-
Ng Zhi An authored
In https://crrev.com/c/2645694 we push the full q registers before lazy compile, but we did not change the fixed frame size to account for the wider registers being pushed. This manifested in the frame having data like: (gdb) x/10xg start.ptr_ 0x7f5576ff3eb0: 0x0000000000000000 0x0000336b08202759 0x7f5576ff3ec0: 0x7ff000007f801000 0x0000000000000000 0x7f5576ff3ed0: 0x7ff000007f801001 0x0000000000000000 0x7f5576ff3ee0: 0x7ff000007f801002 0x0000000000000000 0x7f5576ff3ef0: 0x7ff000007f801003 0x0000000000000000 The GC then walks part of this frame, thinking that 0x7ff000007f801003 is a heap object, and then crashes. Add some static_asserts (similar to builtins-x64) to remind ourselves that the pushed registers have to match the size in frame constants. Bug: chromium:1161555,v8:11358 Change-Id: Ic5138cc17ad44ccab9121ca226f9f812afef72c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2656857Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#72439}
45b99aaa
