| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if V8_TARGET_ARCH_IA32 | 5 #if V8_TARGET_ARCH_IA32 |
| 6 | 6 |
| 7 #include "src/code-factory.h" | 7 #include "src/code-factory.h" |
| 8 #include "src/codegen.h" | 8 #include "src/codegen.h" |
| 9 #include "src/deoptimizer.h" | 9 #include "src/deoptimizer.h" |
| 10 #include "src/full-codegen/full-codegen.h" | 10 #include "src/full-codegen/full-codegen.h" |
| (...skipping 2824 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2835 __ mov(spread, eax); | 2835 __ mov(spread, eax); |
| 2836 __ Pop(argc); | 2836 __ Pop(argc); |
| 2837 __ SmiUntag(argc); | 2837 __ SmiUntag(argc); |
| 2838 __ Pop(edx); | 2838 __ Pop(edx); |
| 2839 __ Pop(edi); | 2839 __ Pop(edi); |
| 2840 // Free up some registers. | 2840 // Free up some registers. |
| 2841 __ movd(xmm0, edx); | 2841 __ movd(xmm0, edx); |
| 2842 __ movd(xmm1, edi); | 2842 __ movd(xmm1, edi); |
| 2843 } | 2843 } |
| 2844 | 2844 |
| 2845 Register return_address = edi; | |
| 2846 { | 2845 { |
| 2847 // Calculate the new nargs including the result of the spread. | 2846 // Calculate the new nargs including the result of the spread. |
| 2848 __ mov(spread_len, FieldOperand(spread, FixedArray::kLengthOffset)); | 2847 __ mov(spread_len, FieldOperand(spread, FixedArray::kLengthOffset)); |
| 2849 __ SmiUntag(spread_len); | 2848 __ SmiUntag(spread_len); |
| 2850 | 2849 |
| 2851 __ bind(&push_args); | 2850 __ bind(&push_args); |
| 2852 // argc += spread_len - 1. Subtract 1 for the spread itself. | 2851 // argc += spread_len - 1. Subtract 1 for the spread itself. |
| 2853 __ lea(argc, Operand(argc, spread_len, times_1, -1)); | 2852 __ lea(argc, Operand(argc, spread_len, times_1, -1)); |
| 2854 | |
| 2855 // Pop the return address and spread argument. | |
| 2856 __ PopReturnAddressTo(return_address); | |
| 2857 __ Pop(scratch); | |
| 2858 } | 2853 } |
| 2859 | 2854 |
| 2860 // Check for stack overflow. | 2855 // Check for stack overflow. |
| 2861 { | 2856 { |
| 2862 // Check the stack for overflow. We are not trying to catch interruptions | 2857 // Check the stack for overflow. We are not trying to catch interruptions |
| 2863 // (i.e. debug break and preemption) here, so check the "real stack limit". | 2858 // (i.e. debug break and preemption) here, so check the "real stack limit". |
| 2864 Label done; | 2859 Label done; |
| 2865 __ LoadRoot(scratch, Heap::kRealStackLimitRootIndex); | 2860 __ LoadRoot(scratch, Heap::kRealStackLimitRootIndex); |
| 2866 // Make scratch the space we have left. The stack might already be | 2861 // Make scratch the space we have left. The stack might already be |
| 2867 // overflowed here which will cause scratch to become negative. | 2862 // overflowed here which will cause scratch to become negative. |
| 2868 __ neg(scratch); | 2863 __ neg(scratch); |
| 2869 __ add(scratch, esp); | 2864 __ add(scratch, esp); |
| 2870 __ sar(scratch, kPointerSizeLog2); | 2865 __ sar(scratch, kPointerSizeLog2); |
| 2871 // Check if the arguments will overflow the stack. | 2866 // Check if the arguments will overflow the stack. |
| 2872 __ cmp(scratch, spread_len); | 2867 __ cmp(scratch, spread_len); |
| 2873 __ j(greater, &done, Label::kNear); // Signed comparison. | 2868 __ j(greater, &done, Label::kNear); // Signed comparison. |
| 2874 __ TailCallRuntime(Runtime::kThrowStackOverflow); | 2869 __ TailCallRuntime(Runtime::kThrowStackOverflow); |
| 2875 __ bind(&done); | 2870 __ bind(&done); |
| 2876 } | 2871 } |
| 2877 | 2872 |
| 2878 // Put the evaluated spread onto the stack as additional arguments. | 2873 // Put the evaluated spread onto the stack as additional arguments. |
| 2879 { | 2874 { |
| 2875 Register return_address = edi; |
| 2876 // Pop the return address and spread argument. |
| 2877 __ PopReturnAddressTo(return_address); |
| 2878 __ Pop(scratch); |
| 2879 |
| 2880 Register scratch2 = esi; | 2880 Register scratch2 = esi; |
| 2881 __ movd(xmm2, esi); | 2881 __ movd(xmm2, esi); |
| 2882 | 2882 |
| 2883 __ mov(scratch, Immediate(0)); | 2883 __ mov(scratch, Immediate(0)); |
| 2884 Label done, loop; | 2884 Label done, loop; |
| 2885 __ bind(&loop); | 2885 __ bind(&loop); |
| 2886 __ cmp(scratch, spread_len); | 2886 __ cmp(scratch, spread_len); |
| 2887 __ j(equal, &done, Label::kNear); | 2887 __ j(equal, &done, Label::kNear); |
| 2888 __ mov(scratch2, FieldOperand(spread, scratch, times_pointer_size, | 2888 __ mov(scratch2, FieldOperand(spread, scratch, times_pointer_size, |
| 2889 FixedArray::kHeaderSize)); | 2889 FixedArray::kHeaderSize)); |
| (...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3363 | 3363 |
| 3364 void Builtins::Generate_InterpreterOnStackReplacement(MacroAssembler* masm) { | 3364 void Builtins::Generate_InterpreterOnStackReplacement(MacroAssembler* masm) { |
| 3365 Generate_OnStackReplacementHelper(masm, true); | 3365 Generate_OnStackReplacementHelper(masm, true); |
| 3366 } | 3366 } |
| 3367 | 3367 |
| 3368 #undef __ | 3368 #undef __ |
| 3369 } // namespace internal | 3369 } // namespace internal |
| 3370 } // namespace v8 | 3370 } // namespace v8 |
| 3371 | 3371 |
| 3372 #endif // V8_TARGET_ARCH_IA32 | 3372 #endif // V8_TARGET_ARCH_IA32 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2681643004:
[builtins] Fix crash on stack overflow in CheckSpreadAndPushToStack. (Closed)
