From e27d8fcbdcd9d33737fb7d54474a6d152fc134e8 Mon Sep 17 00:00:00 2001 From: "vegorov@chromium.org" Date: Wed, 19 Oct 2011 11:01:02 +0000 Subject: [PATCH] RegExpMacroAssembler::CheckStackGuardState should update input string pointer when it is moved or changed by GC. If input string was cons-string it might undergo short-circuiting during GC. This does not change input start if underlying seq-string (first element of cons-string) does not move but this makes input-string pointer on the native regexp's frame invalid. R=lrn@chromium.org Review URL: http://codereview.chromium.org/8343001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9697 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/regexp-macro-assembler-arm.cc | 5 +++++ src/ia32/regexp-macro-assembler-ia32.cc | 5 +++++ src/x64/regexp-macro-assembler-x64.cc | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/src/arm/regexp-macro-assembler-arm.cc b/src/arm/regexp-macro-assembler-arm.cc index c876467..b212f9f 100644 --- a/src/arm/regexp-macro-assembler-arm.cc +++ b/src/arm/regexp-macro-assembler-arm.cc @@ -1111,6 +1111,11 @@ int RegExpMacroAssemblerARM::CheckStackGuardState(Address* return_address, frame_entry(re_frame, kInputString) = *subject; frame_entry(re_frame, kInputStart) = new_address; frame_entry(re_frame, kInputEnd) = new_address + byte_length; + } else if (frame_entry(re_frame, kInputString) != *subject) { + // Subject string might have been a ConsString that underwent + // short-circuiting during GC. That will not change start_address but + // will change pointer inside the subject handle. + frame_entry(re_frame, kInputString) = *subject; } return 0; diff --git a/src/ia32/regexp-macro-assembler-ia32.cc b/src/ia32/regexp-macro-assembler-ia32.cc index 8b0b9ab..dbf01ab 100644 --- a/src/ia32/regexp-macro-assembler-ia32.cc +++ b/src/ia32/regexp-macro-assembler-ia32.cc @@ -1141,6 +1141,11 @@ int RegExpMacroAssemblerIA32::CheckStackGuardState(Address* return_address, frame_entry(re_frame, kInputString) = *subject; frame_entry(re_frame, kInputStart) = new_address; frame_entry(re_frame, kInputEnd) = new_address + byte_length; + } else if (frame_entry(re_frame, kInputString) != *subject) { + // Subject string might have been a ConsString that underwent + // short-circuiting during GC. That will not change start_address but + // will change pointer inside the subject handle. + frame_entry(re_frame, kInputString) = *subject; } return 0; diff --git a/src/x64/regexp-macro-assembler-x64.cc b/src/x64/regexp-macro-assembler-x64.cc index 55fabc0..1e0cd6a 100644 --- a/src/x64/regexp-macro-assembler-x64.cc +++ b/src/x64/regexp-macro-assembler-x64.cc @@ -1248,6 +1248,11 @@ int RegExpMacroAssemblerX64::CheckStackGuardState(Address* return_address, frame_entry(re_frame, kInputString) = *subject; frame_entry(re_frame, kInputStart) = new_address; frame_entry(re_frame, kInputEnd) = new_address + byte_length; + } else if (frame_entry(re_frame, kInputString) != *subject) { + // Subject string might have been a ConsString that underwent + // short-circuiting during GC. That will not change start_address but + // will change pointer inside the subject handle. + frame_entry(re_frame, kInputString) = *subject; } return 0; -- 2.7.4