Reviewers: Vitaly, Description: Avoid pushing arguments twice in GenericBinaryOpStub.
Under some conditions (args in registers, non-number arguments passed) GenerateRegisterArgumentsPush was called twice and the stack broke. Please review this at http://codereview.chromium.org/3290012/show SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ Affected files: M src/ia32/code-stubs-ia32.cc Index: src/ia32/code-stubs-ia32.cc =================================================================== --- src/ia32/code-stubs-ia32.cc (revision 5415) +++ src/ia32/code-stubs-ia32.cc (working copy) @@ -1044,12 +1044,13 @@ StringAddStub string_add_left_stub(NO_STRING_CHECK_LEFT_IN_STUB); __ TailCallStub(&string_add_left_stub); + Label call_runtime_with_args; // Left operand is not a string, test right. __ bind(&lhs_not_string); __ test(rhs, Immediate(kSmiTagMask)); - __ j(zero, &call_runtime); + __ j(zero, &call_runtime_with_args); __ CmpObjectType(rhs, FIRST_NONSTRING_TYPE, ecx); - __ j(above_equal, &call_runtime); + __ j(above_equal, &call_runtime_with_args); StringAddStub string_add_right_stub(NO_STRING_CHECK_RIGHT_IN_STUB); __ TailCallStub(&string_add_right_stub); @@ -1059,6 +1060,7 @@ if (HasArgsInRegisters()) { GenerateRegisterArgsPush(masm); } + __ bind(&call_runtime_with_args); __ InvokeBuiltin(Builtins::ADD, JUMP_FUNCTION); break; } -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev
