AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[maglev] Fix elements clobbering in LoadFixed[Double]ArrayElement

Browse Source 
Bug: v8:7700
Change-Id: I8e80fad1b022d7a9c6c27d7577fe25dc0824ac02
Fixed: chromium:1408603
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181023
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85401}
This commit is contained in:
Leszek Swirski 2023-01-19 14:25:00 +01:00 committed by V8 LUCI CQ
parent a88495623a
commit a4f3a2c045
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/maglev/arm64/maglev-ir-arm64.cc
View File

@ -2004,13 +2004,14 @@ void LoadFixedArrayElement::GenerateCode(MaglevAssembler* masm,
__ CompareObjectType(elements, scratch, scratch, FIXED_ARRAY_TYPE);
__ Assert(eq, AbortReason::kUnexpectedValue);
}
__ Add(elements, elements, Operand(index, LSL, kTaggedSizeLog2));
__ DecompressAnyTagged(ToRegister(result()),
FieldMemOperand(elements, FixedArray::kHeaderSize));
Register result_reg = ToRegister(result());
__ Add(result_reg, elements, Operand(index, LSL, kTaggedSizeLog2));
__ DecompressAnyTagged(result_reg,
FieldMemOperand(result_reg, FixedArray::kHeaderSize));
}
void LoadFixedDoubleArrayElement::SetValueLocationConstraints() {
UseRegister(elements_input());
UseAndClobberRegister(elements_input());
UseRegister(index_input());
DefineAsRegister(this);
}