Reviewers: Sven,
Message:
Bugfix for r9690. Please take a look.
http://codereview.chromium.org/8342032/diff/2001/src/arm/code-stubs-arm.cc
File src/arm/code-stubs-arm.cc (left):
http://codereview.chromium.org/8342032/diff/2001/src/arm/code-stubs-arm.cc#oldcode7374
src/arm/code-stubs-arm.cc:7374: r3,
second register in RecordWrite is clobbered (in debug mode), therefore
its value has to be copied to a temp register first. Which also removes
the need to use pre-indexing trickery.
Description:
Bugfix for r9690.
BUG=arm debug test of mjsunit/elements-transition segfaults
Please review this at http://codereview.chromium.org/8342032/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/arm/code-stubs-arm.cc
Index: src/arm/code-stubs-arm.cc
diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
index
22f6a2e23bae63caf2e7605e9d42aeb5b43fcbd6..2b0634808d9f4a2f3b6293ca828e2fc0b0bf7e30
100644
--- a/src/arm/code-stubs-arm.cc
+++ b/src/arm/code-stubs-arm.cc
@@ -6932,7 +6932,7 @@ struct AheadOfTimeWriteBarrierStubList kAheadOfTime[]
= {
// and FastElementsConversionStub::GenerateDoubleToObject
{ r2, r3, r9, EMIT_REMEMBERED_SET },
// FastElementsConversionStub::GenerateDoubleToObject
- { r6, r0, r3, EMIT_REMEMBERED_SET },
+ { r6, r0, lr, EMIT_REMEMBERED_SET },
{ r2, r6, r9, EMIT_REMEMBERED_SET },
// Null termination.
{ no_reg, no_reg, no_reg, EMIT_REMEMBERED_SET}
@@ -7336,15 +7336,15 @@ void
FastElementsConversionStub::GenerateDoubleToObject(
// Prepare for conversion loop.
__ add(r4, r4, Operand(FixedDoubleArray::kHeaderSize - kHeapObjectTag +
4));
- __ add(r3, r6, Operand(FixedArray::kHeaderSize - 4));
+ __ add(r3, r6, Operand(FixedArray::kHeaderSize));
__ add(r6, r6, Operand(kHeapObjectTag));
__ add(r5, r3, Operand(r5, LSL, 1));
__ LoadRoot(r7, Heap::kTheHoleValueRootIndex);
__ LoadRoot(r9, Heap::kHeapNumberMapRootIndex);
- // Using offsetted addresses to fully take advantage of pre/post-indexing
- // r3: begin of destination FixedArray element fields, not tagged, -4
+ // Using offsetted addresses in r4 to fully take advantage of
post-indexing.
+ // r3: begin of destination FixedArray element fields, not tagged
// r4: begin of source FixedDoubleArray element fields, not tagged, +4
- // r5: end of destination FixedArray, not tagged, -4
+ // r5: end of destination FixedArray, not tagged
// r6: destination FixedArray
// r7: the-hole pointer
// r9: heap number map
@@ -7369,9 +7369,10 @@ void
FastElementsConversionStub::GenerateDoubleToObject(
__ str(lr, FieldMemOperand(r0, HeapNumber::kExponentOffset));
__ ldr(lr, MemOperand(r4, 12, NegOffset));
__ str(lr, FieldMemOperand(r0, HeapNumber::kMantissaOffset));
- __ str(r0, MemOperand(r3, 4, PreIndex));
+ __ mov(lr, r3);
+ __ str(r0, MemOperand(r3, 4, PostIndex));
__ RecordWrite(r6,
- r3,
+ lr,
r0,
kLRHasBeenSaved,
kDontSaveFPRegs,
@@ -7381,7 +7382,7 @@ void
FastElementsConversionStub::GenerateDoubleToObject(
// Replace the-hole NaN with the-hole pointer.
__ bind(&convert_hole);
- __ str(r7, MemOperand(r3, 4, PreIndex));
+ __ str(r7, MemOperand(r3, 4, PostIndex));
__ bind(&entry);
__ cmp(r3, r5);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
