-
Leszek Swirski authored
InterpreterOnStackReplacement_ToBaseline spills the accumulator register without a frame, but can then call kInstallBaselineCode. If that function then allocates, then the GC will see an invalid stack. Fix this by making sure that the accumulator register is spilled inside the internal frame of the kInstallBaselineCode, and either don't spill it at all outside that frame, or at least make sure that we pop/re-push the spilled value so that it moves inside the frame. Bug: v8:11420 Change-Id: Iad2aa718b0477ff960544d881fecae9efcbeef54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059072 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75978}
b4e62f2d
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
builtins-x64.cc |