From 54ec6c031a933b2d10334ca6e3a920b758f0c333 Mon Sep 17 00:00:00 2001 From: "sgjesse@chromium.org" Date: Wed, 4 Nov 2009 10:04:22 +0000 Subject: [PATCH] Fix xssue 492: ARM debug crash: mozilla/ecma/FunctionObjects/15.3.1.1-3 When the number of parameters times 4 (kPointerSize) to a function cannot be encoded in 12 bits the return sequence gets one more instruction. Changed the assertion to check for this case. BUG=http://code.google.com/p/v8/issues/detail?id=492 TEST=test/mjsunit/regress/regress-492.js Review URL: http://codereview.chromium.org/354028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/assembler-arm.cc | 7 +++++ src/arm/assembler-arm.h | 3 +++ src/arm/codegen-arm.cc | 18 ++++++++++--- test/mjsunit/regress/regress-492.js | 52 +++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 test/mjsunit/regress/regress-492.js diff --git a/src/arm/assembler-arm.cc b/src/arm/assembler-arm.cc index bc3b8e6..b129a6d 100644 --- a/src/arm/assembler-arm.cc +++ b/src/arm/assembler-arm.cc @@ -1311,6 +1311,13 @@ void Assembler::lea(Register dst, } +bool Assembler::ImmediateFitsAddrMode1Instruction(int32_t imm32) { + uint32_t dummy1; + uint32_t dummy2; + return fits_shifter(imm32, &dummy1, &dummy2, NULL); +} + + // Debugging void Assembler::RecordJSReturn() { WriteRecordedPositions(); diff --git a/src/arm/assembler-arm.h b/src/arm/assembler-arm.h index b99d83c..df2b4cd 100644 --- a/src/arm/assembler-arm.h +++ b/src/arm/assembler-arm.h @@ -682,6 +682,9 @@ class Assembler : public Malloced { return (pc_offset() - l->pos()) / kInstrSize; } + // Check whether an immediate fits an addressing mode 1 instruction. + bool ImmediateFitsAddrMode1Instruction(int32_t imm32); + // Debugging // Mark address of the ExitJSFrame code. diff --git a/src/arm/codegen-arm.cc b/src/arm/codegen-arm.cc index af13ccd..c6add48 100644 --- a/src/arm/codegen-arm.cc +++ b/src/arm/codegen-arm.cc @@ -331,13 +331,25 @@ void CodeGenerator::GenCode(FunctionLiteral* fun) { // Here we use masm_-> instead of the __ macro to avoid the code coverage // tool from instrumenting as we rely on the code size here. - masm_->add(sp, sp, Operand((scope_->num_parameters() + 1) * kPointerSize)); + int32_t sp_delta = (scope_->num_parameters() + 1) * kPointerSize; + masm_->add(sp, sp, Operand(sp_delta)); masm_->Jump(lr); // Check that the size of the code used for returning matches what is - // expected by the debugger. - ASSERT_EQ(kJSReturnSequenceLength, + // expected by the debugger. The add instruction above is an addressing + // mode 1 instruction where there are restrictions on which immediate values + // can be encoded in the instruction and which immediate values requires + // use of an additional instruction for moving the immediate to a temporary + // register. +#ifdef DEBUG + int expected_return_sequence_length = kJSReturnSequenceLength; + if (!masm_->ImmediateFitsAddrMode1Instruction(sp_delta)) { + // Additional mov instruction generated. + expected_return_sequence_length++; + } + ASSERT_EQ(expected_return_sequence_length, masm_->InstructionsGeneratedSince(&check_exit_codesize)); +#endif } // Code generation state must be reset. diff --git a/test/mjsunit/regress/regress-492.js b/test/mjsunit/regress/regress-492.js new file mode 100644 index 0000000..a8b783b --- /dev/null +++ b/test/mjsunit/regress/regress-492.js @@ -0,0 +1,52 @@ +// Copyright 2009 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// See: http://code.google.com/p/v8/issues/detail?id=492 +// This should not hit any asserts in debug mode on ARM. + +function function_with_n_args(n) { + var source = '(function f('; + for (var arg = 0; arg < n; arg++) { + if (arg != 0) source += ','; + source += 'arg' + arg; + } + source += ') { })()'; + eval(source); +} + +var args; +for (args = 250; args < 270; args++) { + function_with_n_args(args); +} + +for (args = 500; args < 520; args++) { + function_with_n_args(args); +} + +for (args = 1019; args < 1041; args++) { + function_with_n_args(args); +} -- 2.7.4