Reviewers: paul.l..., akos.palfi.imgtec, balazs.kilvady, Michael
Starzinger, rossberg,
Description:
MIPS: Remove unsafe EmitLoadRegister usage in AddI/SubI for constant right
operand.
TEST=test/mjsunit/regress/regress-500176
BUG=chromium:500176
LOG=N
Please review this at https://codereview.chromium.org/1185143002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+28, -22 lines):
M src/mips/lithium-codegen-mips.cc
M src/mips/macro-assembler-mips.cc
A test/mjsunit/regress/regress-500176.js
Index: src/mips/lithium-codegen-mips.cc
diff --git a/src/mips/lithium-codegen-mips.cc
b/src/mips/lithium-codegen-mips.cc
index
39a5477f525531e9d0166ddebae8026c41e8186f..3f8470de48a2442678ebfaf29925b5e796439a67
100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -1672,19 +1672,16 @@ void LCodeGen::DoSubI(LSubI* instr) {
} else { // can_overflow.
Register overflow = scratch0();
Register scratch = scratch1();
- if (right->IsStackSlot() || right->IsConstantOperand()) {
+ if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, scratch);
__ SubuAndCheckForOverflow(ToRegister(result),
ToRegister(left),
right_reg,
overflow); // Reg at also used as
scratch.
} else {
- DCHECK(right->IsRegister());
- // Due to overflow check macros not supporting constant operands,
- // handling the IsConstantOperand case was moved to prev if clause.
- __ SubuAndCheckForOverflow(ToRegister(result),
- ToRegister(left),
- ToRegister(right),
+ DCHECK(right->IsRegister() || right->IsConstantOperand());
+ __ SubuAndCheckForOverflow(ToRegister(result), ToRegister(left),
+ ToOperand(right),
overflow); // Reg at also used as
scratch.
}
DeoptimizeIf(lt, instr, Deoptimizer::kOverflow, overflow,
@@ -1872,20 +1869,16 @@ void LCodeGen::DoAddI(LAddI* instr) {
} else { // can_overflow.
Register overflow = scratch0();
Register scratch = scratch1();
- if (right->IsStackSlot() ||
- right->IsConstantOperand()) {
+ if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, scratch);
__ AdduAndCheckForOverflow(ToRegister(result),
ToRegister(left),
right_reg,
overflow); // Reg at also used as
scratch.
} else {
- DCHECK(right->IsRegister());
- // Due to overflow check macros not supporting constant operands,
- // handling the IsConstantOperand case was moved to prev if clause.
- __ AdduAndCheckForOverflow(ToRegister(result),
- ToRegister(left),
- ToRegister(right),
+ DCHECK(right->IsRegister() || right->IsConstantOperand());
+ __ AdduAndCheckForOverflow(ToRegister(result), ToRegister(left),
+ ToOperand(right),
overflow); // Reg at also used as
scratch.
}
DeoptimizeIf(lt, instr, Deoptimizer::kOverflow, overflow,
Index: src/mips/macro-assembler-mips.cc
diff --git a/src/mips/macro-assembler-mips.cc
b/src/mips/macro-assembler-mips.cc
index
8b6c4a44970ce54e7228deeb405d94bcc1c4ebe1..190af3b8768e87831e0e7fbf12c96e3d860b382f
100644
--- a/src/mips/macro-assembler-mips.cc
+++ b/src/mips/macro-assembler-mips.cc
@@ -4452,17 +4452,17 @@ void
MacroAssembler::AdduAndCheckForOverflow(Register dst, Register left,
} else {
if (dst.is(left)) {
mov(scratch, left); // Preserve left.
- addiu(dst, left, right.immediate()); // Left is overwritten.
+ Addu(dst, left, right.immediate()); // Left is overwritten.
xor_(scratch, dst, scratch); // Original left.
// Load right since xori takes uint16 as immediate.
- addiu(t9, zero_reg, right.immediate());
+ Addu(t9, zero_reg, right);
xor_(overflow_dst, dst, t9);
and_(overflow_dst, overflow_dst, scratch);
} else {
addiu(dst, left, right.immediate());
xor_(overflow_dst, dst, left);
// Load right since xori takes uint16 as immediate.
- addiu(t9, zero_reg, right.immediate());
+ Addu(t9, zero_reg, right);
xor_(scratch, dst, t9);
and_(overflow_dst, scratch, overflow_dst);
}
@@ -4520,17 +4520,17 @@ void
MacroAssembler::SubuAndCheckForOverflow(Register dst, Register left,
} else {
if (dst.is(left)) {
mov(scratch, left); // Preserve left.
- addiu(dst, left, -(right.immediate())); // Left is overwritten.
+ Subu(dst, left, right); // Left is overwritten.
xor_(overflow_dst, dst, scratch); // scratch is original left.
// Load right since xori takes uint16 as immediate.
- addiu(t9, zero_reg, right.immediate());
+ Addu(t9, zero_reg, right);
xor_(scratch, scratch, t9); // scratch is original left.
and_(overflow_dst, scratch, overflow_dst);
} else {
- addiu(dst, left, -(right.immediate()));
+ Subu(dst, left, right);
xor_(overflow_dst, dst, left);
// Load right since xori takes uint16 as immediate.
- addiu(t9, zero_reg, right.immediate());
+ Addu(t9, zero_reg, right);
xor_(scratch, left, t9);
and_(overflow_dst, scratch, overflow_dst);
}
Index: test/mjsunit/regress/regress-500176.js
diff --git a/test/mjsunit/regress/regress-500176.js
b/test/mjsunit/regress/regress-500176.js
new file mode 100644
index
0000000000000000000000000000000000000000..6700ef0f3340c29fdf0883d39f7164a2af89e817
--- /dev/null
+++ b/test/mjsunit/regress/regress-500176.js
@@ -0,0 +1,13 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function __f_0(p) {
+ var __v_0 = -2147483642;
+ for (var __v_1 = 0; __v_1 < 10; __v_1++) {
+ if (__v_1 > 5) { __v_0 = __v_0 + p; break;}
+ }
+}
+for (var __v_2 = 0; __v_2 < 100000; __v_2++) __f_0(42);
+__v_2 = { f: function () { return x + y; },
+ 2: function () { return x - y} };
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
