Bug 995704 - Make Ion jitcode incrementally touch huge stack frames to avoid crashes on windows. r=sunfish
authorKannan Vijayan <kvijayan@mozilla.com>
Wed, 30 Apr 2014 12:09:32 -0400
changeset 181436 289e653a7061a773972b5633e6f53718514012c3
parent 181435 885b5b8fd7d95a83a98151b5d68d65fc2a164980
child 181437 e4be5203a3c95938bbe79849b47e6effd6629ff2
push id272
push userpvanderbeken@mozilla.com
push dateMon, 05 May 2014 16:31:18 +0000
reviewerssunfish
bugs995704
milestone32.0a1
Bug 995704 - Make Ion jitcode incrementally touch huge stack frames to avoid crashes on windows. r=sunfish
js/src/jit/CodeGenerator.cpp
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -2723,17 +2723,29 @@ CodeGenerator::generateArgumentsChecks(b
     // arguments are correct. Upon fail it will hit a breakpoint.
 
     MIRGraph &mir = gen->graph();
     MResumePoint *rp = mir.entryResumePoint();
 
     // Reserve the amount of stack the actual frame will use. We have to undo
     // this before falling through to the method proper though, because the
     // monomorphic call case will bypass this entire path.
-    masm.reserveStack(frameSize());
+
+    // On windows, we cannot skip very far down the stack without touching the
+    // memory pages in-between.  This is a corner-case code for situations where the
+    // Ion frame data for a piece of code is very large.  To handle this special case,
+    // for frames over 1k in size we allocate memory on the stack incrementally, touching
+    // it as we go.
+    uint32_t frameSizeLeft = frameSize();
+    while (frameSizeLeft > 1024) {
+        masm.reserveStack(1024);
+        masm.store32(Imm32(0), Address(StackPointer, 0));
+        frameSizeLeft -= 1024;
+    }
+    masm.reserveStack(frameSizeLeft);
 
     // No registers are allocated yet, so it's safe to grab anything.
     Register temp = GeneralRegisterSet(EntryTempMask).getAny();
 
     CompileInfo &info = gen->info();
 
     Label miss;
     for (uint32_t i = info.startArgSlot(); i < info.endArgSlot(); i++) {