-
Simon Zünd authored
This CL teaches the deoptimizer about JavaScriptBuiltinContinuation frames that are not preceded by argument adapter frames. This pattern is used when calling C++ API functions from TurboFan. This CL fixes a crash when the deoptimizer encounters the pattern described above. The crash was caused when the deoptimizer tried to read the arguments of the continuation frame. As no adapter frame was present, the argument count was read from the SharedFunctionInfo which had the kDontAdaptArgumentsSentinel value. This translated to an argument count of ~65000 later down the line, which caused a FATAL error when the deoptimizer tried to re-construct ~65000 non-existent values. Bug: chromium:980529 Change-Id: Id2de3bf7607102ab5a16de344c649015e968b185 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687417Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#62547}
7e0f961e
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| common | ||
| debugger | ||
| fuzzer | ||
| inspector | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mkgrokdump | ||
| mozilla | ||
| preparser | ||
| test262 | ||
| torque | ||
| unittests | ||
| wasm-api-tests | ||
| wasm-js | ||
| wasm-spec-tests | ||
| webkit | ||
| BUILD.gn | ||
| OWNERS |