Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(233)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/arm/stub-cache-arm.cc

Issue 11316168: Ensure we do not clobber the register holding the elements backing store. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Use r9 instead of r8, given that r8 is the context register Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-162085.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 4672 matching lines...) Expand 10 before | Expand all | Expand 10 after
4683 4683
4684 void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement( 4684 void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
4685 MacroAssembler* masm, 4685 MacroAssembler* masm,
4686 bool is_js_array, 4686 bool is_js_array,
4687 KeyedAccessGrowMode grow_mode) { 4687 KeyedAccessGrowMode grow_mode) {
4688 // ----------- S t a t e ------------- 4688 // ----------- S t a t e -------------
4689 // -- r0 : value 4689 // -- r0 : value
4690 // -- r1 : key 4690 // -- r1 : key
4691 // -- r2 : receiver 4691 // -- r2 : receiver
4692 // -- lr : return address 4692 // -- lr : return address
4693 // -- r3 : scratch 4693 // -- r3 : scratch (elements backing store)
4694 // -- r4 : scratch 4694 // -- r4 : scratch
4695 // -- r5 : scratch 4695 // -- r5 : scratch
4696 // -- r6 : scratch
4697 // -- r7 : scratch
4698 // -- r9 : scratch
4696 // ----------------------------------- 4699 // -----------------------------------
4697 Label miss_force_generic, transition_elements_kind, grow, slow; 4700 Label miss_force_generic, transition_elements_kind, grow, slow;
4698 Label finish_store, check_capacity; 4701 Label finish_store, check_capacity;
4699 4702
4700 Register value_reg = r0; 4703 Register value_reg = r0;
4701 Register key_reg = r1; 4704 Register key_reg = r1;
4702 Register receiver_reg = r2; 4705 Register receiver_reg = r2;
4703 Register elements_reg = r3; 4706 Register elements_reg = r3;
4704 Register scratch1 = r4; 4707 Register scratch1 = r4;
4705 Register scratch2 = r5; 4708 Register scratch2 = r5;
4706 Register scratch3 = r6; 4709 Register scratch3 = r6;
4707 Register scratch4 = r7; 4710 Register scratch4 = r7;
4711 Register scratch5 = r9;
4708 Register length_reg = r7; 4712 Register length_reg = r7;
4709 4713
4710 // This stub is meant to be tail-jumped to, the receiver must already 4714 // This stub is meant to be tail-jumped to, the receiver must already
4711 // have been verified by the caller to not be a smi. 4715 // have been verified by the caller to not be a smi.
4712 4716
4713 // Check that the key is a smi or a heap number convertible to a smi. 4717 // Check that the key is a smi or a heap number convertible to a smi.
4714 GenerateSmiKeyCheck(masm, key_reg, r4, r5, d1, d2, &miss_force_generic); 4718 GenerateSmiKeyCheck(masm, key_reg, r4, r5, d1, d2, &miss_force_generic);
4715 4719
4716 __ ldr(elements_reg, 4720 __ ldr(elements_reg,
4717 FieldMemOperand(receiver_reg, JSObject::kElementsOffset)); 4721 FieldMemOperand(receiver_reg, JSObject::kElementsOffset));
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
4792 FieldMemOperand(elements_reg, FixedDoubleArray::kLengthOffset)); 4796 FieldMemOperand(elements_reg, FixedDoubleArray::kLengthOffset));
4793 4797
4794 __ mov(scratch1, Operand(kHoleNanLower32)); 4798 __ mov(scratch1, Operand(kHoleNanLower32));
4795 __ mov(scratch2, Operand(kHoleNanUpper32)); 4799 __ mov(scratch2, Operand(kHoleNanUpper32));
4796 for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) { 4800 for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
4797 int offset = FixedDoubleArray::OffsetOfElementAt(i); 4801 int offset = FixedDoubleArray::OffsetOfElementAt(i);
4798 __ str(scratch1, FieldMemOperand(elements_reg, offset)); 4802 __ str(scratch1, FieldMemOperand(elements_reg, offset));
4799 __ str(scratch2, FieldMemOperand(elements_reg, offset + kPointerSize)); 4803 __ str(scratch2, FieldMemOperand(elements_reg, offset + kPointerSize));
4800 } 4804 }
4801 4805
4806 __ mov(scratch1, elements_reg);
4802 __ StoreNumberToDoubleElements(value_reg, 4807 __ StoreNumberToDoubleElements(value_reg,
4803 key_reg, 4808 key_reg,
4804 // All registers after this are overwritten. 4809 // All registers after this are overwritten.
4805 elements_reg,
4806 scratch1, 4810 scratch1,
4807 scratch2, 4811 scratch2,
4808 scratch3, 4812 scratch3,
4809 scratch4, 4813 scratch4,
4814 scratch5,
4810 &transition_elements_kind); 4815 &transition_elements_kind);
4811 4816
4812 // Install the new backing store in the JSArray. 4817 // Install the new backing store in the JSArray.
4813 __ str(elements_reg, 4818 __ str(elements_reg,
4814 FieldMemOperand(receiver_reg, JSObject::kElementsOffset)); 4819 FieldMemOperand(receiver_reg, JSObject::kElementsOffset));
4815 __ RecordWriteField(receiver_reg, JSObject::kElementsOffset, elements_reg, 4820 __ RecordWriteField(receiver_reg, JSObject::kElementsOffset, elements_reg,
4816 scratch1, kLRHasNotBeenSaved, kDontSaveFPRegs, 4821 scratch1, kLRHasNotBeenSaved, kDontSaveFPRegs,
4817 EMIT_REMEMBERED_SET, OMIT_SMI_CHECK); 4822 EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
4818 4823
4819 // Increment the length of the array. 4824 // Increment the length of the array.
(...skipping 20 matching lines...) Expand all
4840 __ Jump(ic_slow, RelocInfo::CODE_TARGET); 4845 __ Jump(ic_slow, RelocInfo::CODE_TARGET);
4841 } 4846 }
4842 } 4847 }
4843 4848
4844 4849
4845 #undef __ 4850 #undef __
4846 4851
4847 } } // namespace v8::internal 4852 } } // namespace v8::internal
4848 4853
4849 #endif // V8_TARGET_ARCH_ARM 4854 #endif // V8_TARGET_ARCH_ARM
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-162085.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698