From: titzer Date: Wed, 7 Jan 2015 13:43:31 +0000 (-0800) Subject: Fix bug in Runtime_CompileOptimized resulting from stack overflow. X-Git-Tag: upstream/4.7.83~5066 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d77d3ba9a355f98e6ff1a421be2741fa897bed63;p=platform%2Fupstream%2Fv8.git Fix bug in Runtime_CompileOptimized resulting from stack overflow. R=jarin@chromium.org BUG=chromium:446389 LOG=Y Review URL: https://codereview.chromium.org/844503002 Cr-Commit-Position: refs/heads/master@{#25974} --- diff --git a/src/runtime/runtime-compiler.cc b/src/runtime/runtime-compiler.cc index ebd0c13..6526dcf 100644 --- a/src/runtime/runtime-compiler.cc +++ b/src/runtime/runtime-compiler.cc @@ -69,9 +69,20 @@ RUNTIME_FUNCTION(Runtime_CompileOptimized) { concurrent ? Compiler::CONCURRENT : Compiler::NOT_CONCURRENT; Handle code; if (Compiler::GetOptimizedCode(function, unoptimized, mode).ToHandle(&code)) { + // Optimization succeeded, return optimized code. function->ReplaceCode(*code); } else { - function->ReplaceCode(function->shared()->code()); + // Optimization failed, get unoptimized code. + if (isolate->has_pending_exception()) { // Possible stack overflow. + return isolate->heap()->exception(); + } + code = Handle(function->shared()->code(), isolate); + if (code->kind() != Code::FUNCTION && + code->kind() != Code::OPTIMIZED_FUNCTION) { + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, code, Compiler::GetUnoptimizedCode(function)); + } + function->ReplaceCode(*code); } DCHECK(function->code()->kind() == Code::FUNCTION || diff --git a/test/mjsunit/regress/regress-446389.js b/test/mjsunit/regress/regress-446389.js new file mode 100644 index 0000000..d600638 --- /dev/null +++ b/test/mjsunit/regress/regress-446389.js @@ -0,0 +1,12 @@ +// Copyright 2014 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function runNearStackLimit(f) { function t() { try { t(); } catch(e) { f(); } }; try { t(); } catch(e) {} } +%OptimizeFunctionOnNextCall(__f_3); +function __f_3() { + var __v_5 = a[0]; +} +runNearStackLimit(function() { __f_3(); });