The stack layout is mixed up somewhere. I've not got a real fix, but this
diff
gets it a little farther:
diff --git a/src/mips/builtins-mips.cc b/src/mips/builtins-mips.cc
index e7ba9f1..adc4fb5 100644
--- a/src/mips/builtins-mips.cc
+++ b/src/mips/builtins-mips.cc
@@ -646,6 +646,8 @@ static void
Generate_JSConstructStubHelper(MacroAssembler*
masm,
__ bind(&count_incremented);
}
+ __ Pop(a1);
+
// Retrieve smi-tagged arguments count from the stack.
__ lw(a0, MemOperand(sp, 0));
__ SmiUntag(a0);
@@ -654,7 +656,6 @@ static void
Generate_JSConstructStubHelper(MacroAssembler*
masm,
if (use_new_target) {
__ Pop(a3); // new.target
}
- __ Pop(a1);
if (use_new_target) {
__ Push(a3, t4, t4);
a0 was getting a tagged pointer, rather than the smi argument count you
wanted.
I have to leave now for an appointment, I will be back in ~1.5 hours, and
can
look more.
If you want to look further, build mipsel.debug with snapshot=off, then
start up
the shell with --trace-sim flag. You can see where it fails, and watch the
loads/stores to the stack.
With the above patch it now fails where it is trying to offset the stack by
some
integer value, and is again loading a tagged pointer from stack into a1,
rather
than an Smi.
0x26727d14 8fa20000 lw v0, 0(sp) 00000002 <--
[f53cae60] (65888)
0x26727d18 8fa50004 lw a1, 4(sp) 26727941 <--
[f53cae64] (65889) <<--- this gets left-shifted an added to sp, as if
it
was smi.
https://codereview.chromium.org/1203813002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
