src/ia32/builtins-ia32.cc - Issue 215853005: Check stack limit in ArgumentAdaptorTrampoline.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/ia32/builtins-ia32.cc

Issue 215853005: Check stack limit in ArgumentAdaptorTrampoline. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: rebase Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Index: src/ia32/builtins-ia32.cc

diff --git a/src/ia32/builtins-ia32.cc b/src/ia32/builtins-ia32.cc

index 785c5fd61c219e1d87555f21c0d084e4f9d3a7a6..61c3f23cb0a14079491cae93ae02e86e858bbc14 100644

--- a/src/ia32/builtins-ia32.cc

+++ b/src/ia32/builtins-ia32.cc

@@ -1252,6 +1252,33 @@ void Builtins::Generate_StringConstructCode(MacroAssembler* masm) {

}

+static void ArgumentsAdaptorStackCheck(MacroAssembler* masm,

+ Label* stack_overflow) {

+ // ----------- S t a t e -------------

+ // -- eax : actual number of arguments

+ // -- ebx : expected number of arguments

+ // -- edi : function (passed through to callee)

+ // -----------------------------------

+ // Check the stack for overflow. We are not trying to catch

+ // interruptions (e.g. debug break and preemption) here, so the "real stack

+ // limit" is checked.

+ ExternalReference real_stack_limit =

+ ExternalReference::address_of_real_stack_limit(masm->isolate());

+ __ mov(edx, Operand::StaticVariable(real_stack_limit));

+ // Make ecx the space we have left. The stack might already be overflowed

+ // here which will cause ecx to become negative.

+ __ mov(ecx, esp);

+ __ sub(ecx, edx);

+ // Make edx the space we need for the array when it is unrolled onto the

+ // stack.

+ __ mov(edx, ebx);

+ __ shl(edx, kPointerSizeLog2);

+ // Check if the arguments will overflow the stack.

+ __ cmp(ecx, edx);

+ __ j(less_equal, stack_overflow); // Signed comparison.

static void EnterArgumentsAdaptorFrame(MacroAssembler* masm) {

__ push(ebp);

__ mov(ebp, esp);

@@ -1296,6 +1323,9 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

Label invoke, dont_adapt_arguments;

__ IncrementCounter(masm->isolate()->counters()->arguments_adaptors(), 1);

+ Label stack_overflow;

+ ArgumentsAdaptorStackCheck(masm, &stack_overflow);

Label enough, too_few;

__ mov(edx, FieldOperand(edi, JSFunction::kCodeEntryOffset));

__ cmp(eax, ebx);

@@ -1370,6 +1400,10 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

// -------------------------------------------

__ bind(&dont_adapt_arguments);

__ jmp(edx);

+ __ bind(&stack_overflow);

+ EnterArgumentsAdaptorFrame(masm);

+ __ InvokeBuiltin(Builtins::STACK_OVERFLOW, JUMP_FUNCTION);

Michael Starzinger 2014/04/08 11:58:40 The assumption is that this invocation never retur

ulan 2014/04/08 14:00:56 Done.

}

« no previous file with comments | « src/builtins.h ('k') | src/runtime.js » ('j') | src/runtime.js » ('J')