Commit 50212e4d authored by Sigurd Schneider's avatar Sigurd Schneider Committed by Commit Bot

[turbofan] Add framestate to JSPerformPromiseThen operator

The framestate is necessary, because the PerformPromiseThen builtin
calls into the runtime function PromiseRevokeReject, which ultimately
calls back into the embedder. Node may execute JavaScript in the callback,
and the missing framestate can then make our stack frame walker unhappy.

Bug: v8:7659
Change-Id: I47391fd2b9b3c10ef26204a41e58f8082243c702
Reviewed-on: https://chromium-review.googlesource.com/1015361Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52663}
parent b4a43097
...@@ -5840,6 +5840,7 @@ Reduction JSCallReducer::ReducePromisePrototypeThen(Node* node) { ...@@ -5840,6 +5840,7 @@ Reduction JSCallReducer::ReducePromisePrototypeThen(Node* node) {
Node* context = NodeProperties::GetContextInput(node); Node* context = NodeProperties::GetContextInput(node);
Node* effect = NodeProperties::GetEffectInput(node); Node* effect = NodeProperties::GetEffectInput(node);
Node* control = NodeProperties::GetControlInput(node); Node* control = NodeProperties::GetControlInput(node);
Node* frame_state = NodeProperties::GetFrameStateInput(node);
// Check that promises aren't being observed through (debug) hooks. // Check that promises aren't being observed through (debug) hooks.
if (!isolate()->IsPromiseHookProtectorIntact()) return NoChange(); if (!isolate()->IsPromiseHookProtectorIntact()) return NoChange();
...@@ -5898,9 +5899,9 @@ Reduction JSCallReducer::ReducePromisePrototypeThen(Node* node) { ...@@ -5898,9 +5899,9 @@ Reduction JSCallReducer::ReducePromisePrototypeThen(Node* node) {
graph()->NewNode(javascript()->CreatePromise(), context, effect); graph()->NewNode(javascript()->CreatePromise(), context, effect);
// Chain {result} onto {receiver}. // Chain {result} onto {receiver}.
result = effect = graph()->NewNode(javascript()->PerformPromiseThen(), result = effect = graph()->NewNode(
receiver, on_fulfilled, on_rejected, javascript()->PerformPromiseThen(), receiver, on_fulfilled, on_rejected,
result, context, effect, control); result, context, frame_state, effect, control);
ReplaceWithValue(node, result, effect, control); ReplaceWithValue(node, result, effect, control);
return Replace(result); return Replace(result);
} }
......
...@@ -119,6 +119,7 @@ bool OperatorProperties::HasFrameStateInput(const Operator* op) { ...@@ -119,6 +119,7 @@ bool OperatorProperties::HasFrameStateInput(const Operator* op) {
case IrOpcode::kJSPromiseResolve: case IrOpcode::kJSPromiseResolve:
case IrOpcode::kJSRejectPromise: case IrOpcode::kJSRejectPromise:
case IrOpcode::kJSResolvePromise: case IrOpcode::kJSResolvePromise:
case IrOpcode::kJSPerformPromiseThen:
return true; return true;
default: default:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment