AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
b62a7166c7
v8/test/mjsunit/regress/wasm/regress-9017.js
Seth Brenith df8548cd5b Touch guard pages when allocating stack frames 
On Windows, expanding the stack by more than 4 KB at a time can cause
access violations. This change fixes a few known cases (and includes
unit tests for those), and attempts to make stack expansion more
consistent overall by using the AllocateStackSpace helper method
everywhere we can, even when the offset is a small constant.

On arm64, there was already a consistent method for stack pointer
manipulation using the Claim and Drop methods, so Claim is updated to
touch every page.

Bug: v8:9017
Change-Id: I2dbbceeebbdefaf45803e9b621fe83f52234a395
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570666
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61186}
2019-05-02 17:46:18 +00:00

39 lines
1.3 KiB
JavaScript
Raw Blame History

// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --liftoff --nowasm-tier-up
//
// This test is intended to make Liftoff generate code that uses a very large
// stack frame, and then try to call another function (which would write to the
// stack pointer location). On Windows, large frames need extra code to touch
// every page in order, because the OS only leaves a small guard area for the
// stack, and trying to access past that area, even into memory that was
// intentionally reserved for this thread's stack, will crash the program.
load('test/mjsunit/wasm/wasm-module-builder.js');
var builder = new WasmModuleBuilder();
var func_idx = builder.addFunction('helper', kSig_i_v)
.addLocals({i32_count: 1})
.addBody([
kExprI32Const, 0x01,
]).index;
var large_function_body = [];
const num_temporaries = 16 * 1024;
for (let i = 0; i < num_temporaries; ++i) {
large_function_body.push(kExprCallFunction, func_idx);
}
for (let i = 1; i < num_temporaries; ++i) {
large_function_body.push(kExprI32Add);
}
builder.addFunction('test', kSig_i_v)
.addBody(large_function_body)
.exportFunc();
var module = builder.instantiate();
assertEquals(num_temporaries, module.exports.test());
Reference in New Issue View Git Blame Copy Permalink