Make Simulator respect C stack limits as well.

src/arm/simulator-arm.h

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 
 // Declares a Simulator for ARM instructions if we are not generating a native
 // ARM binary. This Simulator allows us to run and debug ARM code generation on
 // regular desktop machines.
 // V8 calls into generated code by "calling" the CALL_GENERATED_CODE macro,
 // which will start execution in the Simulator or forwards to the real entry
@@ skipping 163 matching lines @@
   }
 
   int get_sinteger_from_s_register(int sreg) {
     return GetFromVFPRegister<int, 1>(sreg);
   }
 
   // Special case of set_register and get_register to access the raw PC value.
   void set_pc(int32_t value);
   int32_t get_pc() const;
 
-  Address get_sp() {
+  Address get_sp() const {
     return reinterpret_cast<Address>(static_cast<intptr_t>(get_register(sp)));
   }
 
   // Accessor to the internal simulator stack area.
-  uintptr_t StackLimit() const;
+  uintptr_t StackLimit(uintptr_t c_limit) const;
 
   // Executes ARM instructions until the PC reaches end_sim_pc.
   void Execute();
 
   // Call on program start.
   static void Initialize(Isolate* isolate);
 
   static void TearDown(HashMap* i_cache, Redirection* first);
 
   // V8 generally calls into generated JS code with 5 parameters and into
@@ skipping 232 matching lines @@
 #define CALL_GENERATED_FP_INT(entry, p0, p1) \
   Simulator::current(Isolate::Current())->CallFPReturnsInt( \
       FUNCTION_ADDR(entry), p0, p1)
 
 #define CALL_GENERATED_REGEXP_CODE(entry, p0, p1, p2, p3, p4, p5, p6, p7, p8) \
   Simulator::current(Isolate::Current())->Call( \
       entry, 10, p0, p1, p2, p3, NULL, p4, p5, p6, p7, p8)
 
 
 // The simulator has its own stack. Thus it has a different stack limit from
-// the C-based native code.  Setting the c_limit to indicate a very small
-// stack cause stack overflow errors, since the simulator ignores the input.
-// This is unlikely to be an issue in practice, though it might cause testing

[Michael Starzinger, 2015/08/24 13:46:31]

You claim this to unlikely be an issue in practice. The subsequent explosions on
ClusterFuzz over the last week proof that to be lie. :)

-// trouble down the line.
+// the C-based native code.  The JS-based limit normally points near the end of
+// the simulator stack.  When the C-based limit is exhausted we reflect that by
+// lowering the JS-based limit as well, to make stack checks trigger.
 class SimulatorStack : public v8::internal::AllStatic {
  public:
   static inline uintptr_t JsLimitFromCLimit(v8::internal::Isolate* isolate,
                                             uintptr_t c_limit) {
-    return Simulator::current(isolate)->StackLimit();
+    return Simulator::current(isolate)->StackLimit(c_limit);
   }
 
   static inline uintptr_t RegisterCTryCatch(uintptr_t try_catch_address) {
     Simulator* sim = Simulator::current(Isolate::Current());
     return sim->PushAddress(try_catch_address);
   }
 
   static inline void UnregisterCTryCatch() {
     Simulator::current(Isolate::Current())->PopAddress();
   }
 };
 
 } }  // namespace v8::internal
 
 #endif  // !defined(USE_SIMULATOR)
 #endif  // V8_ARM_SIMULATOR_ARM_H_