Reviewers: ulan,
Message:
Hi Ulan, PTAL, thanks for the help!
--Michael
Description:
ARM simulator needs a StackCheck in GetPropertyWithDefinedGetter.
Because simulators have a seperate JavaScript and C++ stack, and
because they try to avoid calling the runtime StackCheck function
on entry to every function, it can happen in recursive calls that
the C++ stack overflows while the JavaScript stack is okay. The
runtime StackCheck function would catch this, but as an optimization,
generated code only looks at the JavaScript stack pointer to
determine if it should make that runtime call.
[email protected]
BUG=
Please review this at https://codereview.chromium.org/1050433002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+15, -0 lines):
M src/objects.cc
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
83cc99546369aaea67b8cfad23e371f590f92295..41960e65862f495dd11ab37b653a74cf039c676e
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -406,6 +406,21 @@ MaybeHandle<Object>
Object::GetPropertyWithDefinedGetter(
Handle<Object> receiver,
Handle<JSReceiver> getter) {
Isolate* isolate = getter->GetIsolate();
+
+ // Platforms with simulators like arm/arm64 expose a funny issue. If the
+ // simulator has a separate JS stack pointer from the C++ stack pointer,
it
+ // can miss C++ stack overflows in the stack guard at the start of
JavaScript
+ // functions. It would be very expensive to check the C++ stack pointer
at
+ // that location. The best solution seems to be to break the impasse by
+ // adding checks at possible recursion points. What's more, we don't put
+ // this stack check behind the USE_SIMULATOR define in order to keep
+ // behavior the same between hardware and simulators.
+ StackLimitCheck check(isolate);
+ if (check.JsHasOverflowed()) {
+ isolate->StackOverflow();
+ return MaybeHandle<Object>();
+ }
+
Debug* debug = isolate->debug();
// Handle stepping into a getter if step into is active.
// TODO(rossberg): should this apply to getters that are function
proxies?
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
