[turbofan] Fix a stack overflow on too many nested bound functions

The stack overflow used to occur when too many bound functions
are nested. The CL also adds a regression test.

Bug: chromium:1226264
Change-Id: I34329d8392d2385207dbd9a8d3188ad4f7cb3c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011161
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75640}
This commit is contained in:
Maya Lekova 2021-07-08 14:26:24 +02:00 committed by V8 LUCI CQ
parent 2e64add939
commit 742873c652
2 changed files with 20 additions and 0 deletions

View File

@ -4935,6 +4935,8 @@ Reduction JSCallReducer::ReduceJSCallWithSpread(Node* node) {
}
Reduction JSCallReducer::ReduceJSConstruct(Node* node) {
if (broker()->StackHasOverflowed()) return NoChange();
JSConstructNode n(node);
ConstructParameters const& p = n.Parameters();
int arity = p.arity_without_implicit_args();

View File

@ -0,0 +1,18 @@
// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function foo() {
};
for (var i = 0; i < 40000; i++) {
foo = foo.bind();
}
function bar() {
new foo();
};
%PrepareFunctionForOptimization(bar);
bar();
%OptimizeFunctionOnNextCall(bar);
bar();