Check for overflow when bumping new space's top in inlined allocation.

BUG=v8:1109 TEST=test/mjsunit/regress/regress-1109.js Review URL: http://codereview.chromium.org/6453005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Check for overflow when bumping new space's top in inlined allocation.
BUG=v8:1109 TEST=test/mjsunit/regress/regress-1109.js Review URL: http://codereview.chromium.org/6453005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6684 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
721b60d3 · vegorov@chromium.org · 8c6c2732 · 721b60d3 · 721b60d3 · 721b60d3
Commit 721b60d3 authored Feb 08, 2011 by vegorov@chromium.org
Showing with 27 additions and 13 deletions

macro-assembler-arm.cc src/arm/macro-assembler-arm.cc +5 -3

macro-assembler-ia32.cc src/ia32/macro-assembler-ia32.cc +11 -5

macro-assembler-x64.cc src/x64/macro-assembler-x64.cc +11 -5

No files found.
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -1150,7 +1150,8 @@ void MacroAssembler::AllocateInNewSpace(int object_size,
  // Calculate new top and bail out if new space is exhausted. Use result
  // to calculate the new top.
-  add(scratch2, result, Operand(obj_size_reg));
+  add(scratch2, result, Operand(obj_size_reg), SetCC);
+  b(cs, gc_required);
  cmp(scratch2, Operand(ip));
  b(hi, gc_required);
  str(scratch2, MemOperand(topaddr));
@@ -1229,10 +1230,11 @@ void MacroAssembler::AllocateInNewSpace(Register object_size,
  // to calculate the new top. Object size may be in words so a shift is
  // required to get the number of bytes.
  if ((flags & SIZE_IN_WORDS) != 0) {
-    add(scratch2, result, Operand(object_size, LSL, kPointerSizeLog2));
+    add(scratch2, result, Operand(object_size, LSL, kPointerSizeLog2), SetCC);
  } else {
-    add(scratch2, result, Operand(object_size));
+    add(scratch2, result, Operand(object_size), SetCC);
  }
+  b(cs, gc_required);
  cmp(scratch2, Operand(ip));
  b(hi, gc_required);

--- a/src/ia32/macro-assembler-ia32.cc
+++ b/src/ia32/macro-assembler-ia32.cc
@@ -604,11 +604,11 @@ void MacroAssembler::AllocateInNewSpace(int object_size,
  ExternalReference new_space_allocation_limit =
      ExternalReference::new_space_allocation_limit_address();
-  if (top_reg.is(result)) {
+  if (!top_reg.is(result)) {
-    add(Operand(top_reg), Immediate(object_size));
+    mov(top_reg, result);
-  } else {
-    lea(top_reg, Operand(result, object_size));
  }
+  add(Operand(top_reg), Immediate(object_size));
+  j(carry, gc_required, not_taken);
  cmp(top_reg, Operand::StaticVariable(new_space_allocation_limit));
  j(above, gc_required, not_taken);
@@ -657,7 +657,12 @@ void MacroAssembler::AllocateInNewSpace(int header_size,
  // Calculate new top and bail out if new space is exhausted.
  ExternalReference new_space_allocation_limit =
      ExternalReference::new_space_allocation_limit_address();
-  lea(result_end, Operand(result, element_count, element_size, header_size));
+  // We assume that element_count*element_size + header_size does not
+  // overflow.
+  lea(result_end, Operand(element_count, element_size, header_size));
+  add(result_end, Operand(result));
+  j(carry, gc_required);
  cmp(result_end, Operand::StaticVariable(new_space_allocation_limit));
  j(above, gc_required);
@@ -702,6 +707,7 @@ void MacroAssembler::AllocateInNewSpace(Register object_size,
    mov(result_end, object_size);
  }
  add(result_end, Operand(result));
+  j(carry, gc_required, not_taken);
  cmp(result_end, Operand::StaticVariable(new_space_allocation_limit));
  j(above, gc_required, not_taken);

--- a/src/x64/macro-assembler-x64.cc
+++ b/src/x64/macro-assembler-x64.cc
@@ -2098,11 +2098,11 @@ void MacroAssembler::AllocateInNewSpace(int object_size,
  Register top_reg = result_end.is_valid() ? result_end : result;
-  if (top_reg.is(result)) {
+  if (!top_reg.is(result)) {
-    addq(top_reg, Immediate(object_size));
+    movq(top_reg, result);
-  } else {
-    lea(top_reg, Operand(result, object_size));
  }
+  addq(top_reg, Immediate(object_size));
+  j(carry, gc_required);
  movq(kScratchRegister, new_space_allocation_limit);
  cmpq(top_reg, Operand(kScratchRegister, 0));
  j(above, gc_required);
@@ -2152,7 +2152,12 @@ void MacroAssembler::AllocateInNewSpace(int header_size,
  // Calculate new top and bail out if new space is exhausted.
  ExternalReference new_space_allocation_limit =
      ExternalReference::new_space_allocation_limit_address();
-  lea(result_end, Operand(result, element_count, element_size, header_size));
+  // We assume that element_count*element_size + header_size does not
+  // overflow.
+  lea(result_end, Operand(element_count, element_size, header_size));
+  addq(result_end, result);
+  j(carry, gc_required);
  movq(kScratchRegister, new_space_allocation_limit);
  cmpq(result_end, Operand(kScratchRegister, 0));
  j(above, gc_required);
@@ -2198,6 +2203,7 @@ void MacroAssembler::AllocateInNewSpace(Register object_size,
    movq(result_end, object_size);
  }
  addq(result_end, result);
+  j(carry, gc_required);
  movq(kScratchRegister, new_space_allocation_limit);
  cmpq(result_end, Operand(kScratchRegister, 0));
  j(above, gc_required);