Reviewers: Vyacheslav Egorov,
Message:
PTAL
Description:
Merge r10457 into the 3.7 branch.
This fixes a problem on MIPS when directly patching caller's code without
issuing write barrier which violated incremental marking invariants.
Please review this at http://codereview.chromium.org/9117023/
SVN Base: http://v8.googlecode.com/svn/branches/3.7/
Affected files:
M src/mips/code-stubs-mips.cc
M src/mips/lithium-codegen-mips.cc
M src/mips/macro-assembler-mips.h
M src/mips/macro-assembler-mips.cc
M src/version.cc
Index: src/mips/code-stubs-mips.cc
===================================================================
--- src/mips/code-stubs-mips.cc (revision 10481)
+++ src/mips/code-stubs-mips.cc (working copy)
@@ -4147,7 +4147,7 @@
const Register inline_site = t5;
const Register scratch = a2;
- const int32_t kDeltaToLoadBoolResult = 4 * kPointerSize;
+ const int32_t kDeltaToLoadBoolResult = 5 * kPointerSize;
Label slow, loop, is_instance, is_not_instance, not_js_object;
@@ -4191,11 +4191,12 @@
// Patch the (relocated) inlined map check.
// The offset was stored in t0 safepoint slot.
- // (See LCodeGen::DoDeferredLInstanceOfKnownGlobal)
+ // (See LCodeGen::DoDeferredLInstanceOfKnownGlobal).
__ LoadFromSafepointRegisterSlot(scratch, t0);
__ Subu(inline_site, ra, scratch);
- // Patch the relocated value to map.
- __ PatchRelocatedValue(inline_site, scratch, map);
+ // Get the map location in scratch and patch it.
+ __ GetRelocatedValue(inline_site, scratch, v1); // v1 used as scratch.
+ __ sw(map, FieldMemOperand(scratch,
JSGlobalPropertyCell::kValueOffset));
}
// Register mapping: a3 is object map and t0 is function prototype.
Index: src/mips/lithium-codegen-mips.cc
===================================================================
--- src/mips/lithium-codegen-mips.cc (revision 10481)
+++ src/mips/lithium-codegen-mips.cc (working copy)
@@ -1986,7 +1986,10 @@
// We use Factory::the_hole_value() on purpose instead of loading from
the
// root array to force relocation to be able to later patch with
// the cached map.
- __ li(at, Operand(factory()->the_hole_value()), true);
+ Handle<JSGlobalPropertyCell> cell =
+ factory()->NewJSGlobalPropertyCell(factory()->the_hole_value());
+ __ li(at, Operand(Handle<Object>(cell)));
+ __ lw(at, FieldMemOperand(at, JSGlobalPropertyCell::kValueOffset));
__ Branch(&cache_miss, ne, map, Operand(at));
// We use Factory::the_hole_value() on purpose instead of loading from
the
// root array to force relocation to be able to later patch
Index: src/mips/macro-assembler-mips.cc
===================================================================
--- src/mips/macro-assembler-mips.cc (revision 10481)
+++ src/mips/macro-assembler-mips.cc (working copy)
@@ -4700,7 +4700,35 @@
FlushICache(li_location, 2);
}
+void MacroAssembler::GetRelocatedValue(Register li_location,
+ Register value,
+ Register scratch) {
+ lw(value, MemOperand(li_location));
+ if (emit_debug_code()) {
+ And(value, value, kOpcodeMask);
+ Check(eq, "The instruction should be a lui.",
+ value, Operand(LUI));
+ lw(value, MemOperand(li_location));
+ }
+ // value now holds a lui instruction. Extract the immediate.
+ sll(value, value, kImm16Bits);
+
+ lw(scratch, MemOperand(li_location, kInstrSize));
+ if (emit_debug_code()) {
+ And(scratch, scratch, kOpcodeMask);
+ Check(eq, "The instruction should be an ori.",
+ scratch, Operand(ORI));
+ lw(scratch, MemOperand(li_location, kInstrSize));
+ }
+ // "scratch" now holds an ori instruction. Extract the immediate.
+ andi(scratch, scratch, kImm16Mask);
+
+ // Merge the results.
+ or_(value, value, scratch);
+}
+
+
void MacroAssembler::CheckPageFlag(
Register object,
Register scratch,
Index: src/mips/macro-assembler-mips.h
===================================================================
--- src/mips/macro-assembler-mips.h (revision 10481)
+++ src/mips/macro-assembler-mips.h (working copy)
@@ -1322,6 +1322,10 @@
void PatchRelocatedValue(Register li_location,
Register scratch,
Register new_value);
+ // Get the relocatad value (loaded data) from the lui/ori pair.
+ void GetRelocatedValue(Register li_location,
+ Register value,
+ Register scratch);
private:
void CallCFunctionHelper(Register function,
Index: src/version.cc
===================================================================
--- src/version.cc (revision 10481)
+++ src/version.cc (working copy)
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 7
#define BUILD_NUMBER 12
-#define PATCH_LEVEL 18
+#define PATCH_LEVEL 19
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
