-
jgruber authored
This was exposed on win64 and manifested as a negative offset during stack frame collection, i.e. pc < Code::instruction_start() for a BUILTIN frame. This happened because StackFrame::LookupCode returns the wrong code object when call is the last instruction in a code object: * pc is actually the return address for all but the topmost frame. * pc points at the next instruction after the call. * This is beyond the current code object if call is the last instruction. * Lookup itself is naive in that it just returns the first code object for which (next_code_obj_addr > pc). It does not check that pc is actually within [instruction_start, instruction_end[. * In this specific case, the pc (== return address) actually pointed at the beginning of the header of the next code object. * We finally calculated offset as (code->instruction_start() - pc), but with the wrong code object. This should be followed up by a proper fix at some point. For instance, this could be setting pc to (return address - 1) for all but the topmost frame. BUG=v8:5311 Review-Url: https://codereview.chromium.org/2284673002 Cr-Commit-Position: refs/heads/master@{#38996}
4f781d72
