- lwz r0,0(r12)
[Codegen] bfffc900 --- cmplw cr0,r0,r6
[Codegen] bfffc904 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc904 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc90c --- or r9,sp,sp
[Codegen] bfffc910 --- bl .+8
[Codegen] ##setNextJump (bfffc910 -> ffffffff) (48000009)

[Codegen] #label     ((60))
[Codegen] ##linkPendedJump @ bfffc904
[Codegen] ##link2    ((0xbfffc904)) jumps to ((0xbfffc918))
[Codegen] #label     ((60))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] bfffc918 --- and. r0,r7,r7
[Codegen] bfffc91c --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc91c -> ffffffff) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! Bind
[Codegen] #label     ((72))
[Codegen] !!! LoadCurrentCharacter(0, 2)
[Codegen] !!! CheckPosition(1)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc924 --- cmpwi r5,-2 (0xfffffffe)
[Codegen] bfffc928 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc928 -> ffffffff) (40800008)

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 2)
[Codegen] == load32Swapped(bi, reg) ==
[Codegen] bfffc930 --- lwbrx r4,r3,r5
[Codegen] !!! CheckCharacterAfterAnd(98, 65535)
[Codegen] == move32(imm, reg) ==
[Codegen] bfffc934 --- lis r7,0 (0x0)
[Codegen] bfffc938 --- ori r7,r7,65535 (0xffff)
[Codegen] == and32(reg, reg) ==
[Codegen] bfffc93c --- and. r7,r4,r7
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc940 --- cmpwi r7,98 (0x62)
[Codegen] bfffc944 --- bc 12, 2, 8
[Codegen] ##setNextJump (bfffc944 -> ffffffff) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((112))
[Codegen] !!! AdvanceCurrentPosition(1)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc94c --- addi r5,r5,2 (0x2)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] bfffc950 --- b .+8
[Codegen] ##link2    ((0xbfffc950)) jumps to ((0xbfffc924))
[Codegen] !!! Bind
[Codegen] #label     ((124))
[Codegen] !!! Bind
[Codegen] #label     ((124))
[Codegen] ##linkPendedJump @ bfffc944
[Codegen] ##link2    ((0xbfffc944)) jumps to ((0xbfffc958))
[Codegen] #label     ((124))
[Codegen] !!! LoadCurrentCharacter(1, 1)
[Codegen] !!! CheckPosition(1)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc958 --- cmpwi r5,-2 (0xfffffffe)
[Codegen] bfffc95c --- bc 4, 0, 8
[Codegen] ##link2    ((0xbfffc95c)) jumps to ((0xbfffc94c))
[Codegen] !!! LoadCurrentCharacterUnchecked(1, 1)
[Codegen] == load16ZeroExtendSwapped(bi, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc964 --- addi r12,r5,2 (0x2)
[Codegen] bfffc968 --- lhbrx r4,r3,r12
[Codegen] !!! CheckSpecialCharacterClass(46)
[Codegen] == move32(reg, reg) ==
[Codegen] bfffc96c --- or r7,r4,r4
[Codegen] == xor32(imm, reg) ==
[Codegen] bfffc970 --- xori r7,r7,1 (0x1)
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc974 --- addi r7,r7,4294967285 (0xfffffff5)
[Codegen] bfffc978 --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc97c --- cmplwi r7,1 (0x1)
[Codegen] bfffc980 --- bc 4, 1, 8
[Codegen] ##link2    ((0xbfffc980)) jumps to ((0xbfffc94c))
[Codegen] == sub32(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc988 --- addi r7,r7,4294959075 (0xffffdfe3)
[Codegen] bfffc98c --- cmpwi r7,0 (0x0)
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc990 --- cmplwi r7,1 (0x1)
[Codegen] bfffc994 --- bc 4, 1, 8
[Codegen] ##link2    ((0xbfffc994)) jumps to ((0xbfffc94c))
[Codegen] !!! PushCurrentPosition
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc99c --- stw r5,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc9a0 --- addi r6,r6,4 (0x4)
[Codegen] !!! WriteCurrentPositionToRegister(0, 0)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc9a4 --- stw r5,28(sp)
[Codegen] !!! WriteCurrentPositionToRegister(1, 2)
[Codegen] == computeEffectiveAddress(adr, reg) ==
[Codegen] bfffc9a8 --- addi r7,r5,4 (0x4)
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc9ac --- stw r7,32(sp)
[Codegen] !!! AdvanceCurrentPosition(2)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc9b0 --- addi r5,r5,4 (0x4)
[Codegen] !!! PushBacktrack
[Codegen] == movWithPatch(immw, reg) ==
[Codegen] #label     ((216))
[Codegen] bfffc9b4 --- lis r7,0 (0x0)
[Codegen] bfffc9b8 --- ori r7,r7,0 (0x0)
[Codegen] !!! PushBacktrack
[Codegen] == store32(reg, adr) ==
[Codegen] bfffc9bc --- stw r7,0(r6)
[Codegen] == addPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] bfffc9c0 --- addi r6,r6,4 (0x4)
[Codegen] !!! CheckBacktrackStackLimit
[Codegen] == branchPtr(cond, T, S, l) ==
[Codegen] == cmpPtr(aadr, reg) ==
[Codegen] bfffc9c4 --- lis r12,385 (0x1810000)
[Codegen] bfffc9c8 --- ori r12,r12,204 (0xcc)
[Codegen] bfffc9cc --- lwz r0,0(r12)
[Codegen] bfffc9d0 --- cmplw cr0,r0,r6
[Codegen] bfffc9d4 --- bc 4, 0, 8
[Codegen] ##setNextJump (bfffc9d4 -> ffffffff) (40800008)

