[runtime] Add the JSCallRuntime opcode to TryGetScopeInfo

ClusterFuzzer found that a context can be created by a call to the runtime when checking for context extensions on the bytecode graph builder. That happens in large contexts. Bug: chromium:1019069 Change-Id: I7ab66dceedd56476ab972d7998ef4ca6896dc868 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886691Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64605}

[runtime] Add the JSCallRuntime opcode to TryGetScopeInfo
ClusterFuzzer found that a context can be created by a call to the runtime when checking for context extensions on the bytecode graph builder. That happens in large contexts. Bug: chromium:1019069 Change-Id: I7ab66dceedd56476ab972d7998ef4ca6896dc868 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886691Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64605}
6fbe2698 · Victor Gomes · Commit Bot · 8649e430 · 6fbe2698
Commit 6fbe2698 authored Oct 29, 2019 by Victor Gomes Committed by Commit Bot Oct 29, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

bytecode-graph-builder.cc src/compiler/bytecode-graph-builder.cc +2 -0

No files found.
--- a/src/compiler/bytecode-graph-builder.cc
+++ b/src/compiler/bytecode-graph-builder.cc
@@ -1622,6 +1622,8 @@ base::Optional<ScopeInfoRef> BytecodeGraphBuilder::TryGetScopeInfo() {
    case IrOpcode::kJSGeneratorRestoreContext:
    case IrOpcode::kOsrValue:
    case IrOpcode::kPhi:
+    // For a large context, the runtime call is still used.
+    case IrOpcode::kJSCallRuntime:
      return base::nullopt;
    default:
      UNREACHABLE();