A64: Fix WrapReceiver corrupting receiver register

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/170433006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/a64/lithium-codegen-a64.cc b/src/a64/lithium-codegen-a64.cc
index 2ed2369..b4b875f 100644 (file)
--- a/src/a64/lithium-codegen-a64.cc
+++ b/src/a64/lithium-codegen-a64.cc
@@ -5647,6 +5647,7 @@ void LCodeGen::DoWrapReceiver(LWrapReceiver* instr) {
   // Deoptimize if the receiver is not a JS object.
   __ JumpIfSmi(receiver, &deopt);
   __ CompareObjectType(receiver, result, result, FIRST_SPEC_OBJECT_TYPE);
+  __ Mov(result, receiver);
   __ B(ge, &done);
   // Otherwise, fall through to deopt.
 
@@ -5654,16 +5655,11 @@ void LCodeGen::DoWrapReceiver(LWrapReceiver* instr) {
   Deoptimize(instr->environment());
 
   __ Bind(&global_object);
-  // We could load directly into the result register here, but the additional
-  // branches required are likely to be more time consuming than one additional
-  // move.
-  __ Ldr(receiver, FieldMemOperand(function, JSFunction::kContextOffset));
-  __ Ldr(receiver, ContextMemOperand(receiver, Context::GLOBAL_OBJECT_INDEX));
-  __ Ldr(receiver,
-         FieldMemOperand(receiver, GlobalObject::kGlobalReceiverOffset));
+  __ Ldr(result, FieldMemOperand(function, JSFunction::kContextOffset));
+  __ Ldr(result, ContextMemOperand(result, Context::GLOBAL_OBJECT_INDEX));
+  __ Ldr(result, FieldMemOperand(result, GlobalObject::kGlobalReceiverOffset));
 
   __ Bind(&done);
-  __ Mov(result, receiver);
 }