[v8-dev] Version 4.4.63.14 (cherry-pick) (issue 1229523002 by [email protected])

Tue, 07 Jul 2015 02:37:05 -0700 

Reviewers: Benedikt Meurer,

Description:
Version 4.4.63.14 (cherry-pick)

Merged 19cdd00d092067edf85e64c6567ec769843a53c2

ARM64: remove stack pushes without frame in RegExpExecStub.

BUG=chromium:487981
LOG=N
[email protected]

Please review this at https://codereview.chromium.org/1229523002/

Base URL: https://chromium.googlesource.com/v8/[email protected]

Affected files (+32, -24 lines):
  M include/v8-version.h
  M src/arm64/code-stubs-arm64.cc
  A test/mjsunit/regress/regress-487981.js


Index: include/v8-version.h
diff --git a/include/v8-version.h b/include/v8-version.h
index 64eafa5d661a2d5078e0b6c78722346dfa1dd685..c44d53c04d3e6de6f3a8fda282159bf285f3edc7 100644 
--- a/include/v8-version.h
+++ b/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 4
 #define V8_MINOR_VERSION 4
 #define V8_BUILD_NUMBER 63
-#define V8_PATCH_LEVEL 13
+#define V8_PATCH_LEVEL 14

 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
Index: src/arm64/code-stubs-arm64.cc
diff --git a/src/arm64/code-stubs-arm64.cc b/src/arm64/code-stubs-arm64.cc
index 9ce5a05ce530d799c99be1683ffc36387f555c57..7f3c99520492059b7c6e7eb44c85b83053827bd7 100644 
--- a/src/arm64/code-stubs-arm64.cc
+++ b/src/arm64/code-stubs-arm64.cc
@@ -2286,27 +2286,16 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { 
   Register last_match_info_elements = x21;
   Register code_object = x22;
- // TODO(jbramley): Is it necessary to preserve these? I don't think ARM does. 
-  CPURegList used_callee_saved_registers(subject,
-                                         regexp_data,
-                                         last_match_info_elements,
-                                         code_object);
-  __ PushCPURegList(used_callee_saved_registers);
-
   // Stack frame.
-  //  jssp[0] : x19
-  //  jssp[8] : x20
-  //  jssp[16]: x21
-  //  jssp[24]: x22
-  //  jssp[32]: last_match_info (JSArray)
-  //  jssp[40]: previous index
-  //  jssp[48]: subject string
-  //  jssp[56]: JSRegExp object
-
-  const int kLastMatchInfoOffset = 4 * kPointerSize;
-  const int kPreviousIndexOffset = 5 * kPointerSize;
-  const int kSubjectOffset = 6 * kPointerSize;
-  const int kJSRegExpOffset = 7 * kPointerSize;
+  //  jssp[00]: last_match_info (JSArray)
+  //  jssp[08]: previous index
+  //  jssp[16]: subject string
+  //  jssp[24]: JSRegExp object
+
+  const int kLastMatchInfoOffset = 0 * kPointerSize;
+  const int kPreviousIndexOffset = 1 * kPointerSize;
+  const int kSubjectOffset = 2 * kPointerSize;
+  const int kJSRegExpOffset = 3 * kPointerSize;

   // Ensure that a RegExp stack is allocated.
   ExternalReference address_of_regexp_stack_memory_address =
@@ -2673,7 +2662,6 @@ void RegExpExecStub::Generate(MacroAssembler* masm) {

   // Return last match info.
   __ Peek(x0, kLastMatchInfoOffset);
-  __ PopCPURegList(used_callee_saved_registers);
   // Drop the 4 arguments of the stub from the stack.
   __ Drop(4);
   __ Ret();
@@ -2696,13 +2684,11 @@ void RegExpExecStub::Generate(MacroAssembler* masm) { 

   __ Bind(&failure);
   __ Mov(x0, Operand(isolate()->factory()->null_value()));
-  __ PopCPURegList(used_callee_saved_registers);
   // Drop the 4 arguments of the stub from the stack.
   __ Drop(4);
   __ Ret();

   __ Bind(&runtime);
-  __ PopCPURegList(used_callee_saved_registers);
   __ TailCallRuntime(Runtime::kRegExpExec, 4, 1);

   // Deferred code for string handling.
Index: test/mjsunit/regress/regress-487981.js
diff --git a/test/mjsunit/regress/regress-487981.js b/test/mjsunit/regress/regress-487981.js 
new file mode 100644
index 0000000000000000000000000000000000000000..829c25c59d230e4d0e4ec189e0915b999ee8b478 
--- /dev/null
+++ b/test/mjsunit/regress/regress-487981.js
@@ -0,0 +1,22 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags:  --allow-natives-syntax --stress-compaction
+
+// To reliably reproduce the crash use --verify-heap --random-seed=-133185440 
+
+function __f_2(o) {
+  return o.field.b.x;
+}
+
+try {
+  %OptimizeFunctionOnNextCall(__f_2);
+  __v_1 = __f_2();
+} catch(e) { }
+
+function __f_3() { __f_3(/./.test()); };
+
+try {
+__f_3();
+} catch(e) { }


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to