electron/patches/v8/merged_maglev_fix_non-materialized_receiver_closure.patch

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

42 lines
1.9 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leszek Swirski <leszeks@chromium.org>
Date: Mon, 23 Sep 2024 13:23:59 +0200
Subject: Merged: [maglev] Fix non-materialized receiver & closure
Stack walks expect the receiver and closure to be materialized.
Bug: 368311899
(cherry picked from commit 6b455eb2c448348b940728241c799c5d7b508c51)
Change-Id: Ib5657712dd49fca6c92d881967228e74a5705a9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5893176
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.9@{#45}
Cr-Branched-From: 64a21d7ad7fca1ddc73a9264132f703f35000b69-refs/heads/12.9.202@{#1}
Cr-Branched-From: da4200b2cfe6eb1ad73c457ed27cf5b7ff32614f-refs/heads/main@{#95679}
diff --git a/src/maglev/maglev-graph-builder.cc b/src/maglev/maglev-graph-builder.cc
index e281e328a8d983a18226ad46b7d17f26ecb964dc..64fc99d3ee8746bcb6403cacd5e86719d45eab07 100644
--- a/src/maglev/maglev-graph-builder.cc
+++ b/src/maglev/maglev-graph-builder.cc
@@ -1347,7 +1347,14 @@ DeoptFrame MaglevGraphBuilder::GetDeoptFrameForLazyDeoptHelper(
if (result_size == 0 ||
!base::IsInRange(reg.index(), result_location.index(),
result_location.index() + result_size - 1)) {
- AddDeoptUse(node);
+ // Receiver and closure values have to be materialized, even if
+ // they don't otherwise escape.
+ if (reg == interpreter::Register::receiver() ||
+ reg == interpreter::Register::function_closure()) {
+ node->add_use();
+ } else {
+ AddDeoptUse(node);
+ }
}
});
AddDeoptUse(ret.closure());