Reviewers: Benedikt Meurer, dstence, joransiu, john.yan,
Description:
PPC: [builtins] Pass correct number of arguments after adapting arguments.
Port fbad63669e309e8c5c3f2ecf503df2fefaac79bb
Original commit message:
The call protocol requires that the register dedicated to the number of
actual arguments (i.e. rax on x64) always contains the actual arguments.
That means after adapting arguments it should match the number of
expected arguments. But currently we pass some semi-random value
(usually some stack address) after adapting arguments.
It looks like this is currently not observable anywhere, because our
builtins and functions either don't look at the number of arguments and
just make hard coded (unchecked) assumptions, or are marked as "don't
adapt arguments", which bypasses the broken code in the trampoline for
arguments adaption. Nevertheless this should be fixed.
[email protected], [email protected], [email protected],
[email protected]
BUG=
Please review this at https://codereview.chromium.org/1306953005/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+13, -9 lines):
M src/ppc/builtins-ppc.cc
Index: src/ppc/builtins-ppc.cc
diff --git a/src/ppc/builtins-ppc.cc b/src/ppc/builtins-ppc.cc
index
5a5d1b268534e49aea5b57fd8f536d8171a0bb2f..f924d40e815c3ded022f8274bce4f04b0cf3de7c
100644
--- a/src/ppc/builtins-ppc.cc
+++ b/src/ppc/builtins-ppc.cc
@@ -1797,7 +1797,7 @@ void
Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
__ bind(&enough);
EnterArgumentsAdaptorFrame(masm);
- // Calculate copy start address into r3 and copy end address into r5.
+ // Calculate copy start address into r3 and copy end address into r6.
// r3: actual number of arguments as a smi
// r4: function
// r5: expected number of arguments
@@ -1806,20 +1806,21 @@ void
Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
__ add(r3, r3, fp);
// adjust for return address and receiver
__ addi(r3, r3, Operand(2 * kPointerSize));
- __ ShiftLeftImm(r5, r5, Operand(kPointerSizeLog2));
- __ sub(r5, r3, r5);
+ __ ShiftLeftImm(r6, r5, Operand(kPointerSizeLog2));
+ __ sub(r6, r3, r6);
// Copy the arguments (including the receiver) to the new stack frame.
// r3: copy start address
// r4: function
- // r5: copy end address
+ // r5: expected number of arguments
+ // r6: copy end address
// ip: code entry to call
Label copy;
__ bind(©);
__ LoadP(r0, MemOperand(r3, 0));
__ push(r0);
- __ cmp(r3, r5); // Compare before moving to next argument.
+ __ cmp(r3, r6); // Compare before moving to next argument.
__ subi(r3, r3, Operand(kPointerSize));
__ bne(©);
@@ -1889,21 +1890,24 @@ void
Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
// r5: expected number of arguments
// ip: code entry to call
__ LoadRoot(r0, Heap::kUndefinedValueRootIndex);
- __ ShiftLeftImm(r5, r5, Operand(kPointerSizeLog2));
- __ sub(r5, fp, r5);
+ __ ShiftLeftImm(r6, r5, Operand(kPointerSizeLog2));
+ __ sub(r6, fp, r6);
// Adjust for frame.
- __ subi(r5, r5, Operand(StandardFrameConstants::kFixedFrameSizeFromFp +
+ __ subi(r6, r6, Operand(StandardFrameConstants::kFixedFrameSizeFromFp +
2 * kPointerSize));
Label fill;
__ bind(&fill);
__ push(r0);
- __ cmp(sp, r5);
+ __ cmp(sp, r6);
__ bne(&fill);
}
// Call the entry point.
__ bind(&invoke);
+ __ mr(r3, r5);
+ // r3 : expected number of arguments
+ // r4 : function (passed through to callee)
__ CallJSEntry(ip);
// Store offset of return address for deoptimizer.
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
