Reviewers: fschneider, Description: Merge bleeding_edge revision 3263 to trunk. This fixes a stack corruption issue.
[email protected] Please review this at http://codereview.chromium.org/384041 SVN Base: http://v8.googlecode.com/svn/trunk/ Affected files: M src/ia32/virtual-frame-ia32.cc M src/version.cc M src/x64/virtual-frame-x64.cc Index: src/ia32/virtual-frame-ia32.cc =================================================================== --- src/ia32/virtual-frame-ia32.cc (revision 3269) +++ src/ia32/virtual-frame-ia32.cc (working copy) @@ -161,16 +161,15 @@ // on the stack. int start = Min(begin, stack_pointer_ + 1); - // Emit normal 'push' instructions for elements above stack pointer - // and use mov instructions if we are below stack pointer. + // If positive we have to adjust the stack pointer. + int delta = end - stack_pointer_; + if (delta > 0) { + stack_pointer_ = end; + __ sub(Operand(esp), Immediate(delta * kPointerSize)); + } + for (int i = start; i <= end; i++) { - if (!elements_[i].is_synced()) { - if (i <= stack_pointer_) { - SyncElementBelowStackPointer(i); - } else { - SyncElementByPushing(i); - } - } + if (!elements_[i].is_synced()) SyncElementBelowStackPointer(i); } } Index: src/x64/virtual-frame-x64.cc =================================================================== --- src/x64/virtual-frame-x64.cc (revision 3269) +++ src/x64/virtual-frame-x64.cc (working copy) @@ -893,16 +893,15 @@ // on the stack. int start = Min(begin, stack_pointer_ + 1); - // Emit normal 'push' instructions for elements above stack pointer - // and use mov instructions if we are below stack pointer. + // If positive we have to adjust the stack pointer. + int delta = end - stack_pointer_; + if (delta > 0) { + stack_pointer_ = end; + __ subq(rsp, Immediate(delta * kPointerSize)); + } + for (int i = start; i <= end; i++) { - if (!elements_[i].is_synced()) { - if (i <= stack_pointer_) { - SyncElementBelowStackPointer(i); - } else { - SyncElementByPushing(i); - } - } + if (!elements_[i].is_synced()) SyncElementBelowStackPointer(i); } } Index: src/version.cc =================================================================== --- src/version.cc (revision 3269) +++ src/version.cc (working copy) @@ -35,7 +35,7 @@ #define MAJOR_VERSION 1 #define MINOR_VERSION 3 #define BUILD_NUMBER 18 -#define PATCH_LEVEL 3 +#define PATCH_LEVEL 4 #define CANDIDATE_VERSION false // Define SONAME to have the SCons build the put a specific SONAME into the --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
