JSEntryTrampoline: check for stack space before pushing arguments

src/arm64/builtins-arm64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_ARM64
 
 #include "src/codegen.h"
 #include "src/debug.h"
@@ skipping 781 matching lines @@
 
     // Leave construct frame
   }
 
   __ DropBySMI(x1);
   __ Drop(1);
   __ Ret();
 }
 
 
+enum IsTagged { kArgcIsSmiTagged, kArgcIsUntaggedInt };
+
+
+// Clobbers x10, x15; preserves all other registers.
+static void Generate_CheckStackOverflow(MacroAssembler* masm,
+                                        const int calleeOffset, Register argc,
+                                        IsTagged argc_is_tagged) {
+  Register function = x15;
+
+  // Check the stack for overflow.
+  // We are not trying to catch interruptions (e.g. debug break and
+  // preemption) here, so the "real stack limit" is checked.
+  Label enough_stack_space;
+  __ LoadRoot(x10, Heap::kRealStackLimitRootIndex);
+  __ Ldr(function, MemOperand(fp, calleeOffset));
+  // Make x10 the space we have left. The stack might already be overflowed
+  // here which will cause x10 to become negative.
+  // TODO(jbramley): Check that the stack usage here is safe.
+  __ Sub(x10, jssp, x10);
+  // Check if the arguments will overflow the stack.
+  if (argc_is_tagged == kArgcIsSmiTagged) {
+    __ Cmp(x10, Operand::UntagSmiAndScale(argc, kPointerSizeLog2));
+  } else {
+    DCHECK(argc_is_tagged == kArgcIsUntaggedInt);
+    __ Cmp(x10, Operand(argc, LSL, kPointerSizeLog2));
+  }
+  __ B(gt, &enough_stack_space);
+  // There is not enough stack space, so use a builtin to throw an appropriate
+  // error.
+  __ Push(function, argc);
+  __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
+  // We should never return from the APPLY_OVERFLOW builtin.
+  if (__ emit_debug_code()) {
+    __ Unreachable();
+  }
+
+  __ Bind(&enough_stack_space);
+}
+
+
 // Input:
 //   x0: code entry.
 //   x1: function.
 //   x2: receiver.
 //   x3: argc.
 //   x4: argv.
 // Output:
 //   x0: result.
 static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
                                              bool is_construct) {
@@ skipping 13 matching lines @@
     FrameScope scope(masm, StackFrame::INTERNAL);
 
     // Set up the context from the function argument.
     __ Ldr(cp, FieldMemOperand(function, JSFunction::kContextOffset));
 
     __ InitializeRootRegister();
 
     // Push the function and the receiver onto the stack.
     __ Push(function, receiver);
 
+    // Check if we have enough stack space to push all arguments.
+    // The function is the first thing that was pushed above after entering
+    // the internal frame.
+    const int kFunctionOffset =
+        InternalFrameConstants::kCodeOffset - kPointerSize;
+    // Expects argument count in eax. Clobbers ecx, edx, edi.
+    Generate_CheckStackOverflow(masm, kFunctionOffset, argc,
+                                kArgcIsUntaggedInt);
+
     // Copy arguments to the stack in a loop, in reverse order.
     // x3: argc.
     // x4: argv.
     Label loop, entry;
     // Compute the copy end address.
     __ Add(x10, argv, Operand(argc, LSL, kPointerSizeLog2));
 
     __ B(&entry);
     __ Bind(&loop);
     __ Ldr(x11, MemOperand(argv, kPointerSize, PostIndex));
@@ skipping 472 matching lines @@
   __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
           RelocInfo::CODE_TARGET);
   __ Bind(&dont_adapt_args);
 
   __ Ldr(x3, FieldMemOperand(function, JSFunction::kCodeEntryOffset));
   ParameterCount expected(0);
   __ InvokeCode(x3, expected, expected, JUMP_FUNCTION, NullCallWrapper());
 }
 
