Commit 3c1bf982 authored by Victor Gomes's avatar Victor Gomes Committed by Commit Bot

[frames] Fix receiver offset for BuiltinExitFrames

Change-Id: I46efe24dc9d2513fc8d099ef4af9e25ddf3ea697
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2302049
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68901}
parent 6553585a
......@@ -118,15 +118,23 @@ inline BuiltinExitFrame::BuiltinExitFrame(StackFrameIteratorBase* iterator)
inline Object BuiltinExitFrame::receiver_slot_object() const {
// The receiver is the first argument on the frame.
// fp[1]: return address.
// fp[2]: the last argument (new target).
// ------- fixed extra builtin arguments -------
// fp[2]: new target.
// fp[3]: target.
// fp[4]: argc.
// fp[2 + argc - 1]: receiver.
// fp[5]: hole.
// ------- JS stack arguments ------
// fp[6]: receiver, if V8_REVERSE_JSARGS.
// fp[2 + argc - 1]: receiver, if not V8_REVERSE_JSARGS.
#ifdef V8_REVERSE_JSARGS
const int receiverOffset = BuiltinExitFrameConstants::kFirstArgumentOffset;
#else
Object argc_slot = argc_slot_object();
DCHECK(argc_slot.IsSmi());
int argc = Smi::ToInt(argc_slot);
const int receiverOffset = BuiltinExitFrameConstants::kNewTargetOffset +
(argc - 1) * kSystemPointerSize;
#endif
return Object(base::Memory<Address>(fp() + receiverOffset));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment