Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(225)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/builtins/x64/builtins-x64.cc

Issue 2681643004: [builtins] Fix crash on stack overflow in CheckSpreadAndPushToStack. (Closed)
Patch Set: Also fix for x87 port Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/builtins/ia32/builtins-ia32.cc ('k') | src/builtins/x87/builtins-x87.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #if V8_TARGET_ARCH_X64 5 #if V8_TARGET_ARCH_X64
6 6
7 #include "src/code-factory.h" 7 #include "src/code-factory.h"
8 #include "src/codegen.h" 8 #include "src/codegen.h"
9 #include "src/deoptimizer.h" 9 #include "src/deoptimizer.h"
10 #include "src/full-codegen/full-codegen.h" 10 #include "src/full-codegen/full-codegen.h"
(...skipping 2883 matching lines...) Expand 10 before | Expand all | Expand 10 after
2894 __ Pop(rdi); // target 2894 __ Pop(rdi); // target
2895 } 2895 }
2896 2896
2897 { 2897 {
2898 // Calculate the new nargs including the result of the spread. 2898 // Calculate the new nargs including the result of the spread.
2899 __ SmiToInteger32(r9, FieldOperand(rbx, FixedArray::kLengthOffset)); 2899 __ SmiToInteger32(r9, FieldOperand(rbx, FixedArray::kLengthOffset));
2900 2900
2901 __ bind(&push_args); 2901 __ bind(&push_args);
2902 // rax += r9 - 1. Subtract 1 for the spread itself. 2902 // rax += r9 - 1. Subtract 1 for the spread itself.
2903 __ leap(rax, Operand(rax, r9, times_1, -1)); 2903 __ leap(rax, Operand(rax, r9, times_1, -1));
2904
2905 // Pop the return address and spread argument.
2906 __ PopReturnAddressTo(r8);
2907 __ Pop(rcx);
2908 } 2904 }
2909 2905
2910 // Check for stack overflow. 2906 // Check for stack overflow.
2911 { 2907 {
2912 // Check the stack for overflow. We are not trying to catch interruptions 2908 // Check the stack for overflow. We are not trying to catch interruptions
2913 // (i.e. debug break and preemption) here, so check the "real stack limit". 2909 // (i.e. debug break and preemption) here, so check the "real stack limit".
2914 Label done; 2910 Label done;
2915 __ LoadRoot(kScratchRegister, Heap::kRealStackLimitRootIndex); 2911 __ LoadRoot(kScratchRegister, Heap::kRealStackLimitRootIndex);
2916 __ movp(rcx, rsp); 2912 __ movp(rcx, rsp);
2917 // Make rcx the space we have left. The stack might already be overflowed 2913 // Make rcx the space we have left. The stack might already be overflowed
2918 // here which will cause rcx to become negative. 2914 // here which will cause rcx to become negative.
2919 __ subp(rcx, kScratchRegister); 2915 __ subp(rcx, kScratchRegister);
2920 __ sarp(rcx, Immediate(kPointerSizeLog2)); 2916 __ sarp(rcx, Immediate(kPointerSizeLog2));
2921 // Check if the arguments will overflow the stack. 2917 // Check if the arguments will overflow the stack.
2922 __ cmpp(rcx, r9); 2918 __ cmpp(rcx, r9);
2923 __ j(greater, &done, Label::kNear); // Signed comparison. 2919 __ j(greater, &done, Label::kNear); // Signed comparison.
2924 __ TailCallRuntime(Runtime::kThrowStackOverflow); 2920 __ TailCallRuntime(Runtime::kThrowStackOverflow);
2925 __ bind(&done); 2921 __ bind(&done);
2926 } 2922 }
2927 2923
2928 // Put the evaluated spread onto the stack as additional arguments. 2924 // Put the evaluated spread onto the stack as additional arguments.
2929 { 2925 {
2926 // Pop the return address and spread argument.
2927 __ PopReturnAddressTo(r8);
2928 __ Pop(rcx);
2929
2930 __ Set(rcx, 0); 2930 __ Set(rcx, 0);
2931 Label done, loop; 2931 Label done, loop;
2932 __ bind(&loop); 2932 __ bind(&loop);
2933 __ cmpl(rcx, r9); 2933 __ cmpl(rcx, r9);
2934 __ j(equal, &done, Label::kNear); 2934 __ j(equal, &done, Label::kNear);
2935 __ movp(kScratchRegister, FieldOperand(rbx, rcx, times_pointer_size, 2935 __ movp(kScratchRegister, FieldOperand(rbx, rcx, times_pointer_size,
2936 FixedArray::kHeaderSize)); 2936 FixedArray::kHeaderSize));
2937 __ Push(kScratchRegister); 2937 __ Push(kScratchRegister);
2938 __ incl(rcx); 2938 __ incl(rcx);
2939 __ jmp(&loop); 2939 __ jmp(&loop);
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after
3257 void Builtins::Generate_InterpreterOnStackReplacement(MacroAssembler* masm) { 3257 void Builtins::Generate_InterpreterOnStackReplacement(MacroAssembler* masm) {
3258 Generate_OnStackReplacementHelper(masm, true); 3258 Generate_OnStackReplacementHelper(masm, true);
3259 } 3259 }
3260 3260
3261 #undef __ 3261 #undef __
3262 3262
3263 } // namespace internal 3263 } // namespace internal
3264 } // namespace v8 3264 } // namespace v8
3265 3265
3266 #endif // V8_TARGET_ARCH_X64 3266 #endif // V8_TARGET_ARCH_X64
OLDNEW
« no previous file with comments | « src/builtins/ia32/builtins-ia32.cc ('k') | src/builtins/x87/builtins-x87.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698