 
-static void Generate_CheckStackOverflow(MacroAssembler* masm,
-                                        const int calleeOffset) {
-  Register argc = x0;
-  Register function = x15;
-
-  // Check the stack for overflow.
-  // We are not trying to catch interruptions (e.g. debug break and
-  // preemption) here, so the "real stack limit" is checked.
-  Label enough_stack_space;
-  __ LoadRoot(x10, Heap::kRealStackLimitRootIndex);
-  __ Ldr(function, MemOperand(fp, calleeOffset));
-  // Make x10 the space we have left. The stack might already be overflowed
-  // here which will cause x10 to become negative.
-  // TODO(jbramley): Check that the stack usage here is safe.
-  __ Sub(x10, jssp, x10);
-  // Check if the arguments will overflow the stack.
-  __ Cmp(x10, Operand::UntagSmiAndScale(argc, kPointerSizeLog2));
-  __ B(gt, &enough_stack_space);
-  // There is not enough stack space, so use a builtin to throw an appropriate
-  // error.
-  __ Push(function, argc);
-  __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
-  // We should never return from the APPLY_OVERFLOW builtin.
-  if (__ emit_debug_code()) {
-    __ Unreachable();
-  }
-
-  __ Bind(&enough_stack_space);
-}
-
-
 static void Generate_PushAppliedArguments(MacroAssembler* masm,
                                           const int argumentsOffset,
                                           const int indexOffset,
                                           const int limitOffset) {
   Label entry, loop;
   Register current = x0;
   __ Ldr(current, MemOperand(fp, indexOffset));
   __ B(&entry);
 
   __ Bind(&loop);
@@ skipping 47 matching lines @@
     __ Ldr(function, MemOperand(fp, kFunctionOffset));
     __ Ldr(args, MemOperand(fp, kArgumentsOffset));
     __ Push(function, args);
     if (targetIsArgument) {
       __ InvokeBuiltin(Builtins::REFLECT_APPLY_PREPARE, CALL_FUNCTION);
     } else {
       __ InvokeBuiltin(Builtins::APPLY_PREPARE, CALL_FUNCTION);
     }
     Register argc = x0;
 
-    Generate_CheckStackOverflow(masm, kFunctionOffset);
+    Generate_CheckStackOverflow(masm, kFunctionOffset, argc, kArgcIsSmiTagged);
 
     // Push current limit and index.
     __ Mov(x1, 0);  // Initial index.
     __ Push(argc, x1);
 
     Label push_receiver;
     __ Ldr(receiver, MemOperand(fp, kReceiverOffset));
 
     // Check that the function is a JS function. Otherwise it must be a proxy.
     // When it is not the function proxy will be invoked later.
@@ skipping 106 matching lines @@
 
     // Validate arguments
     __ Bind(&validate_arguments);
     __ Ldr(function, MemOperand(fp, kFunctionOffset));
     __ Ldr(args, MemOperand(fp, kArgumentsOffset));
     __ Ldr(newTarget, MemOperand(fp, kNewTargetOffset));
     __ Push(function, args, newTarget);
     __ InvokeBuiltin(Builtins::REFLECT_CONSTRUCT_PREPARE, CALL_FUNCTION);
     Register argc = x0;
 
-    Generate_CheckStackOverflow(masm, kFunctionOffset);
+    Generate_CheckStackOverflow(masm, kFunctionOffset, argc, kArgcIsSmiTagged);
 
     // Push current limit and index, constructor & newTarget
     __ Mov(x1, 0);  // Initial index.
     __ Ldr(newTarget, MemOperand(fp, kNewTargetOffset));
     __ Push(argc, x1, newTarget, function);
 
     // Copy all arguments from the array to the stack.
     Generate_PushAppliedArguments(
         masm, kArgumentsOffset, kIndexOffset, kLimitOffset);
 
@@ skipping 215 matching lines @@
     __ Unreachable();
   }
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_ARM