Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(735)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 17116006: Fix a crash when generating forward jumps to labels at very high assembly offsets (Closed)

Created:
7 years, 6 months ago by Kimmo Kinnunen
Modified:
7 years, 4 months ago
Visibility:
Public.

Description

Fix a crash when generating forward jumps to labels at very high assembly offsets The first jump to a specific label was marked as jump to absolute position -4. This value was stored in the assembly as a branch to a offset (-4 - (instruction offset + 8)). The offset is only 24 bit long on ARM. Thus instruction offsets higher than 2^23 - 12 would overflow the offset. Fix by denoting the first jump to a label by storing the jump instruction location as the target. This will result in offset of -8, which of course always fits in the branch instruction. BUG=v8:2736 TEST=cctest/test-assembler-arm/17 R=bmeurer@chromium.org, svenpanne@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=15997

Patch Set 1 #

Total comments: 2

Patch Set 2 : #

Patch Set 3 : #

Patch Set 4 : #

Total comments: 4

Patch Set 5 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+44 lines, -38 lines) Patch
M AUTHORS View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download
M src/arm/assembler-arm.h View 1 2 3 4 1 chunk +0 lines, -1 line 0 comments Download
M src/arm/assembler-arm.cc View 1 2 3 4 6 chunks +22 lines, -37 lines 0 comments Download
M test/cctest/test-assembler-arm.cc View 1 2 3 4 1 chunk +21 lines, -0 lines 0 comments Download

Messages

Total messages: 8 (0 generated)
Kimmo Kinnunen
There might be a problem with the testcase, it fails in stress 5/5. ============ Stress ...
7 years, 6 months ago (2013-06-18 05:51:45 UTC) #1
Yang
https://codereview.chromium.org/17116006/diff/1/test/mjsunit/big-code-segment.js File test/mjsunit/big-code-segment.js (right): https://codereview.chromium.org/17116006/diff/1/test/mjsunit/big-code-segment.js#newcode1 test/mjsunit/big-code-segment.js:1: // Copyright 2009 the V8 project authors. All rights ...
7 years, 6 months ago (2013-06-25 12:09:46 UTC) #2
Kimmo Kinnunen
The testcase is fairly slow and uses all the memory. Ideas how to improve the ...
7 years, 5 months ago (2013-07-15 12:59:23 UTC) #3
Kimmo Kinnunen
Turned the .js testcase into a cctest
7 years, 5 months ago (2013-07-16 11:49:48 UTC) #4
Benedikt Meurer
LGTM, with nit. https://codereview.chromium.org/17116006/diff/13001/test/cctest/test-assembler-arm.cc File test/cctest/test-assembler-arm.cc (right): https://codereview.chromium.org/17116006/diff/13001/test/cctest/test-assembler-arm.cc#newcode1422 test/cctest/test-assembler-arm.cc:1422: for (size_t i = 0; i ...
7 years, 4 months ago (2013-07-31 11:35:55 UTC) #5
Sven Panne
LGTM if the AUTHORS are changed as proposed. https://codereview.chromium.org/17116006/diff/13001/AUTHORS File AUTHORS (right): https://codereview.chromium.org/17116006/diff/13001/AUTHORS#newcode37 AUTHORS:37: Kimmo ...
7 years, 4 months ago (2013-07-31 13:39:06 UTC) #6
Kimmo Kinnunen
https://codereview.chromium.org/17116006/diff/13001/AUTHORS File AUTHORS (right): https://codereview.chromium.org/17116006/diff/13001/AUTHORS#newcode37 AUTHORS:37: Kimmo Kinnunen <kkinnunen@nvidia.com> On 2013/07/31 13:39:06, Sven Panne wrote: ...
7 years, 4 months ago (2013-08-01 06:06:53 UTC) #7
Benedikt Meurer
7 years, 4 months ago (2013-08-01 08:13:32 UTC) #8
Message was sent while issue was closed. 
Committed patchset #5 manually as r15997 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698