Reviewers: Hablich,
Description:
Version 4.5.103.13 (cherry-pick)
Merged 5379d8bc36b3388df4f5a6f7e0a86168f1a5ff0e
[x64] Fix handling of Smi constants in LSubI and LBitI
BUG=chromium:478612
LOG=N
[email protected]
Please review this at https://codereview.chromium.org/1248283003/
Base URL: https://chromium.googlesource.com/v8/[email protected]
Affected files (+67, -3 lines):
M include/v8-version.h
M src/x64/lithium-x64.cc
A test/mjsunit/regress/regress-crbug-478612.js
Index: include/v8-version.h
diff --git a/include/v8-version.h b/include/v8-version.h
index
ee8e177d525d55583f5c79b2873fff761ac096fe..3070d441e3e9b7b80b3bc38124d3ed0b9be49500
100644
--- a/include/v8-version.h
+++ b/include/v8-version.h
@@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 4
#define V8_MINOR_VERSION 5
#define V8_BUILD_NUMBER 103
-#define V8_PATCH_LEVEL 12
+#define V8_PATCH_LEVEL 13
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
Index: src/x64/lithium-x64.cc
diff --git a/src/x64/lithium-x64.cc b/src/x64/lithium-x64.cc
index
8f37505527f607eeab6db522f3357bcb342717d7..3c150e21c91d8abc494fdceed031b3801d0c0680
100644
--- a/src/x64/lithium-x64.cc
+++ b/src/x64/lithium-x64.cc
@@ -1307,7 +1307,13 @@ LInstruction* LChunkBuilder::DoBitwise(HBitwise*
instr) {
DCHECK(instr->CheckFlag(HValue::kTruncatingToInt32));
LOperand* left = UseRegisterAtStart(instr->BetterLeftOperand());
- LOperand* right = UseOrConstantAtStart(instr->BetterRightOperand());
+ LOperand* right;
+ if (SmiValuesAre32Bits() && instr->representation().IsSmi()) {
+ // We don't support tagged immediates, so we request it in a
register.
+ right = UseRegisterAtStart(instr->BetterRightOperand());
+ } else {
+ right = UseOrConstantAtStart(instr->BetterRightOperand());
+ }
return DefineSameAsFirst(new(zone()) LBitI(left, right));
} else {
return DoArithmeticT(instr->op(), instr);
@@ -1549,7 +1555,13 @@ LInstruction* LChunkBuilder::DoSub(HSub* instr) {
DCHECK(instr->left()->representation().Equals(instr->representation()));
DCHECK(instr->right()->representation().Equals(instr->representation()));
LOperand* left = UseRegisterAtStart(instr->left());
- LOperand* right = UseOrConstantAtStart(instr->right());
+ LOperand* right;
+ if (SmiValuesAre32Bits() && instr->representation().IsSmi()) {
+ // We don't support tagged immediates, so we request it in a
register.
+ right = UseRegisterAtStart(instr->right());
+ } else {
+ right = UseOrConstantAtStart(instr->right());
+ }
LSubI* sub = new(zone()) LSubI(left, right);
LInstruction* result = DefineSameAsFirst(sub);
if (instr->CheckFlag(HValue::kCanOverflow)) {
Index: test/mjsunit/regress/regress-crbug-478612.js
diff --git a/test/mjsunit/regress/regress-crbug-478612.js
b/test/mjsunit/regress/regress-crbug-478612.js
new file mode 100644
index
0000000000000000000000000000000000000000..3419722cd018d9c5757165a74b4109f0a7d97418
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-478612.js
@@ -0,0 +1,52 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+// This is used to force binary operations below to have tagged
representation.
+var z = {valueOf: function() { return 3; }};
+
+
+function f() {
+ var y = -2;
+ return (1 & z) - y++;
+}
+
+assertEquals(3, f());
+assertEquals(3, f());
+%OptimizeFunctionOnNextCall(f);
+assertEquals(3, f());
+
+
+function g() {
+ var y = 2;
+ return (1 & z) | y++;
+}
+
+assertEquals(3, g());
+assertEquals(3, g());
+%OptimizeFunctionOnNextCall(g);
+assertEquals(3, g());
+
+
+function h() {
+ var y = 3;
+ return (3 & z) & y++;
+}
+
+assertEquals(3, h());
+assertEquals(3, h());
+%OptimizeFunctionOnNextCall(h);
+assertEquals(3, h());
+
+
+function i() {
+ var y = 2;
+ return (1 & z) ^ y++;
+}
+
+assertEquals(3, i());
+assertEquals(3, i());
+%OptimizeFunctionOnNextCall(i);
+assertEquals(3, i());
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
