Revision: 21196
Author: [email protected]
Date: Thu May 8 08:51:51 2014 UTC
Log: Fix index register assignment in LoadFieldByIndex for arm, arm64,
and mips.
This instruciton clobbers the index register.
BUG=368243
LOG=N
TEST=mjsunit/regress/regress-368243
[email protected]
Review URL: https://codereview.chromium.org/269273003
http://code.google.com/p/v8/source/detail?r=21196
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-368243.js
Modified:
/branches/bleeding_edge/src/arm/lithium-arm.cc
/branches/bleeding_edge/src/arm64/lithium-arm64.cc
/branches/bleeding_edge/src/mips/lithium-mips.cc
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-368243.js Thu May
8 08:51:51 2014 UTC
@@ -0,0 +1,25 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function foo(a, c){
+ for(var f in c) {
+ if ("object" === typeof c[f]) {
+ a[f] = c[f];
+ foo(a[f], c[f]);
+ }
+ }
+};
+
+c = {
+ "one" : { x : 1},
+ "two" : { x : 2},
+ "thr" : { x : 3, z : 4},
+};
+
+foo({}, c);
+foo({}, c);
+%OptimizeFunctionOnNextCall(foo);
+foo({}, c);
=======================================
--- /branches/bleeding_edge/src/arm/lithium-arm.cc Mon May 5 11:03:14 2014
UTC
+++ /branches/bleeding_edge/src/arm/lithium-arm.cc Thu May 8 08:51:51 2014
UTC
@@ -2556,7 +2556,7 @@
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegister(instr->object());
- LOperand* index = UseRegister(instr->index());
+ LOperand* index = UseTempRegister(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);
=======================================
--- /branches/bleeding_edge/src/arm64/lithium-arm64.cc Tue May 6 14:28:29
2014 UTC
+++ /branches/bleeding_edge/src/arm64/lithium-arm64.cc Thu May 8 08:51:51
2014 UTC
@@ -2686,7 +2686,7 @@
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegisterAtStart(instr->object());
- LOperand* index = UseRegister(instr->index());
+ LOperand* index = UseRegisterAndClobber(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);
=======================================
--- /branches/bleeding_edge/src/mips/lithium-mips.cc Mon May 5 11:03:14
2014 UTC
+++ /branches/bleeding_edge/src/mips/lithium-mips.cc Thu May 8 08:51:51
2014 UTC
@@ -2507,7 +2507,7 @@
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegister(instr->object());
- LOperand* index = UseRegister(instr->index());
+ LOperand* index = UseTempRegister(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
