ARM simulator needs a StackCheck in GetPropertyWithDefinedGetter.

Because simulators have a seperate JavaScript and C++ stack, and because they try to avoid calling the runtime StackCheck function on entry to every function, it can happen in recursive calls that the C++ stack overflows while the JavaScript stack is okay. The runtime StackCheck function would catch this, but as an optimization, generated code only looks at the JavaScript stack pointer to determine if it should make that runtime call. R=ulan@chromium.org BUG= Review URL: https://codereview.chromium.org/1050433002 Cr-Commit-Position: refs/heads/master@{#27533}
2015-03-31 03:37:34 -07:00 · 2015-03-31 03:37:34 -07:00 · 9c3f53d708
commit 9c3f53d708
parent 93e817e50b
1 changed files with 15 additions and 0 deletions
--- a/src/objects.cc
+++ b/src/objects.cc
@ -406,6 +406,21 @@ MaybeHandle<Object> Object::GetPropertyWithDefinedGetter(
    Handle<Object> receiver,
    Handle<JSReceiver> getter) {
  Isolate* isolate = getter->GetIsolate();
+
+  // Platforms with simulators like arm/arm64 expose a funny issue. If the
+  // simulator has a separate JS stack pointer from the C++ stack pointer, it
+  // can miss C++ stack overflows in the stack guard at the start of JavaScript
+  // functions. It would be very expensive to check the C++ stack pointer at
+  // that location. The best solution seems to be to break the impasse by
+  // adding checks at possible recursion points. What's more, we don't put
+  // this stack check behind the USE_SIMULATOR define in order to keep
+  // behavior the same between hardware and simulators.
+  StackLimitCheck check(isolate);
+  if (check.JsHasOverflowed()) {
+    isolate->StackOverflow();
+    return MaybeHandle<Object>();
+  }
+
  Debug* debug = isolate->debug();
  // Handle stepping into a getter if step into is active.
  // TODO(rossberg): should this apply to getters that are function proxies?