Reviewers: Vyacheslav Egorov,
Description:
ARM: Fix a crash bug in code for %_IsStringWrapperSafeForDefaultValueOf
Turned out out that the setting of bit
Map::kStringWrapperSafeForDefaultValueOf
in Map::kStringWrapperSafeForDefaultValueOf was not done on the map but in
some
other memory location causing crashes.
[email protected]
BUG=none
TEST=mozilla/data/js1_2/String/slice.js (crashed only on ARM hardware)
Please review this at http://codereview.chromium.org/6816054/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/arm/full-codegen-arm.cc
Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index
d1356fa74efb76fca9edb337f83f28a4f327543d..fe0471f5bdf89aee087a8b69734af1fba663b581
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -2595,9 +2595,9 @@ void
FullCodeGenerator::EmitIsStringWrapperSafeForDefaultValueOf(
// Set the bit in the map to indicate that it has been checked safe for
// default valueOf and set true result.
- __ ldrb(r2, FieldMemOperand(r4, Map::kBitField2Offset));
+ __ ldrb(r2, FieldMemOperand(r1, Map::kBitField2Offset));
__ orr(r2, r2, Operand(1 << Map::kStringWrapperSafeForDefaultValueOf));
- __ strb(r2, FieldMemOperand(r4, Map::kBitField2Offset));
+ __ strb(r2, FieldMemOperand(r1, Map::kBitField2Offset));
__ jmp(if_true);
PrepareForBailoutBeforeSplit(TOS_REG, true, if_true, if_false);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
