[v8-dev] Issue 2736 in v8: Crash in ARM assembler when generating labels at very high offsets

[codesite-noreply]

Status: New
Owner: ----

New issue 2736 by kkinnu...@nvidia.com: Crash in ARM assembler when  
generating labels at very high offsets
http://code.google.com/p/v8/issues/detail?id=2736
Crash in ARM assembler when generating labels at very high offsets.
Using -4 to denote a sentinel on link locations and then  
storing "jump_offset_imm24 = -4- <jump location>" overflows the imm24 that  
is used to store the jump offset.

out/arm.debug/d8 ~/devbrowser/external/v8/test/mjsunit/mjsunit.js  
~/devbrowser/external/v8/test/mjsunit/big-code-segment.js


#
# Fatal error in ../src/arm/assembler-arm.cc, line 1188
# CHECK(is_int24(imm24)) failed
#

==== C stack trace ===============================

 1: V8_Fatal
 2: v8::internal::Assembler::b(int, v8::internal::Condition)
 3: v8::internal::Assembler::b(v8::internal::Condition,  
v8::internal::Label*)
 4: v8::internal::FullCodeGenerator::Split(v8::internal::Condition,  
v8::internal::Label*, v8::internal::Label*, v8::internal::Label*)
 5: v8::internal::FullCodeGenerator::DoTest(v8::internal::Expression*,  
v8::internal::Label*, v8::internal::Label*, v8::internal::Label*)
 6:  
v8::internal::FullCodeGenerator::DoTest(v8::internal::FullCodeGenerator::TestContext  
const*)
 7:  
v8::internal::FullCodeGenerator::TestContext::Plug(v8::internal::Register)  
const
 8:  
v8::internal::FullCodeGenerator::EmitInlineSmiBinaryOp(v8::internal::BinaryOperation*,  
v8::internal::Token::Value, v8::internal::OverwriteMode,  
v8::internal::Expression*, v8::internal::Expression*)
 9:  
v8::internal::FullCodeGenerator::VisitArithmeticExpression(v8::internal::BinaryOperation*)
10:  
v8::internal::FullCodeGenerator::VisitBinaryOperation(v8::internal::BinaryOperation*)
11: v8::internal::BinaryOperation::Accept(v8::internal::AstVisitor*)
12: v8::internal::FullCodeGenerator::Visit(v8::internal::AstNode*)
13:  
v8::internal::FullCodeGenerator::VisitForControl(v8::internal::Expression*,  
v8::internal::Label*,
...

--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.