Reviewers: ulan, jochen,
Description:
A64: Fix WrapReceiver corrupting receiver register
BUG=
Please review this at https://codereview.chromium.org/170433006/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+4, -8 lines):
M src/a64/lithium-codegen-a64.cc
Index: src/a64/lithium-codegen-a64.cc
diff --git a/src/a64/lithium-codegen-a64.cc b/src/a64/lithium-codegen-a64.cc
index
2ed23696eb7fab1225602b23a2868603a2feee42..b4b875fb04fdf5baa9ecefcb8c002cd6d03d70ef
100644
--- a/src/a64/lithium-codegen-a64.cc
+++ b/src/a64/lithium-codegen-a64.cc
@@ -5647,6 +5647,7 @@ void LCodeGen::DoWrapReceiver(LWrapReceiver* instr) {
// Deoptimize if the receiver is not a JS object.
__ JumpIfSmi(receiver, &deopt);
__ CompareObjectType(receiver, result, result, FIRST_SPEC_OBJECT_TYPE);
+ __ Mov(result, receiver);
__ B(ge, &done);
// Otherwise, fall through to deopt.
@@ -5654,16 +5655,11 @@ void LCodeGen::DoWrapReceiver(LWrapReceiver* instr)
{
Deoptimize(instr->environment());
__ Bind(&global_object);
- // We could load directly into the result register here, but the
additional
- // branches required are likely to be more time consuming than one
additional
- // move.
- __ Ldr(receiver, FieldMemOperand(function, JSFunction::kContextOffset));
- __ Ldr(receiver, ContextMemOperand(receiver,
Context::GLOBAL_OBJECT_INDEX));
- __ Ldr(receiver,
- FieldMemOperand(receiver, GlobalObject::kGlobalReceiverOffset));
+ __ Ldr(result, FieldMemOperand(function, JSFunction::kContextOffset));
+ __ Ldr(result, ContextMemOperand(result, Context::GLOBAL_OBJECT_INDEX));
+ __ Ldr(result, FieldMemOperand(result,
GlobalObject::kGlobalReceiverOffset));
__ Bind(&done);
- __ Mov(result, receiver);
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
