test · 9e4948d8fb06f0681199afc258df3971361a8bf6 · Linshizhi / V8

[regexp] Allow heap allocation on stack overflows · 0793bb84

Jakob Gruber authored Mar 12, 2019

The regexp interpreter holds several unhandlified references to heap
objects, and is thus within a DisallowHeapAllocation scope. But there
are two situations in which we can and do allocate safely:

1. When creating & throwing a stack overflow exception. The interpreter
   aborts afterwards, and thus possible-moved objects are never used.
2. When handling interrupts. We manually relocate unhandlified references
   after interrupts have run.

This CL explicitly allows allocations on stack overflows.

Isolate::StackOverflow allocates heap objects.

Bug: chromium:940722, v8:8724
Change-Id: I74ef6f0dd7a30bd55f49a7bc0f2f6ac82adbeda8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518174Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60191}

0793bb84

Name	Last commit	Last update
..
benchmarks		Loading commit data...
cctest		Loading commit data...
common		Loading commit data...
debugger		Loading commit data...
fuzzer		Loading commit data...
inspector		Loading commit data...
intl		Loading commit data...
js-perf-test		Loading commit data...
memory		Loading commit data...
message		Loading commit data...
mjsunit		Loading commit data...
mkgrokdump		Loading commit data...
mozilla		Loading commit data...
preparser		Loading commit data...
test262		Loading commit data...
torque		Loading commit data...
unittests		Loading commit data...
wasm-js		Loading commit data...
wasm-spec-tests		Loading commit data...
webkit		Loading commit data...
BUILD.gn		Loading commit data...
OWNERS		Loading commit data...