Fix issue 493: Infinite loop when debug break is set when entering function.apply

src/x64/builtins-x64.cc

 // Copyright 2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 302 matching lines @@
   // rbp[2]: function arguments
   // rbp[3]: receiver
   // rbp[4]: function
   static const int kArgumentsOffset = 2 * kPointerSize;
   static const int kReceiverOffset = 3 * kPointerSize;
   static const int kFunctionOffset = 4 * kPointerSize;
   __ push(Operand(rbp, kFunctionOffset));
   __ push(Operand(rbp, kArgumentsOffset));
   __ InvokeBuiltin(Builtins::APPLY_PREPARE, CALL_FUNCTION);
 
-  // Check the stack for overflow or a break request.
-  // We need to catch preemptions right here, otherwise an unlucky preemption
-  // could show up as a failed apply.
-  Label retry_preemption;
-  Label no_preemption;
-  __ bind(&retry_preemption);
-  ExternalReference stack_guard_limit =
-      ExternalReference::address_of_stack_guard_limit();
-  __ movq(kScratchRegister, stack_guard_limit);
+  // Check the stack for overflow. We are not trying need to catch
+  // interruptions (e.g. debug break and preemption) here, so the "real stack
+  // limit" is checked.
+  Label okay;
+  __ LoadRoot(kScratchRegister, Heap::kRealStackLimitRootIndex);
   __ movq(rcx, rsp);
-  __ subq(rcx, Operand(kScratchRegister, 0));
-  // rcx contains the difference between the stack limit and the stack top.
-  // We use it below to check that there is enough room for the arguments.
-  __ j(above, &no_preemption);
-
-  // Preemption!
-  // Because runtime functions always remove the receiver from the stack, we
-  // have to fake one to avoid underflowing the stack.
-  __ push(rax);
-  __ Push(Smi::FromInt(0));
-
-  // Do call to runtime routine.
-  __ CallRuntime(Runtime::kStackGuard, 1);
-  __ pop(rax);
-  __ jmp(&retry_preemption);
-
-  __ bind(&no_preemption);
-
-  Label okay;
+  // Make rcx the space we have left. The stack might already be overflowed
+  // here which will cause rcx to become negative.
+  __ subq(rcx, kScratchRegister);
   // Make rdx the space we need for the array when it is unrolled onto the
   // stack.
   __ PositiveSmiTimesPowerOfTwoToInteger64(rdx, rax, kPointerSizeLog2);
+  // Check if the arguments will overflow the stack.
   __ cmpq(rcx, rdx);
-  __ j(greater, &okay);
+  __ j(greater, &okay);  // Signed comparison.
 
-  // Too bad: Out of stack space.
+  // Out of stack space.
   __ push(Operand(rbp, kFunctionOffset));
   __ push(rax);
   __ InvokeBuiltin(Builtins::APPLY_OVERFLOW, CALL_FUNCTION);
   __ bind(&okay);
   // End of stack check.
 
   // Push current index and limit.
   const int kLimitOffset =
       StandardFrameConstants::kExpressionsOffset - 1 * kPointerSize;
   const int kIndexOffset = kLimitOffset - 1 * kPointerSize;
@@ skipping 896 matching lines @@
 void Builtins::Generate_JSEntryTrampoline(MacroAssembler* masm) {
   Generate_JSEntryTrampolineHelper(masm, false);
 }
 
 
 void Builtins::Generate_JSConstructEntryTrampoline(MacroAssembler* masm) {
   Generate_JSEntryTrampolineHelper(masm, true);
 }
 
 } }  // namespace v8::internal