[Codegen] == movePtr(reg, reg) ==
[Codegen] bfffc9dc --- or r9,sp,sp
[Codegen] 03070304 --- bl .+8
[Codegen] ##setNextJump (03070304 -> 0000003c) (48000009)

[Codegen] #label     ((268))
[Codegen] ##linkPendedJump @ 030702f8
[Codegen] ##link2    ((0x30702f8)) jumps to ((0x307030c))
[Codegen] #label     ((268))
[Codegen] == branchTest32(cond, reg, reg, l) ==
[Codegen] 0307030c --- and. r0,r7,r7
[Codegen] 03070310 --- bc 12, 2, 8
[Codegen] ##setNextJump (03070310 -> 00000048) (41820008)

[Codegen] !!! Bind
[Codegen] #label     ((280))
[Codegen] !!! Succeed
[Codegen] == jump(l) ==
[Codegen] 03070318 --- b .+8
[Codegen] ##setNextJump (03070318 -> ffffffff) (48000008)

[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((288))
[Codegen] !!! PopCurrentPosition
[Codegen] !!! PopBacktrack
[Codegen] == subPtr(imm, reg) ==
[Codegen] == add32(imm, reg, reg) ==
[Codegen] 03070320 --- addi r6,r6,4294967292 (0xfffffffc)
[Codegen] == loadPtr(adr, reg) ==
[Codegen] == load32(adr, reg) ==
[Codegen] 03070324 --- lwz r5,0(r6)
[Codegen] !!! JumpOrBacktrack
[Codegen] == jump(l) ==
[Codegen] 03070328 --- b .+8
[Codegen] ##link2    ((0x3070328)) jumps to ((0x3070270))
[Codegen] !!! BindBacktrack
[Codegen] !!! Bind
[Codegen] #label     ((304))
[Codegen] !!! Fail
[Codegen] == movePtr(immw, reg) ==
[Codegen] 03070330 --- li r7,2 (0x2)
[Codegen] == jump(l) ==
[Codegen] 03070334 --- b .+8
[Codegen] ##setNextJump (03070334 -> ffffffff) (48000008)

[Codegen] # Emitting exception tail stub

Original comment by classi...@floodgap.com on 10 Sep 2014 at 4:09

So the problem here is the load32Swapped lwbrx. It turns 4321 byte order into 
1234. But we don't actually want that:

(gdb) i reg r4
r4             0x61006200       1627415040

The relevant code is

[Codegen] !!! LoadCurrentCharacterUnchecked(0, 2)
[Codegen] == load32Swapped(bi, reg) ==
[Codegen] bfffc930 --- lwbrx r4,r3,r5
[Codegen] !!! CheckCharacterAfterAnd(98, 65535)
[Codegen] == move32(imm, reg) ==
[Codegen] bfffc934 --- lis r7,0 (0x0)
[Codegen] bfffc938 --- ori r7,r7,65535 (0xffff)
[Codegen] == and32(reg, reg) ==
[Codegen] bfffc93c --- and. r7,r4,r7
[Codegen] == branch32(cond, reg, imm, l) ==
[Codegen] bfffc940 --- cmpwi r7,98 (0x62)
[Codegen] bfffc944 --- bc 12, 2, 8

We don't get 0x0062 after the mask, we get 0x6200.

So what we really need is something that loads by swapping the words only 
(i.e., turn 4321 into 2143 instead of 1234). The load16Swapped seems to be fine.

Original comment by classi...@floodgap.com on 10 Sep 2014 at 4:22

This fixes /b./ but still doesn't fix /b[aA]r/.

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:07

We shouldn't swap bytes for a single jschar -- it should be a native-endian 
16-bit word.

Next failure: 
assertEq(toLatin1("1abcdefghijklm4").search(/abcdefghijklm[0-5]/), 1);

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:12

js> toLatin1("1abcdefghijklm4").search(/abcdefghijklm[0-5]/)
-1
js> ("1abcdefghijklm4").search(/abcdefghijklm[0-5]/)
-1
js> ("1abcdefghijklm4").search(/m[0-5]/)             
13
js> ("1abcdefghijklm4").search(/lm[0-5]/)
12
js> ("1abcdefghijklm4").search(/klm[0-5]/)
-1

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:15

This also doesn't work:

js> ("1abcdefghijklm4").search(/klm./)     
returns -1

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:17

The tip off was the going wrong when the Latin-1 pattern got to 32-bits. We 
needed to use lwbrx in THAT case.

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:22

regexp.js and replace.js now pass!

Original comment by classi...@floodgap.com on 11 Sep 2014 at 1:25

keeleysam / tenfourfox

irregexp cometh [Fx32] #271