[v8-dev] Fix register trashing in Emit*ByteSeqStringSetChar (issue 67103003)

[jkummerow]

Reviewers: Yang,

Message:
PTAL.
Description:
Fix register trashing in Emit*ByteSeqStringSetChar

This is currently not observable without --allow-natives-syntax because all
internal usages are safe, but it deserves to be fixed nonetheless.

BUG=chromium:320922
LOG=N

Please review this at https://codereview.chromium.org/67103003/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+25, -26 lines):
  M src/arm/full-codegen-arm.cc
  M src/ia32/full-codegen-ia32.cc
  M src/mips/full-codegen-mips.cc
  M src/x64/full-codegen-x64.cc
  A + test/mjsunit/regress/regress-crbug-320922.js


Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index  
0cb8e46a24543c403a400ed2cc75c1b6f70eae64..136101b2b164f9a0d3d05038371c1e4ad2422e69  
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -3520,8 +3520,8 @@ void  
FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
-  __ Pop(index, value);
   VisitForAccumulatorValue(args->at(0));  // string
+  __ Pop(index, value);

   if (FLAG_debug_code) {
     static const uint32_t one_byte_seq_type = kSeqStringTag |  
kOneByteStringTag;
@@ -3547,8 +3547,8 @@ void  
FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
-  __ Pop(index, value);
   VisitForAccumulatorValue(args->at(0));  // string
+  __ Pop(index, value);

   if (FLAG_debug_code) {
     static const uint32_t two_byte_seq_type = kSeqStringTag |  
kTwoByteStringTag;
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index  
24cb13f418c33191dc01e04c3a7c2ca855e9e17c..a1236edbb9c12ac8f6f0dfbdd3ed1095729307ce  
100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -3476,10 +3476,10 @@ void  
FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
-  __ pop(value);
-  __ pop(index);
   VisitForAccumulatorValue(args->at(0));  // string

+  __ pop(value);
+  __ pop(index);

   if (FLAG_debug_code) {
     static const uint32_t one_byte_seq_type = kSeqStringTag |  
kOneByteStringTag;
@@ -3504,9 +3504,9 @@ void  
FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
+  VisitForAccumulatorValue(args->at(0));  // string
   __ pop(value);
   __ pop(index);
-  VisitForAccumulatorValue(args->at(0));  // string

   if (FLAG_debug_code) {
     static const uint32_t two_byte_seq_type = kSeqStringTag |  
kTwoByteStringTag;
Index: src/mips/full-codegen-mips.cc
diff --git a/src/mips/full-codegen-mips.cc b/src/mips/full-codegen-mips.cc
index  
a9cf791d91867ea6fa7f8c5e669e281ac888fb5b..1859bc8852f806b51e2e8f14db0bfa294153d916  
100644
--- a/src/mips/full-codegen-mips.cc
+++ b/src/mips/full-codegen-mips.cc
@@ -3549,8 +3549,8 @@ void  
FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
-  __ Pop(index, value);
   VisitForAccumulatorValue(args->at(0));  // string
+  __ Pop(index, value);

   if (FLAG_debug_code) {
     static const uint32_t one_byte_seq_type = kSeqStringTag |  
kOneByteStringTag;
@@ -3578,8 +3578,8 @@ void  
FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
-  __ Pop(index, value);
   VisitForAccumulatorValue(args->at(0));  // string
+  __ Pop(index, value);

   if (FLAG_debug_code) {
     static const uint32_t two_byte_seq_type = kSeqStringTag |  
kTwoByteStringTag;
Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index  
d5fa5e5a7ca250543ce1645959151350f0b102cf..7d0d00a03d66c2fd519b129bd001e4a1f16d7491  
100644
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -3441,9 +3441,9 @@ void  
FullCodeGenerator::EmitOneByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
+  VisitForAccumulatorValue(args->at(0));  // string
   __ pop(value);
   __ pop(index);
-  VisitForAccumulatorValue(args->at(0));  // string

   if (FLAG_debug_code) {
     static const uint32_t one_byte_seq_type = kSeqStringTag |  
kOneByteStringTag;
@@ -3468,9 +3468,9 @@ void  
FullCodeGenerator::EmitTwoByteSeqStringSetChar(CallRuntime* expr) {

   VisitForStackValue(args->at(1));  // index
   VisitForStackValue(args->at(2));  // value
+  VisitForAccumulatorValue(args->at(0));  // string
   __ pop(value);
   __ pop(index);
-  VisitForAccumulatorValue(args->at(0));  // string

   if (FLAG_debug_code) {
     static const uint32_t two_byte_seq_type = kSeqStringTag |  
kTwoByteStringTag;
Index: test/mjsunit/regress/regress-crbug-320922.js
diff --git a/test/mjsunit/elide-double-hole-check-9.js  
b/test/mjsunit/regress/regress-crbug-320922.js
similarity index 78%
copy from test/mjsunit/elide-double-hole-check-9.js
copy to test/mjsunit/regress/regress-crbug-320922.js
index  
88bbc7eaaa2955cf726fda76fca080e8663b1a96..4a5b5813e025b74b7e48e37c7894d5546e0ae909  
100644
--- a/test/mjsunit/elide-double-hole-check-9.js
+++ b/test/mjsunit/regress/regress-crbug-320922.js
@@ -27,23 +27,22 @@

 // Flags: --allow-natives-syntax

-var do_set = false;
-
-%NeverOptimizeFunction(set_proto_elements);
-function set_proto_elements() {
-  if (do_set) Array.prototype[1] = 1.5;
-}
-
-function f(a, i) {
-  set_proto_elements();
-  return a[i] + 0.5;
+var string = "hello world";
+var expected = "Hello " + "world";
+function Capitalize() {
+  %_OneByteSeqStringSetChar(string, 0, 0x48);
 }
+Capitalize();
+assertEquals(expected, string);
+Capitalize();
+assertEquals(expected, string);

-var arr = [0.0,,2.5];
-assertEquals(0.5, f(arr, 0));
-assertEquals(0.5, f(arr, 0));
-%OptimizeFunctionOnNextCall(f);
-assertEquals(0.5, f(arr, 0));
-do_set = true;
-assertEquals(2, f(arr, 1));
+var twobyte = "\u20ACello world";

+function TwoByteCapitalize() {
+  %_TwoByteSeqStringSetChar(twobyte, 0, 0x48);
+}
+TwoByteCapitalize();
+assertEquals(expected, twobyte);
+TwoByteCapitalize();
+assertEquals(expected, twobyte);


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.