Reviewers: jarin,
Description:
Check stack size before pushing many arguments.
[email protected]
BUG=chromium:454703
LOG=N
Please review this at https://codereview.chromium.org/939633002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+20, -9 lines):
M src/arm/full-codegen-arm.cc
M src/full-codegen.h
Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index
885f3ba2759493b761341418ca03e3b12a5f3023..b5d160b8ea173b2675fd22eb0c320cdc260c6d6c
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -155,15 +155,7 @@ void FullCodeGenerator::Generate() {
// Generators allocate locals, if any, in context slots.
DCHECK(!IsGeneratorFunction(info->function()->kind()) || locals_count
== 0);
if (locals_count > 0) {
- if (locals_count >= 128) {
- Label ok;
- __ sub(r9, sp, Operand(locals_count * kPointerSize));
- __ LoadRoot(r2, Heap::kRealStackLimitRootIndex);
- __ cmp(r9, Operand(r2));
- __ b(hs, &ok);
- __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
- __ bind(&ok);
- }
+ EmitPreemptiveStackCheck(locals_count);
__ LoadRoot(r9, Heap::kUndefinedValueRootIndex);
int kMaxPushes = FLAG_optimize_for_size ? 4 : 32;
if (locals_count >= kMaxPushes) {
@@ -3035,6 +3027,9 @@ void FullCodeGenerator::EmitCall(Call* expr,
CallICState::CallType call_type) {
// Load the arguments.
ZoneList<Expression*>* args = expr->arguments();
int arg_count = args->length();
+
+ EmitPreemptiveStackCheck(arg_count);
+
{ PreservePositionScope scope(masm()->positions_recorder());
for (int i = 0; i < arg_count; i++) {
VisitForStackValue(args->at(i));
@@ -5216,6 +5211,19 @@ void
FullCodeGenerator::EmitLiteralCompareNil(CompareOperation* expr,
}
+void FullCodeGenerator::EmitPreemptiveStackCheck(int required_stack_size) {
+ if (required_stack_size >= 128) {
+ Label ok;
+ __ sub(r9, sp, Operand(required_stack_size * kPointerSize));
+ __ LoadRoot(r2, Heap::kRealStackLimitRootIndex);
+ __ cmp(r9, Operand(r2));
+ __ b(hs, &ok);
+ __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
+ __ bind(&ok);
+ }
+}
+
+
void FullCodeGenerator::VisitThisFunction(ThisFunction* expr) {
__ ldr(r0, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
context()->Plug(r0);
Index: src/full-codegen.h
diff --git a/src/full-codegen.h b/src/full-codegen.h
index
186f282a432373f866dbb7a89c271ff519176479..edde93baaf73f2023ab8385960b3d727d6df619c
100644
--- a/src/full-codegen.h
+++ b/src/full-codegen.h
@@ -433,6 +433,9 @@ class FullCodeGenerator: public AstVisitor {
Expression* sub_expr,
NilValue nil);
+ // Check whether the stack is going to be large enough before pushing.
+ void EmitPreemptiveStackCheck(int required_stack_size);
+
// Bailout support.
void PrepareForBailout(Expression* node, State state);
void PrepareForBailoutForId(BailoutId id, State state);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
