MIPS: Fix KeyedStoreStubCompiler::GenerateStoreFastDoubleElement()

Test regress-91013.js (to ensure that the stored value was returned) passed on mips
without this fix, since the input value (in value_reg, a0) also happens to be in
mips return value register v0 at the time of call.

But it is fragile to depend on that behavior, so an explicit move from a0 to v0
is warranted. This fix puts that move in the delay slot of the Ret().

Patch by Paul Lind.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7779006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index 5feac30..c17a658 100644 (file)
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -4428,7 +4428,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
   __ sw(mantissa_reg, FieldMemOperand(scratch, FixedDoubleArray::kHeaderSize));
   uint32_t offset = FixedDoubleArray::kHeaderSize + sizeof(kHoleNanLower32);
   __ sw(exponent_reg, FieldMemOperand(scratch, offset));
-  __ Ret();
+  __ Ret(USE_DELAY_SLOT);
+  __ mov(v0, value_reg);  // In delay slot.
 
   __ bind(&maybe_nan);
   // Could be NaN or Infinity. If fraction is not zero, it's NaN, otherwise
@@ -4478,7 +4479,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     __ sw(mantissa_reg, MemOperand(scratch, 0));
     __ sw(exponent_reg, MemOperand(scratch, Register::kSizeInBytes));
   }
-  __ Ret();
+  __ Ret(USE_DELAY_SLOT);
+  __ mov(v0, value_reg);  // In delay slot.
 
   // Handle store cache miss, replacing the ic with the generic stub.
   __ bind(&miss_force_generic);