[v8-dev] MIPS: Fix register clobbering in LoadIC for interceptors. (issue 10315016)

[palfia]

Reviewers: Michael Starzinger, danno, Paul Lind, kisg,
Description:
MIPS: Fix register clobbering in LoadIC for interceptors.

Port r11492 (d14ada19)

Original commit message:
Fix register clobbering in LoadIC for interceptors.

This fixes a corner-case where the receiver register was clobbered by
LoadICs for interceptors and inlined followup code still relied on the
receiver to be intact in case of prototype changes.

BUG=
TEST=


Please review this at https://chromiumcodereview.appspot.com/10315016/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/mips/stub-cache-mips.cc


Index: src/mips/stub-cache-mips.cc
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index  
e2e69c8f52bfa29df06422b31915f0e838f73ad2..64499ac9c961d8cca9857d4434110157017c8eee  
100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -1287,12 +1287,19 @@ void  
StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
                                           name, miss);
     ASSERT(holder_reg.is(receiver) || holder_reg.is(scratch1));

+    // Preserve the receiver register explicitly whenever it is different  
from
+    // the holder and it is needed should the interceptor return without  
any
+    // result. The CALLBACKS case needs the receiver to be passed into C++  
code,
+    // the FIELD case might cause a miss during the prototype check.
+    bool must_perfrom_prototype_check = *interceptor_holder !=  
lookup->holder();
+    bool must_preserve_receiver_reg = !receiver.is(holder_reg) &&
+        (lookup->type() == CALLBACKS || must_perfrom_prototype_check);
+
     // Save necessary data before invoking an interceptor.
     // Requires a frame to make GC aware of pushed pointers.
     {
       FrameScope frame_scope(masm(), StackFrame::INTERNAL);
-      if (lookup->type() == CALLBACKS && !receiver.is(holder_reg)) {
-        // CALLBACKS case needs a receiver to be passed into C++ callback.
+      if (must_preserve_receiver_reg) {
         __ Push(receiver, holder_reg, name_reg);
       } else {
         __ Push(holder_reg, name_reg);
@@ -1316,14 +1323,14 @@ void  
StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
       __ bind(&interceptor_failed);
       __ pop(name_reg);
       __ pop(holder_reg);
-      if (lookup->type() == CALLBACKS && !receiver.is(holder_reg)) {
+      if (must_preserve_receiver_reg) {
         __ pop(receiver);
       }
       // Leave the internal frame.
     }
     // Check that the maps from interceptor's holder to lookup's holder
     // haven't changed.  And load lookup's holder into |holder| register.
-    if (*interceptor_holder != lookup->holder()) {
+    if (must_perfrom_prototype_check) {
       holder_reg = CheckPrototypes(interceptor_holder,
                                    holder_reg,
                                    Handle<JSObject>(lookup->holder()),


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev