Skip to content

Commit

Permalink
Always update raw pointers when handling interrupts inside RegExp code.
Browse files Browse the repository at this point in the history 
R=mstarzinger@chromium.org
BUG=chromium:469480
LOG=N

Review URL: https://codereview.chromium.org/1034173002

Cr-Commit-Position: refs/heads/master@{#27615}
  • Loading branch information
@hashseed
hashseed authored and Commit bot committed Apr 7, 2015
1 parent 146598f commit c67cb28
Show file tree
Hide file tree
Showing 12 changed files with 199 additions and 765 deletions.
106 changes: 13 additions & 93 deletions src/arm/regexp-macro-assembler-arm.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1040,102 +1040,22 @@ static T& frame_entry(Address re_frame, int frame_offset) {
}


template <typename T>
static T* frame_entry_address(Address re_frame, int frame_offset) {
return reinterpret_cast<T*>(re_frame + frame_offset);
}


int RegExpMacroAssemblerARM::CheckStackGuardState(Address* return_address,
Code* re_code,
Address re_frame) {
Isolate* isolate = frame_entry<Isolate*>(re_frame, kIsolate);
StackLimitCheck check(isolate);
if (check.JsHasOverflowed()) {
isolate->StackOverflow();
return EXCEPTION;
}

// If not real stack overflow the stack guard was used to interrupt
// execution for another purpose.

// If this is a direct call from JavaScript retry the RegExp forcing the call
// through the runtime system. Currently the direct call cannot handle a GC.
if (frame_entry<int>(re_frame, kDirectCall) == 1) {
return RETRY;
}

// Prepare for possible GC.
HandleScope handles(isolate);
Handle<Code> code_handle(re_code);

Handle<String> subject(frame_entry<String*>(re_frame, kInputString));

// Current string.
bool is_one_byte = subject->IsOneByteRepresentationUnderneath();

DCHECK(re_code->instruction_start() <= *return_address);
DCHECK(*return_address <=
re_code->instruction_start() + re_code->instruction_size());

Object* result = isolate->stack_guard()->HandleInterrupts();

if (*code_handle != re_code) { // Return address no longer valid
int delta = code_handle->address() - re_code->address();
// Overwrite the return address on the stack.
*return_address += delta;
}

if (result->IsException()) {
return EXCEPTION;
}

Handle<String> subject_tmp = subject;
int slice_offset = 0;

// Extract the underlying string and the slice offset.
if (StringShape(*subject_tmp).IsCons()) {
subject_tmp = Handle<String>(ConsString::cast(*subject_tmp)->first());
} else if (StringShape(*subject_tmp).IsSliced()) {
SlicedString* slice = SlicedString::cast(*subject_tmp);
subject_tmp = Handle<String>(slice->parent());
slice_offset = slice->offset();
}

// String might have changed.
if (subject_tmp->IsOneByteRepresentation() != is_one_byte) {
// If we changed between an Latin1 and an UC16 string, the specialized
// code cannot be used, and we need to restart regexp matching from
// scratch (including, potentially, compiling a new version of the code).
return RETRY;
}

// Otherwise, the content of the string might have moved. It must still
// be a sequential or external string with the same content.
// Update the start and end pointers in the stack frame to the current
// location (whether it has actually moved or not).
DCHECK(StringShape(*subject_tmp).IsSequential() ||
StringShape(*subject_tmp).IsExternal());

// The original start address of the characters to match.
const byte* start_address = frame_entry<const byte*>(re_frame, kInputStart);

// Find the current start address of the same character at the current string
// position.
int start_index = frame_entry<int>(re_frame, kStartIndex);
const byte* new_address = StringCharacterPosition(*subject_tmp,
start_index + slice_offset);

if (start_address != new_address) {
// If there is a difference, update the object pointer and start and end
// addresses in the RegExp stack frame to match the new value.
const byte* end_address = frame_entry<const byte* >(re_frame, kInputEnd);
int byte_length = static_cast<int>(end_address - start_address);
frame_entry<const String*>(re_frame, kInputString) = *subject;
frame_entry<const byte*>(re_frame, kInputStart) = new_address;
frame_entry<const byte*>(re_frame, kInputEnd) = new_address + byte_length;
} else if (frame_entry<const String*>(re_frame, kInputString) != *subject) {
// Subject string might have been a ConsString that underwent
// short-circuiting during GC. That will not change start_address but
// will change pointer inside the subject handle.
frame_entry<const String*>(re_frame, kInputString) = *subject;
}

return 0;
return NativeRegExpMacroAssembler::CheckStackGuardState(
frame_entry<Isolate*>(re_frame, kIsolate),
frame_entry<int>(re_frame, kStartIndex),
frame_entry<int>(re_frame, kDirectCall) == 1, return_address, re_code,
frame_entry_address<String*>(re_frame, kInputString),
frame_entry_address<const byte*>(re_frame, kInputStart),
frame_entry_address<const byte*>(re_frame, kInputEnd));
}


Expand Down
107 changes: 11 additions & 96 deletions src/arm64/regexp-macro-assembler-arm64.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1285,104 +1285,19 @@ static T& frame_entry(Address re_frame, int frame_offset) {
}


int RegExpMacroAssemblerARM64::CheckStackGuardState(Address* return_address,
Code* re_code,
Address re_frame,
int start_offset,
const byte** input_start,
const byte** input_end) {
Isolate* isolate = frame_entry<Isolate*>(re_frame, kIsolate);
StackLimitCheck check(isolate);
if (check.JsHasOverflowed()) {
isolate->StackOverflow();
return EXCEPTION;
}

// If not real stack overflow the stack guard was used to interrupt
// execution for another purpose.

// If this is a direct call from JavaScript retry the RegExp forcing the call
// through the runtime system. Currently the direct call cannot handle a GC.
if (frame_entry<int>(re_frame, kDirectCall) == 1) {
return RETRY;
}

// Prepare for possible GC.
HandleScope handles(isolate);
Handle<Code> code_handle(re_code);

Handle<String> subject(frame_entry<String*>(re_frame, kInput));

// Current string.
bool is_one_byte = subject->IsOneByteRepresentationUnderneath();

DCHECK(re_code->instruction_start() <= *return_address);
DCHECK(*return_address <=
re_code->instruction_start() + re_code->instruction_size());

Object* result = isolate->stack_guard()->HandleInterrupts();

if (*code_handle != re_code) { // Return address no longer valid
int delta = code_handle->address() - re_code->address();
// Overwrite the return address on the stack.
*return_address += delta;
}

if (result->IsException()) {
return EXCEPTION;
}

Handle<String> subject_tmp = subject;
int slice_offset = 0;

// Extract the underlying string and the slice offset.
if (StringShape(*subject_tmp).IsCons()) {
subject_tmp = Handle<String>(ConsString::cast(*subject_tmp)->first());
} else if (StringShape(*subject_tmp).IsSliced()) {
SlicedString* slice = SlicedString::cast(*subject_tmp);
subject_tmp = Handle<String>(slice->parent());
slice_offset = slice->offset();
}

// String might have changed.
if (subject_tmp->IsOneByteRepresentation() != is_one_byte) {
// If we changed between an Latin1 and an UC16 string, the specialized
// code cannot be used, and we need to restart regexp matching from
// scratch (including, potentially, compiling a new version of the code).
return RETRY;
}
template <typename T>
static T* frame_entry_address(Address re_frame, int frame_offset) {
return reinterpret_cast<T*>(re_frame + frame_offset);
}

// Otherwise, the content of the string might have moved. It must still
// be a sequential or external string with the same content.
// Update the start and end pointers in the stack frame to the current
// location (whether it has actually moved or not).
DCHECK(StringShape(*subject_tmp).IsSequential() ||
StringShape(*subject_tmp).IsExternal());

// The original start address of the characters to match.
const byte* start_address = *input_start;

// Find the current start address of the same character at the current string
// position.
const byte* new_address = StringCharacterPosition(*subject_tmp,
start_offset + slice_offset);

if (start_address != new_address) {
// If there is a difference, update the object pointer and start and end
// addresses in the RegExp stack frame to match the new value.
const byte* end_address = *input_end;
int byte_length = static_cast<int>(end_address - start_address);
frame_entry<const String*>(re_frame, kInput) = *subject;
*input_start = new_address;
*input_end = new_address + byte_length;
} else if (frame_entry<const String*>(re_frame, kInput) != *subject) {
// Subject string might have been a ConsString that underwent
// short-circuiting during GC. That will not change start_address but
// will change pointer inside the subject handle.
frame_entry<const String*>(re_frame, kInput) = *subject;
}

return 0;
int RegExpMacroAssemblerARM64::CheckStackGuardState(
Address* return_address, Code* re_code, Address re_frame, int start_index,
const byte** input_start, const byte** input_end) {
return NativeRegExpMacroAssembler::CheckStackGuardState(
frame_entry<Isolate*>(re_frame, kIsolate), start_index,
frame_entry<int>(re_frame, kDirectCall) == 1, return_address, re_code,
frame_entry_address<String*>(re_frame, kInput), input_start, input_end);
}


Expand Down
106 changes: 13 additions & 93 deletions src/ia32/regexp-macro-assembler-ia32.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1072,102 +1072,22 @@ static T& frame_entry(Address re_frame, int frame_offset) {
}


template <typename T>
static T* frame_entry_address(Address re_frame, int frame_offset) {
return reinterpret_cast<T*>(re_frame + frame_offset);
}


int RegExpMacroAssemblerIA32::CheckStackGuardState(Address* return_address,
Code* re_code,
Address re_frame) {
Isolate* isolate = frame_entry<Isolate*>(re_frame, kIsolate);
StackLimitCheck check(isolate);
if (check.JsHasOverflowed()) {
isolate->StackOverflow();
return EXCEPTION;
}

// If not real stack overflow the stack guard was used to interrupt
// execution for another purpose.

// If this is a direct call from JavaScript retry the RegExp forcing the call
// through the runtime system. Currently the direct call cannot handle a GC.
if (frame_entry<int>(re_frame, kDirectCall) == 1) {
return RETRY;
}

// Prepare for possible GC.
HandleScope handles(isolate);
Handle<Code> code_handle(re_code);

Handle<String> subject(frame_entry<String*>(re_frame, kInputString));

// Current string.
bool is_one_byte = subject->IsOneByteRepresentationUnderneath();

DCHECK(re_code->instruction_start() <= *return_address);
DCHECK(*return_address <=
re_code->instruction_start() + re_code->instruction_size());

Object* result = isolate->stack_guard()->HandleInterrupts();

if (*code_handle != re_code) { // Return address no longer valid
int delta = code_handle->address() - re_code->address();
// Overwrite the return address on the stack.
*return_address += delta;
}

if (result->IsException()) {
return EXCEPTION;
}

Handle<String> subject_tmp = subject;
int slice_offset = 0;

// Extract the underlying string and the slice offset.
if (StringShape(*subject_tmp).IsCons()) {
subject_tmp = Handle<String>(ConsString::cast(*subject_tmp)->first());
} else if (StringShape(*subject_tmp).IsSliced()) {
SlicedString* slice = SlicedString::cast(*subject_tmp);
subject_tmp = Handle<String>(slice->parent());
slice_offset = slice->offset();
}

// String might have changed.
if (subject_tmp->IsOneByteRepresentation() != is_one_byte) {
// If we changed between an LATIN1 and an UC16 string, the specialized
// code cannot be used, and we need to restart regexp matching from
// scratch (including, potentially, compiling a new version of the code).
return RETRY;
}

// Otherwise, the content of the string might have moved. It must still
// be a sequential or external string with the same content.
// Update the start and end pointers in the stack frame to the current
// location (whether it has actually moved or not).
DCHECK(StringShape(*subject_tmp).IsSequential() ||
StringShape(*subject_tmp).IsExternal());

// The original start address of the characters to match.
const byte* start_address = frame_entry<const byte*>(re_frame, kInputStart);

// Find the current start address of the same character at the current string
// position.
int start_index = frame_entry<int>(re_frame, kStartIndex);
const byte* new_address = StringCharacterPosition(*subject_tmp,
start_index + slice_offset);

if (start_address != new_address) {
// If there is a difference, update the object pointer and start and end
// addresses in the RegExp stack frame to match the new value.
const byte* end_address = frame_entry<const byte* >(re_frame, kInputEnd);
int byte_length = static_cast<int>(end_address - start_address);
frame_entry<const String*>(re_frame, kInputString) = *subject;
frame_entry<const byte*>(re_frame, kInputStart) = new_address;
frame_entry<const byte*>(re_frame, kInputEnd) = new_address + byte_length;
} else if (frame_entry<const String*>(re_frame, kInputString) != *subject) {
// Subject string might have been a ConsString that underwent
// short-circuiting during GC. That will not change start_address but
// will change pointer inside the subject handle.
frame_entry<const String*>(re_frame, kInputString) = *subject;
}

return 0;
return NativeRegExpMacroAssembler::CheckStackGuardState(
frame_entry<Isolate*>(re_frame, kIsolate),
frame_entry<int>(re_frame, kStartIndex),
frame_entry<int>(re_frame, kDirectCall) == 1, return_address, re_code,
frame_entry_address<String*>(re_frame, kInputString),
frame_entry_address<const byte*>(re_frame, kInputStart),
frame_entry_address<const byte*>(re_frame, kInputEnd));
}


Expand Down
6 changes: 6 additions & 0 deletions src/isolate.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -833,6 +833,12 @@ Object* Isolate::StackOverflow() {
Throw(*exception, nullptr);

CaptureAndSetSimpleStackTrace(exception, factory()->undefined_value());
#ifdef VERIFY_HEAP
if (FLAG_verify_heap && FLAG_stress_compaction) {
heap()->CollectAllAvailableGarbage("trigger compaction");
}
#endif // VERIFY_HEAP

return heap()->exception();
}

Expand Down
Loading

0 comments on commit c67cb28

Please sign in to comment.