From fc8a0e3fa5ac9c1712191a48b5118e49a4c053c3 Mon Sep 17 00:00:00 2001
From: "feng@chromium.org"
 <feng@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 7 Nov 2008 22:56:41 +0000
Subject: [PATCH] Fix OOM handler code. Old code didn't pop up the state slot.

Review URL: http://codereview.chromium.org/10223

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@720 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/codegen-arm.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/codegen-arm.cc b/src/codegen-arm.cc
index fae227016..caf6906b6 100644
--- a/src/codegen-arm.cc
+++ b/src/codegen-arm.cc
@@ -3859,8 +3859,16 @@ void CEntryStub::GenerateThrowOutOfMemory(MacroAssembler* masm) {
   // Restore the stack to the address of the ENTRY handler
   __ mov(sp, Operand(r3));
 
-  // restore parameter- and frame-pointer and pop state.
-  __ ldm(ia_w, sp, r3.bit() | pp.bit() | fp.bit());
+  // Stack layout at this point. See also PushTryHandler
+  // r3, sp ->   next handler
+  //             state (ENTRY)
+  //             pp 
+  //             fp
+  //             lr 
+
+  // Discard ENTRY state (r2 is not used), and restore parameter-
+  // and frame-pointer and pop state.
+  __ ldm(ia_w, sp, r2.bit() | r3.bit() | pp.bit() | fp.bit());
   // Before returning we restore the context from the frame pointer if not NULL.
   // The frame pointer is NULL in the exception handler of a JS entry frame.
   __ cmp(fp, Operand(0));
-- 
2.34.1