I don't think this works right if a stack overflow happens at the wrong moment. The difference between sp and the limit will be negative, but then you use an unsigned test and no error will occur.
Also, search for the text "Deserializing may put strange things in the root array" in v8.cc. I think the real JS limit needs to be set there for snapshots to work with the new system. http://codereview.chromium.org/345048/diff/1001/1015 File src/arm/builtins-arm.cc (right): http://codereview.chromium.org/345048/diff/1001/1015#newcode1037 Line 1037: __ sub(r2, sp, r2); What if sp is already beyond the stack limit here? I don't think you can just throw all this code away. http://codereview.chromium.org/345048/diff/1001/1019 File src/execution.h (right): http://codereview.chromium.org/345048/diff/1001/1019#newcode247 Line 247: // fail. Both the generated code and the runtime system checks against the checks -> check http://codereview.chromium.org/345048/diff/1001/1004 File src/heap.cc (right): http://codereview.chromium.org/345048/diff/1001/1004#newcode3463 Line 3463: // This is actually an address, but the tag makes the GC ignore it. This... should be plural. http://codereview.chromium.org/345048/diff/1001/1002 File test/cctest/test-debug.cc (right): http://codereview.chromium.org/345048/diff/1001/1002#newcode5469 Line 5469: // Test that the dbeug break flag works with function.apply. dbeug -> debug http://codereview.chromium.org/345048 --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
