AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fix index register assignment in LoadFieldByIndex for arm, arm64, and mips.

Browse Source 
This instruciton clobbers the index register.

BUG=368243
LOG=N
TEST=mjsunit/regress/regress-368243
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/269273003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
ulan@chromium.org 2014-05-08 08:51:51 +00:00
parent 967a79d21a
commit 8999a006be
4 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/arm/lithium-arm.cc
View File

@ -2556,7 +2556,7 @@ LInstruction* LChunkBuilder::DoCheckMapValue(HCheckMapValue* instr) {
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegister(instr->object());
LOperand* index = UseRegister(instr->index());
LOperand* index = UseTempRegister(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);

2
src/arm64/lithium-arm64.cc
View File

@ -2686,7 +2686,7 @@ LInstruction* LChunkBuilder::DoCheckMapValue(HCheckMapValue* instr) {
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegisterAtStart(instr->object());
LOperand* index = UseRegister(instr->index());
LOperand* index = UseRegisterAndClobber(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);

2
src/mips/lithium-mips.cc
View File

@ -2507,7 +2507,7 @@ LInstruction* LChunkBuilder::DoCheckMapValue(HCheckMapValue* instr) {
LInstruction* LChunkBuilder::DoLoadFieldByIndex(HLoadFieldByIndex* instr) {
LOperand* object = UseRegister(instr->object());
LOperand* index = UseRegister(instr->index());
LOperand* index = UseTempRegister(instr->index());
LLoadFieldByIndex* load = new(zone()) LLoadFieldByIndex(object, index);
LInstruction* result = DefineSameAsFirst(load);
return AssignPointerMap(result);

25
test/mjsunit/regress/regress-368243.js Normal file
View File

@ -0,0 +1,25 @@
// Copyright 2014 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function foo(a, c){
for(var f in c) {
if ("object" === typeof c[f]) {
a[f] = c[f];
foo(a[f], c[f]);
}
}
};
c = {
"one" : { x : 1},
"two" : { x : 2},
"thr" : { x : 3, z : 4},
};
foo({}, c);
foo({}, c);
%OptimizeFunctionOnNextCall(foo);
foo({}, c);