src/builtins · c3e1b5f87ccc82f8eefe63e7c220d5c95f496d52 · Linshizhi / V8

Fix LookupCode for the DatePrototype_GetField builtin · 4f781d72

jgruber authored Aug 30, 2016

This was exposed on win64 and manifested as a negative offset during
stack frame collection, i.e. pc < Code::instruction_start() for a
BUILTIN frame.

This happened because StackFrame::LookupCode returns the wrong code
object when call is the last instruction in a code object:
* pc is actually the return address for all but the topmost frame.
* pc points at the next instruction after the call.
* This is beyond the current code object if call is the last
  instruction.
* Lookup itself is naive in that it just returns the first code object
  for which (next_code_obj_addr > pc). It does not check that pc is
  actually within [instruction_start, instruction_end[.
* In this specific case, the pc (== return address) actually pointed
  at the beginning of the header of the next code object.
* We finally calculated offset as (code->instruction_start() - pc),
  but with the wrong code object.

This should be followed up by a proper fix at some point. For instance,
this could be setting pc to (return address - 1) for all but the topmost
frame.

BUG=v8:5311

Review-Url: https://codereview.chromium.org/2284673002
Cr-Commit-Position: refs/heads/master@{#38996}

4f781d72

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
ia32		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
ppc		Loading commit data...
s390		Loading commit data...
x64		Loading commit data...
x87		Loading commit data...
builtins-api.cc		Loading commit data...
builtins-array.cc		Loading commit data...
builtins-arraybuffer.cc		Loading commit data...
builtins-boolean.cc		Loading commit data...
builtins-call.cc		Loading commit data...
builtins-callsite.cc		Loading commit data...
builtins-conversion.cc		Loading commit data...
builtins-dataview.cc		Loading commit data...
builtins-date.cc		Loading commit data...
builtins-debug.cc		Loading commit data...
builtins-error.cc		Loading commit data...
builtins-function.cc		Loading commit data...
builtins-generator.cc		Loading commit data...
builtins-global.cc		Loading commit data...
builtins-handler.cc		Loading commit data...
builtins-internal.cc		Loading commit data...
builtins-interpreter.cc		Loading commit data...
builtins-json.cc		Loading commit data...
builtins-math.cc		Loading commit data...
builtins-number.cc		Loading commit data...
builtins-object.cc		Loading commit data...
builtins-proxy.cc		Loading commit data...
builtins-reflect.cc		Loading commit data...
builtins-sharedarraybuffer.cc		Loading commit data...
builtins-string.cc		Loading commit data...
builtins-symbol.cc		Loading commit data...
builtins-typedarray.cc		Loading commit data...
builtins-utils.h		Loading commit data...
builtins.cc		Loading commit data...
builtins.h		Loading commit data...