From: kmillikin@chromium.org Date: Wed, 11 Mar 2009 10:25:48 +0000 (+0000) Subject: Fix issue 268 by explicitly calling Unuse (to deallocate all contained X-Git-Tag: upstream/4.7.83~24521 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=82df32b78c9efca5cb4911cff7a6a8718ef3a6fa;p=platform%2Fupstream%2Fv8.git Fix issue 268 by explicitly calling Unuse (to deallocate all contained virtual frames) on zone-allocated jump targets. These include jump targets in AST nodes and the entry and exit targets of deferred code. See http://code.google.com/p/v8/issues/detail?id=268 Review URL: http://codereview.chromium.org/42067 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/codegen-arm.cc b/src/codegen-arm.cc index 9902894..8d9052a 100644 --- a/src/codegen-arm.cc +++ b/src/codegen-arm.cc @@ -284,7 +284,11 @@ void CodeGenerator::GenCode(FunctionLiteral* fun) { DeleteFrame(); // Process any deferred code using the register allocator. - ProcessDeferred(); + if (HasStackOverflow()) { + ClearDeferred(); + } else { + ProcessDeferred(); + } allocator_ = NULL; scope_ = NULL; @@ -1133,6 +1137,7 @@ void CodeGenerator::VisitBlock(Block* node) { if (node->break_target()->is_linked()) { node->break_target()->Bind(); } + node->break_target()->Unuse(); ASSERT(!has_valid_frame() || frame_->height() == original_height); } @@ -1594,6 +1599,7 @@ void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) { if (node->break_target()->is_linked()) { node->break_target()->Bind(); } + node->break_target()->Unuse(); ASSERT(!has_valid_frame() || frame_->height() == original_height); } @@ -1781,6 +1787,8 @@ void CodeGenerator::VisitLoopStatement(LoopStatement* node) { if (node->break_target()->is_linked()) { node->break_target()->Bind(); } + node->continue_target()->Unuse(); + node->break_target()->Unuse(); ASSERT(!has_valid_frame() || frame_->height() == original_height); } @@ -1971,6 +1979,8 @@ void CodeGenerator::VisitForInStatement(ForInStatement* node) { // Exit. exit.Bind(); + node->continue_target()->Unuse(); + node->break_target()->Unuse(); ASSERT(frame_->height() == original_height); } diff --git a/src/codegen-arm.h b/src/codegen-arm.h index e648141..29fe2d4 100644 --- a/src/codegen-arm.h +++ b/src/codegen-arm.h @@ -195,6 +195,8 @@ class CodeGenerator: public AstVisitor { // Accessors Scope* scope() const { return scope_; } + // Clearing and generating deferred code. + void ClearDeferred(); void ProcessDeferred(); bool is_eval() { return is_eval_; } diff --git a/src/codegen-ia32.cc b/src/codegen-ia32.cc index ec5813b..f13af68 100644 --- a/src/codegen-ia32.cc +++ b/src/codegen-ia32.cc @@ -307,7 +307,11 @@ void CodeGenerator::GenCode(FunctionLiteral* fun) { DeleteFrame(); // Process any deferred code using the register allocator. - ProcessDeferred(); + if (HasStackOverflow()) { + ClearDeferred(); + } else { + ProcessDeferred(); + } // There is no need to delete the register allocator, it is a // stack-allocated local. @@ -1567,6 +1571,7 @@ void CodeGenerator::VisitBlock(Block* node) { if (node->break_target()->is_linked()) { node->break_target()->Bind(); } + node->break_target()->Unuse(); } @@ -2094,37 +2099,39 @@ void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) { // There are two ways to reach the body: from the corresponding // test or as the fall through of the previous body. - if (!clause->body_target()->is_linked() && !has_valid_frame()) { - // If we have neither, skip this body. - continue; - } else if (clause->body_target()->is_linked() && has_valid_frame()) { - // If we have both, put a jump on the fall through path to avoid - // the dropping of the switch value on the test path. The - // exception is the default which has already had the switch - // value dropped. - if (clause->is_default()) { - clause->body_target()->Bind(); + if (clause->body_target()->is_linked() || has_valid_frame()) { + if (clause->body_target()->is_linked()) { + if (has_valid_frame()) { + // If we have both a jump to the test and a fall through, put + // a jump on the fall through path to avoid the dropping of + // the switch value on the test path. The exception is the + // default which has already had the switch value dropped. + if (clause->is_default()) { + clause->body_target()->Bind(); + } else { + JumpTarget body(this); + body.Jump(); + clause->body_target()->Bind(); + frame_->Drop(); + body.Bind(); + } + } else { + // No fall through to worry about. + clause->body_target()->Bind(); + if (!clause->is_default()) { + frame_->Drop(); + } + } } else { - JumpTarget body(this); - body.Jump(); - clause->body_target()->Bind(); - frame_->Drop(); - body.Bind(); - } - } else if (clause->body_target()->is_linked()) { - // No fall through to worry about. - clause->body_target()->Bind(); - if (!clause->is_default()) { - frame_->Drop(); + // Otherwise, we have only fall through. + ASSERT(has_valid_frame()); } - } else { - // Otherwise, we have only fall through. - ASSERT(has_valid_frame()); - } - // We are now prepared to compile the body. - Comment cmnt(masm_, "[ Case body"); - VisitStatements(clause->statements()); + // We are now prepared to compile the body. + Comment cmnt(masm_, "[ Case body"); + VisitStatements(clause->statements()); + } + clause->body_target()->Unuse(); } // We may not have a valid frame here so bind the break target only @@ -2132,6 +2139,7 @@ void CodeGenerator::VisitSwitchStatement(SwitchStatement* node) { if (node->break_target()->is_linked()) { node->break_target()->Bind(); } + node->break_target()->Unuse(); } @@ -2452,6 +2460,8 @@ void CodeGenerator::VisitLoopStatement(LoopStatement* node) { } DecrementLoopNesting(); + node->continue_target()->Unuse(); + node->break_target()->Unuse(); } @@ -2636,6 +2646,9 @@ void CodeGenerator::VisitForInStatement(ForInStatement* node) { // Exit. exit.Bind(); + + node->continue_target()->Unuse(); + node->break_target()->Unuse(); } diff --git a/src/codegen-ia32.h b/src/codegen-ia32.h index af248d9..dfa5978 100644 --- a/src/codegen-ia32.h +++ b/src/codegen-ia32.h @@ -340,6 +340,8 @@ class CodeGenerator: public AstVisitor { // Accessors Scope* scope() const { return scope_; } + // Clearing and generating deferred code. + void ClearDeferred(); void ProcessDeferred(); bool is_eval() { return is_eval_; } diff --git a/src/codegen.cc b/src/codegen.cc index f43e01c..558e854 100644 --- a/src/codegen.cc +++ b/src/codegen.cc @@ -53,6 +53,13 @@ DeferredCode::DeferredCode(CodeGenerator* generator) } +void CodeGenerator::ClearDeferred() { + for (int i = 0; i < deferred_.length(); i++) { + deferred_[i]->Clear(); + } +} + + void CodeGenerator::ProcessDeferred() { while (!deferred_.is_empty()) { DeferredCode* code = deferred_.RemoveLast(); @@ -66,6 +73,7 @@ void CodeGenerator::ProcessDeferred() { Comment cmnt(masm, code->comment()); code->Generate(); ASSERT(code->enter()->is_bound()); + code->Clear(); } } diff --git a/src/codegen.h b/src/codegen.h index 1bfebdc..3086638 100644 --- a/src/codegen.h +++ b/src/codegen.h @@ -52,6 +52,7 @@ // CodeGenerator::CodeGenerator // CodeGenerator::~CodeGenerator // CodeGenerator::ProcessDeferred +// CodeGenerator::ClearDeferred // CodeGenerator::GenCode // CodeGenerator::BuildBoilerplate // CodeGenerator::ComputeCallInitialize @@ -92,6 +93,14 @@ class DeferredCode: public ZoneObject { virtual void Generate() = 0; + // Unuse the entry and exit targets, deallocating all virtual frames + // held by them. It will be impossible to emit a (correct) jump + // into or out of the deferred code after clearing. + void Clear() { + enter_.Unuse(); + exit_.Unuse(); + } + MacroAssembler* masm() const { return masm_; } CodeGenerator* generator() const { return generator_; }