[v8-dev] [v8] r22968 committed - ARM64: fix Instanceof stub....

[codesite-noreply via v8-dev]

Revision: 22968
Author:   rodolph.perfe...@arm.com
Date:     Thu Aug  7 10:42:55 2014 UTC
Log:      ARM64: fix Instanceof stub.
TF exposed a bug.

BUG=
R=bmeu...@chromium.org

Review URL: https://codereview.chromium.org/443153002
http://code.google.com/p/v8/source/detail?r=22968

Modified:
 /branches/bleeding_edge/src/arm64/code-stubs-arm64.cc

=======================================
--- /branches/bleeding_edge/src/arm64/code-stubs-arm64.cc	Mon Aug  4  
11:34:54 2014 UTC
+++ /branches/bleeding_edge/src/arm64/code-stubs-arm64.cc	Thu Aug  7  
10:42:55 2014 UTC
@@ -1766,7 +1766,7 @@

   // If there is a call site cache, don't look in the global cache, but do  
the
   // real lookup and update the call site cache.
-  if (!HasCallSiteInlineCheck()) {
+  if (!HasCallSiteInlineCheck() && !ReturnTrueFalseObject()) {
     Label miss;
     __ JumpIfNotRoot(function, Heap::kInstanceofCacheFunctionRootIndex,  
&miss);
     __ JumpIfNotRoot(map, Heap::kInstanceofCacheMapRootIndex, &miss);
@@ -1798,6 +1798,7 @@
   }

   Label return_true, return_result;
+  Register smi_value = scratch1;
   {
     // Loop through the prototype chain looking for the function prototype.
     Register chain_map = x1;
@@ -1808,6 +1809,10 @@
     __ LoadRoot(null_value, Heap::kNullValueRootIndex);
     // Speculatively set a result.
     __ Mov(result, res_false);
+    if (!HasCallSiteInlineCheck() && ReturnTrueFalseObject()) {
+      // Value to store in the cache cannot be an object.
+      __ Mov(smi_value, Smi::FromInt(1));
+    }

     __ Bind(&loop);

@@ -1830,6 +1835,10 @@
   // We cannot fall through to here.
   __ Bind(&return_true);
   __ Mov(result, res_true);
+  if (!HasCallSiteInlineCheck() && ReturnTrueFalseObject()) {
+    // Value to store in the cache cannot be an object.
+    __ Mov(smi_value, Smi::FromInt(0));
+  }
   __ Bind(&return_result);
   if (HasCallSiteInlineCheck()) {
     DCHECK(ReturnTrueFalseObject());
@@ -1837,7 +1846,8 @@
     __ GetRelocatedValueLocation(map_check_site, scratch2);
     __ Str(result, MemOperand(scratch2));
   } else {
-    __ StoreRoot(result, Heap::kInstanceofCacheAnswerRootIndex);
+    Register cached_value = ReturnTrueFalseObject() ? smi_value : result;
+    __ StoreRoot(cached_value, Heap::kInstanceofCacheAnswerRootIndex);
   }
   __ Ret();

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.