AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[Interpreter] Fixes PushArgsAndConstruct builtin to not store any data outside esp.

Browse Source 
In ia32 PushArgsAndConstruct builtin, we run out of registers and need to
temporarily store the data in the stack. In the earlier implementation,
a location outside the esp was used. This causes a problem if there is a
interrupt/signals which would use the same stack and corrupt the data that
is above the esp. This cl fixes it by pushing it onto the stack so that
the stack pointer is updated and hence the corruption will not happen. We
reuse the slot meant for receiver as a temporary store.

TBR=rmcilroy@chromium.org
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1750373002

Cr-Commit-Position: refs/heads/master@{#34397}
This commit is contained in:
mythria 2016-03-01 07:19:24 -08:00 committed by Commit bot
parent 4af7757fdf
commit dbf5fffd2d
2 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/ia32/builtins-ia32.cc
View File

@ -602,27 +602,24 @@ void Builtins::Generate_InterpreterPushArgsAndConstruct(MacroAssembler* masm) {
// they are to be pushed onto the stack. // they are to be pushed onto the stack.
// ----------------------------------- // -----------------------------------
// Save number of arguments on the stack below where arguments are going
// to be pushed.
__ mov(ecx, eax);
__ neg(ecx);
__ mov(Operand(esp, ecx, times_pointer_size, -kPointerSize), eax);
__ mov(eax, ecx);
// Pop return address to allow tail-call after pushing arguments. // Pop return address to allow tail-call after pushing arguments.
__ Pop(ecx); __ Pop(ecx);
// Push edi in the slot meant for receiver. We need an extra register
// so store edi temporarily on stack.
__ Push(edi);
// Find the address of the last argument. // Find the address of the last argument.
__ shl(eax, kPointerSizeLog2); __ mov(edi, eax);
__ add(eax, ebx); __ neg(edi);
__ shl(edi, kPointerSizeLog2);
__ add(edi, ebx);
// Push padding for receiver. Generate_InterpreterPushArgs(masm, edi);
__ Push(Immediate(0));
Generate_InterpreterPushArgs(masm, eax); // Restore the constructor from slot on stack. It was pushed at the slot
// meant for receiver.
// Restore number of arguments from slot on stack. __ mov(edi, Operand(esp, eax, times_pointer_size, 0));
__ mov(eax, Operand(esp, -kPointerSize));
// Re-push return address. // Re-push return address.
__ Push(ecx); __ Push(ecx);

2
test/cctest/cctest.status
View File

@ -558,8 +558,6 @@
'test-run-inlining/InlineTwice': [FAIL], 'test-run-inlining/InlineTwice': [FAIL],
'test-serialize/SerializeInternalReference': [FAIL, ['arch == arm or arch == arm64', PASS]], 'test-serialize/SerializeInternalReference': [FAIL, ['arch == arm or arch == arm64', PASS]],
# TODO(mythria,4680): This is flaky for ia32. Sometimes crashes. Skipping for now.
'test-cpu-profiler/SampleWhenFrameIsNotSetup': [SKIP],
}], # ignition == True }], # ignition == True
] ]