Issue 345048: Fix issue 493: Infinite loop when debug break is set when entering function.apply

Issue 345048: Fix issue 493: Infinite loop when debug break is set when entering function.apply (Closed)

Created:
11 years, 1 month ago by Søren Thygesen Gjesse

Modified:
9 years, 7 months ago

Reviewers:
Erik Corry

CC:
v8-dev, Mark Lam

Base URL:
http://v8.googlecode.com/svn/branches/bleeding_edge/

Visibility:
Public.

Description

Fix issue 493: Infinite loop when debug break is set when entering function.apply. In the generated code for function.apply there was a loop checking the stack limit for interruption. This loop would call into the runtime system to handle interuption and keep running until there was no interruption. However if the interuption was debug break the runtime system would never clear the interruption as debug break is prevented in builtins are prevented and the assumption here was that returning with the debug break flag set would move execution forward. Renamed initial_jslimit and initial_climit to real_jslimit and real_climit. Renamed a few external references related to the stack limit as well. Exposed the real stack limit to generated code to make the stack check when entering function.apply use the real stack limit and not the stack limit which is changed to signal interruption. Added the real stack limit to the roots array. BUG=http://code.google.com/p/v8/issues/detail?id=493 TEST=cctest/test-debug/DebugBreakFunctionApply Committed: http://code.google.com/p/v8/source/detail?r=3229

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+208 lines, -174 lines)			Patch
M	src/arm/builtins-arm.cc	View	1 2	1 chunk	+9 lines, -29 lines	0 comments	Download
M	src/arm/regexp-macro-assembler-arm.cc	View		2 chunks	+6 lines, -6 lines	0 comments	Download
M	src/assembler.h	View		1 chunk	+4 lines, -1 line	0 comments	Download
M	src/assembler.cc	View		1 chunk	+6 lines, -1 line	0 comments	Download
M	src/execution.h	View	1 2	4 chunks	+28 lines, -13 lines	0 comments	Download
M	src/execution.cc	View		3 chunks	+13 lines, -14 lines	0 comments	Download
M	src/heap.h	View		2 chunks	+5 lines, -4 lines	0 comments	Download
M	src/heap.cc	View	1 2	1 chunk	+8 lines, -4 lines	0 comments	Download
M	src/ia32/builtins-ia32.cc	View	1 2	1 chunk	+11 lines, -28 lines	0 comments	Download
M	src/ia32/codegen-ia32.cc	View		1 chunk	+3 lines, -3 lines	0 comments	Download
M	src/ia32/fast-codegen-ia32.cc	View		1 chunk	+3 lines, -3 lines	0 comments	Download
M	src/ia32/regexp-macro-assembler-ia32.cc	View		2 chunks	+6 lines, -6 lines	0 comments	Download
M	src/serialize.cc	View		1 chunk	+21 lines, -17 lines	0 comments	Download
M	src/v8.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	src/x64/builtins-x64.cc	View	1 2	1 chunk	+11 lines, -30 lines	0 comments	Download
M	src/x64/regexp-macro-assembler-x64.cc	View		2 chunks	+6 lines, -6 lines	0 comments	Download
M	test/cctest/test-debug.cc	View	1 2	2 chunks	+53 lines, -0 lines	0 comments	Download
M	test/cctest/test-serialize.cc	View		2 chunks	+14 lines, -8 lines	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

Erik Corry

I don't think this works right if a stack overflow happens at the wrong moment. ...

11 years, 1 month ago (2009-11-04 16:42:36 UTC) #2

Søren Thygesen Gjesse

Please take another look. > I don't think this works right if a stack overflow ...

11 years, 1 month ago (2009-11-05 08:56:38 UTC) #3

Please take another look.

> I don't think this works right if a stack overflow
> happens at the wrong moment. The difference between
> sp and the limit will be negative, but then you use
> an unsigned test and no error will occur.

Good catch, changed to use signed comparison (we already did that on ia32 and
x64) and added a comment on that.

> Also, search for the text "Deserializing may put strange
> things in the root array" in v8.cc.  I think the real JS
> limit needs to be set there for snapshots to work with the
> new system.

This should already be addressed - look at the change to v8.cc,
Heap::SetStackLimits() sets the copy of both stack limits in the roots array..

http://codereview.chromium.org/345048/diff/1001/1015
File src/arm/builtins-arm.cc (right):

http://codereview.chromium.org/345048/diff/1001/1015#newcode1037
Line 1037: __ sub(r2, sp, r2);
On 2009/11/04 16:42:37, Erik Corry wrote:
> What if sp is already beyond the stack limit here?  I don't think you can just
> throw all this code away.

Changed the check below to be signed.

http://codereview.chromium.org/345048/diff/1001/1019
File src/execution.h (right):

http://codereview.chromium.org/345048/diff/1001/1019#newcode247
Line 247: // fail. Both the generated code and the runtime system checks against
the
On 2009/11/04 16:42:37, Erik Corry wrote:
> checks -> check

Done.

http://codereview.chromium.org/345048/diff/1001/1004
File src/heap.cc (right):

http://codereview.chromium.org/345048/diff/1001/1004#newcode3463
Line 3463: // This is actually an address, but the tag makes the GC ignore it.
On 2009/11/04 16:42:37, Erik Corry wrote:
> This... should be plural.

Done.

http://codereview.chromium.org/345048/diff/1001/1002
File test/cctest/test-debug.cc (right):

http://codereview.chromium.org/345048/diff/1001/1002#newcode5469
Line 5469: // Test that the dbeug break flag works with function.apply.
On 2009/11/04 16:42:37, Erik Corry wrote:
> dbeug -> debug

Done.

LGTM

Expand Messages | Collapse Messages