Commit 9c3f53d7 authored by mvstanton's avatar mvstanton Committed by Commit bot

ARM simulator needs a StackCheck in GetPropertyWithDefinedGetter.

Because simulators have a seperate JavaScript and C++ stack, and
because they try to avoid calling the runtime StackCheck function
on entry to every function, it can happen in recursive calls that
the C++ stack overflows while the JavaScript stack is okay. The
runtime StackCheck function would catch this, but as an optimization,
generated code only looks at the JavaScript stack pointer to
determine if it should make that runtime call.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1050433002

Cr-Commit-Position: refs/heads/master@{#27533}
parent 93e817e5
......@@ -406,6 +406,21 @@ MaybeHandle<Object> Object::GetPropertyWithDefinedGetter(
Handle<Object> receiver,
Handle<JSReceiver> getter) {
Isolate* isolate = getter->GetIsolate();
// Platforms with simulators like arm/arm64 expose a funny issue. If the
// simulator has a separate JS stack pointer from the C++ stack pointer, it
// can miss C++ stack overflows in the stack guard at the start of JavaScript
// functions. It would be very expensive to check the C++ stack pointer at
// that location. The best solution seems to be to break the impasse by
// adding checks at possible recursion points. What's more, we don't put
// this stack check behind the USE_SIMULATOR define in order to keep
// behavior the same between hardware and simulators.
StackLimitCheck check(isolate);
if (check.JsHasOverflowed()) {
isolate->StackOverflow();
return MaybeHandle<Object>();
}
Debug* debug = isolate->debug();
// Handle stepping into a getter if step into is active.
// TODO(rossberg): should this apply to getters that are function proxies?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment