Revision: 5842
Author: [email protected]
Date: Wed Nov 17 05:59:07 2010
Log: Change the order of evaluation of sub-expressions for keyed call
The expression of the key is now evaluated before the arguments, so all
expressions in a keyed call are evaluared from left to right.
BUG=http://code.google.com/p/v8/issues/detail?id=931
TEST=test/mjsunit/regress/regress-931.js
Review URL: http://codereview.chromium.org/5161002
http://code.google.com/p/v8/source/detail?r=5842
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-931.js
Modified:
/branches/bleeding_edge/src/arm/codegen-arm.cc
/branches/bleeding_edge/src/arm/full-codegen-arm.cc
/branches/bleeding_edge/src/ia32/codegen-ia32.cc
/branches/bleeding_edge/src/ia32/full-codegen-ia32.cc
/branches/bleeding_edge/src/x64/codegen-x64.cc
/branches/bleeding_edge/src/x64/full-codegen-x64.cc
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-931.js Wed Nov 17
05:59:07 2010
@@ -0,0 +1,48 @@
+// Copyright 2009 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// See http://code.google.com/p/v8/issues/detail?id=931.
+
+var sequence = '';
+
+var o = { f: function (x, y) { return x + y; },
+ 2: function (x, y) { return x - y} };
+
+function first() { sequence += "1"; return o; }
+function second() { sequence += "2"; return "f"; }
+function third() { sequence += "3"; return 3; }
+function fourth() { sequence += "4"; return 4; }
+
+var result = (first()[second()](third(), fourth()))
+assertEquals(7, result);
+assertEquals("1234", sequence);
+
+function second_prime() { sequence += "2'"; return 2; }
+
+var result = (first()[second_prime()](third(), fourth()))
+assertEquals(-1, result);
+assertEquals("123412'34", sequence);
=======================================
--- /branches/bleeding_edge/src/arm/codegen-arm.cc Thu Nov 11 02:33:51 2010
+++ /branches/bleeding_edge/src/arm/codegen-arm.cc Wed Nov 17 05:59:07 2010
@@ -4339,9 +4339,12 @@
// -------------------------------------------
// JavaScript example: 'array[index](1, 2, 3)'
// -------------------------------------------
+
+ // Load the receiver and name of the function.
Load(property->obj());
+ Load(property->key());
+
if (property->is_synthetic()) {
- Load(property->key());
EmitKeyedLoad();
// Put the function below the receiver.
// Use the global receiver.
@@ -4351,22 +4354,28 @@
CallWithArguments(args, RECEIVER_MIGHT_BE_VALUE, node->position());
frame_->EmitPush(r0);
} else {
+ // Swap the name of the function and the receiver on the stack to
follow
+ // the calling convention for call ICs.
+ Register key = frame_->PopToRegister();
+ Register receiver = frame_->PopToRegister(key);
+ frame_->EmitPush(key);
+ frame_->EmitPush(receiver);
+
// Load the arguments.
int arg_count = args->length();
for (int i = 0; i < arg_count; i++) {
Load(args->at(i));
}
- // Set the name register and call the IC initialization code.
- Load(property->key());
- frame_->SpillAll();
- frame_->EmitPop(r2); // Function name.
-
+ // Load the key into r2 and call the IC initialization code.
InLoopFlag in_loop = loop_nesting() > 0 ? IN_LOOP : NOT_IN_LOOP;
Handle<Code> stub =
StubCache::ComputeKeyedCallInitialize(arg_count, in_loop);
CodeForSourcePosition(node->position());
+ frame_->SpillAll();
+ __ ldr(r2, frame_->ElementAt(arg_count + 1));
frame_->CallCodeObject(stub, RelocInfo::CODE_TARGET, arg_count +
1);
+ frame_->Drop(); // Drop the key still on the stack.
__ ldr(cp, frame_->Context());
frame_->EmitPush(r0);
}
=======================================
--- /branches/bleeding_edge/src/arm/full-codegen-arm.cc Thu Nov 11 02:33:51
2010
+++ /branches/bleeding_edge/src/arm/full-codegen-arm.cc Wed Nov 17 05:59:07
2010
@@ -1710,6 +1710,15 @@
void FullCodeGenerator::EmitKeyedCallWithIC(Call* expr,
Expression* key,
RelocInfo::Mode mode) {
+ // Load the key.
+ VisitForAccumulatorValue(key);
+
+ // Swap the name of the function and the receiver on the stack to follow
+ // the calling convention for call ICs.
+ __ pop(r1);
+ __ push(r0);
+ __ push(r1);
+
// Code common for calls using the IC.
ZoneList<Expression*>* args = expr->arguments();
int arg_count = args->length();
@@ -1717,18 +1726,17 @@
for (int i = 0; i < arg_count; i++) {
VisitForStackValue(args->at(i));
}
- VisitForAccumulatorValue(key);
- __ mov(r2, r0);
}
// Record source position for debugger.
SetSourcePosition(expr->position(), FORCED_POSITION);
// Call the IC initialization code.
InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP;
Handle<Code> ic = StubCache::ComputeKeyedCallInitialize(arg_count,
in_loop);
+ __ ldr(r2, MemOperand(sp, (arg_count + 1) * kPointerSize)); // Key.
EmitCallIC(ic, mode);
// Restore context register.
__ ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
- context()->Plug(r0);
+ context()->DropAndPlug(1, r0); // Drop the key still on the stack.
}
=======================================
--- /branches/bleeding_edge/src/ia32/codegen-ia32.cc Wed Nov 10 09:00:20
2010
+++ /branches/bleeding_edge/src/ia32/codegen-ia32.cc Wed Nov 17 05:59:07
2010
@@ -6294,6 +6294,18 @@
// Push the receiver onto the frame.
Load(property->obj());
+ // Load the name of the function.
+ Load(property->key());
+
+ // Swap the name of the function and the receiver on the stack to
follow
+ // the calling convention for call ICs.
+ Result key = frame_->Pop();
+ Result receiver = frame_->Pop();
+ frame_->Push(&key);
+ frame_->Push(&receiver);
+ key.Unuse();
+ receiver.Unuse();
+
// Load the arguments.
int arg_count = args->length();
for (int i = 0; i < arg_count; i++) {
@@ -6301,15 +6313,14 @@
frame_->SpillTop();
}
- // Load the name of the function.
- Load(property->key());
-
- // Call the IC initialization code.
+ // Place the key on top of stack and call the IC initialization
code.
+ frame_->PushElementAt(arg_count + 1);
CodeForSourcePosition(node->position());
Result result =
frame_->CallKeyedCallIC(RelocInfo::CODE_TARGET,
arg_count,
loop_nesting());
+ frame_->Drop(); // Drop the key still on the stack.
frame_->RestoreContextRegister();
frame_->Push(&result);
}
=======================================
--- /branches/bleeding_edge/src/ia32/full-codegen-ia32.cc Thu Nov 11
02:33:51 2010
+++ /branches/bleeding_edge/src/ia32/full-codegen-ia32.cc Wed Nov 17
05:59:07 2010
@@ -2017,24 +2017,32 @@
void FullCodeGenerator::EmitKeyedCallWithIC(Call* expr,
Expression* key,
RelocInfo::Mode mode) {
- // Code common for calls using the IC.
+ // Load the key.
+ VisitForAccumulatorValue(key);
+
+ // Swap the name of the function and the receiver on the stack to follow
+ // the calling convention for call ICs.
+ __ pop(ecx);
+ __ push(eax);
+ __ push(ecx);
+
+ // Load the arguments.
ZoneList<Expression*>* args = expr->arguments();
int arg_count = args->length();
{ PreserveStatementPositionScope scope(masm()->positions_recorder());
for (int i = 0; i < arg_count; i++) {
VisitForStackValue(args->at(i));
}
- VisitForAccumulatorValue(key);
- __ mov(ecx, eax);
}
// Record source position of the IC call.
SetSourcePosition(expr->position(), FORCED_POSITION);
InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP;
Handle<Code> ic = StubCache::ComputeKeyedCallInitialize(arg_count,
in_loop);
+ __ mov(ecx, Operand(esp, (arg_count + 1) * kPointerSize)); // Key.
EmitCallIC(ic, mode);
// Restore context register.
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
- context()->Plug(eax);
+ context()->DropAndPlug(1, eax); // Drop the key still on the stack.
}
=======================================
--- /branches/bleeding_edge/src/x64/codegen-x64.cc Wed Nov 10 09:00:20 2010
+++ /branches/bleeding_edge/src/x64/codegen-x64.cc Wed Nov 17 05:59:07 2010
@@ -5592,6 +5592,18 @@
// Push the receiver onto the frame.
Load(property->obj());
+ // Load the name of the function.
+ Load(property->key());
+
+ // Swap the name of the function and the receiver on the stack to
follow
+ // the calling convention for call ICs.
+ Result key = frame_->Pop();
+ Result receiver = frame_->Pop();
+ frame_->Push(&key);
+ frame_->Push(&receiver);
+ key.Unuse();
+ receiver.Unuse();
+
// Load the arguments.
int arg_count = args->length();
for (int i = 0; i < arg_count; i++) {
@@ -5599,14 +5611,13 @@
frame_->SpillTop();
}
- // Load the name of the function.
- Load(property->key());
-
- // Call the IC initialization code.
+ // Place the key on top of stack and call the IC initialization
code.
+ frame_->PushElementAt(arg_count + 1);
CodeForSourcePosition(node->position());
Result result = frame_->CallKeyedCallIC(RelocInfo::CODE_TARGET,
arg_count,
loop_nesting());
+ frame_->Drop(); // Drop the key still on the stack.
frame_->RestoreContextRegister();
frame_->Push(&result);
}
=======================================
--- /branches/bleeding_edge/src/x64/full-codegen-x64.cc Thu Nov 11 02:33:51
2010
+++ /branches/bleeding_edge/src/x64/full-codegen-x64.cc Wed Nov 17 05:59:07
2010
@@ -1739,25 +1739,33 @@
void FullCodeGenerator::EmitKeyedCallWithIC(Call* expr,
Expression* key,
RelocInfo::Mode mode) {
- // Code common for calls using the IC.
+ // Load the key.
+ VisitForAccumulatorValue(key);
+
+ // Swap the name of the function and the receiver on the stack to follow
+ // the calling convention for call ICs.
+ __ pop(rcx);
+ __ push(rax);
+ __ push(rcx);
+
+ // Load the arguments.
ZoneList<Expression*>* args = expr->arguments();
int arg_count = args->length();
{ PreserveStatementPositionScope scope(masm()->positions_recorder());
for (int i = 0; i < arg_count; i++) {
VisitForStackValue(args->at(i));
}
- VisitForAccumulatorValue(key);
- __ movq(rcx, rax);
}
// Record source position for debugger.
SetSourcePosition(expr->position(), FORCED_POSITION);
// Call the IC initialization code.
InLoopFlag in_loop = (loop_depth() > 0) ? IN_LOOP : NOT_IN_LOOP;
Handle<Code> ic = StubCache::ComputeKeyedCallInitialize(arg_count,
in_loop);
+ __ movq(rcx, Operand(rsp, (arg_count + 1) * kPointerSize)); // Key.
EmitCallIC(ic, mode);
// Restore context register.
__ movq(rsi, Operand(rbp, StandardFrameConstants::kContextOffset));
- context()->Plug(rax);
+ context()->DropAndPlug(1, rax); // Drop the key still on the stack.
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
