Reviewers: Toon Verwaest,
Message:
Hey Toon,
This fixes a bug where the X87 stack was in inconsistent state after
LCompareNumericAndBranch depending on whether the then or else branch was
executed. The "then" branch had the 2 arguments popped off, while the "else"
branch had the 2 arguments left on stack. This way the
LCompareNumericAndBranch
instruction itself cleans up the stack, i.e. pops both arguments from the
X87
stack, which is what the other control instructions do (i.e.
LCmpHoleAndBranch).
PTAL
-- Benedikt
Description:
Fix invalid X87 stack depth after LCompareNumericAndBranch.
Please review this at https://codereview.chromium.org/23456044/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+12, -4 lines):
M src/ia32/lithium-codegen-ia32.h
M src/ia32/lithium-codegen-ia32.cc
Index: src/ia32/lithium-codegen-ia32.cc
diff --git a/src/ia32/lithium-codegen-ia32.cc
b/src/ia32/lithium-codegen-ia32.cc
index
98a049b64abed3387a1d5f6c380a48c1fed8c78f..1a6efc39455ee14343f479d10f4443e3c35715fc
100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -561,6 +561,16 @@ void LCodeGen::X87LoadForUsage(X87Register reg) {
}
+void LCodeGen::X87LoadForUsage(X87Register reg1, X87Register reg2) {
+ ASSERT(x87_stack_.Contains(reg1));
+ ASSERT(x87_stack_.Contains(reg2));
+ x87_stack_.Fxch(reg1, 1);
+ x87_stack_.Fxch(reg2);
+ x87_stack_.pop();
+ x87_stack_.pop();
+}
+
+
void LCodeGen::X87Stack::Fxch(X87Register reg, int other_slot) {
ASSERT(is_mutable_);
ASSERT(Contains(reg) && stack_depth_ > other_slot);
@@ -2572,10 +2582,7 @@ void
LCodeGen::DoCompareNumericAndBranch(LCompareNumericAndBranch* instr) {
CpuFeatureScope scope(masm(), SSE2);
__ ucomisd(ToDoubleRegister(left), ToDoubleRegister(right));
} else {
- X87Fxch(ToX87Register(right));
- X87Fxch(ToX87Register(left), 1);
- __ fld(0);
- __ fld(2);
+ X87LoadForUsage(ToX87Register(right), ToX87Register(left));
__ FCmp();
}
// Don't base result on EFLAGS when a NaN is involved. Instead
Index: src/ia32/lithium-codegen-ia32.h
diff --git a/src/ia32/lithium-codegen-ia32.h
b/src/ia32/lithium-codegen-ia32.h
index
a2280f86586dea328dd85283b0777dbe8b33a0a3..a813b3c542104e81dd6dd6f43a5dbd3e9bf4fdd6
100644
--- a/src/ia32/lithium-codegen-ia32.h
+++ b/src/ia32/lithium-codegen-ia32.h
@@ -129,6 +129,7 @@ class LCodeGen V8_FINAL BASE_EMBEDDED {
X87Register left, X87Register right, X87Register result);
void X87LoadForUsage(X87Register reg);
+ void X87LoadForUsage(X87Register reg1, X87Register reg2);
void X87PrepareToWrite(X87Register reg) {
x87_stack_.PrepareToWrite(reg); }
void X87CommitWrite(X87Register reg) { x87_stack_.CommitWrite(reg); }
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
