[turbofan] Fix a stack overflow on too many nested bound functions

The stack overflow used to occur when too many bound functions are nested. The CL also adds a regression test. Bug: chromium:1226264 Change-Id: I34329d8392d2385207dbd9a8d3188ad4f7cb3c2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011161 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75640}
2021-07-08 14:26:24 +02:00 · 2021-07-08 14:26:24 +02:00 · 742873c652
commit 742873c652
parent 2e64add939
2 changed files with 20 additions and 0 deletions
--- a/src/compiler/js-call-reducer.cc
+++ b/src/compiler/js-call-reducer.cc
@ -4935,6 +4935,8 @@ Reduction JSCallReducer::ReduceJSCallWithSpread(Node* node) {
 }

 Reduction JSCallReducer::ReduceJSConstruct(Node* node) {
+  if (broker()->StackHasOverflowed()) return NoChange();
+
  JSConstructNode n(node);
  ConstructParameters const& p = n.Parameters();
  int arity = p.arity_without_implicit_args();
--- a/test/mjsunit/compiler/regress-crbug-1226264.js
+++ b/test/mjsunit/compiler/regress-crbug-1226264.js
@ -0,0 +1,18 @@
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function foo() {
+};
+for (var i = 0; i < 40000; i++) {
+  foo = foo.bind();
+}
+function bar() {
+  new foo();
+};
+%PrepareFunctionForOptimization(bar);
+bar();
+%OptimizeFunctionOnNextCall(bar);
+bar();