Fix ARM bug introduced in r12604 that caused crashes on ARM

on crypto-md5 from SunSpider.  Bug=152402
Review URL: https://chromiumcodereview.appspot.com/10991045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
index 0e24cb8..02bf9c0 100644 (file)
--- a/src/arm/code-stubs-arm.cc
+++ b/src/arm/code-stubs-arm.cc
@@ -7561,7 +7561,9 @@ void StoreArrayLiteralElementStub::Generate(MacroAssembler* masm) {
   // Array literal has ElementsKind of FAST_DOUBLE_ELEMENTS.
   __ bind(&double_elements);
   __ ldr(r5, FieldMemOperand(r1, JSObject::kElementsOffset));
-  __ StoreNumberToDoubleElements(r0, r3, r1, r5, r6, r7, r9, r2,
+  __ StoreNumberToDoubleElements(r0, r3, r1,
+                                 // Overwrites all regs after this.
+                                 r5, r6, r7, r9, r2,
                                  &slow_elements);
   __ Ret();
 }

diff --git a/src/arm/ic-arm.cc b/src/arm/ic-arm.cc
index f2438a5..87d09c0 100644 (file)
--- a/src/arm/ic-arm.cc
+++ b/src/arm/ic-arm.cc
@@ -1380,8 +1380,8 @@ static void KeyedStoreGenerateGenericHelper(
   __ StoreNumberToDoubleElements(value,
                                  key,
                                  receiver,
-                                 elements,
-                                 r3,
+                                 elements,  // Overwritten.
+                                 r3,        // Scratch regs...
                                  r4,
                                  r5,
                                  r6,

diff --git a/src/arm/macro-assembler-arm.cc b/src/arm/macro-assembler-arm.cc
index fef33c1..29cf434 100644 (file)
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -1988,7 +1988,7 @@ void MacroAssembler::StoreNumberToDoubleElements(Register value_reg,
     destination = FloatingPointHelper::kCoreRegisters;
   }
 
-  Register untagged_value = receiver_reg;
+  Register untagged_value = elements_reg;
   SmiUntag(untagged_value, value_reg);
   FloatingPointHelper::ConvertIntToDouble(this,
                                           untagged_value,

diff --git a/src/arm/macro-assembler-arm.h b/src/arm/macro-assembler-arm.h
index 5a81027..cdf6e18 100644 (file)
--- a/src/arm/macro-assembler-arm.h
+++ b/src/arm/macro-assembler-arm.h
@@ -816,6 +816,7 @@ class MacroAssembler: public Assembler {
   void StoreNumberToDoubleElements(Register value_reg,
                                    Register key_reg,
                                    Register receiver_reg,
+                                   // All regs below here overwritten.
                                    Register elements_reg,
                                    Register scratch1,
                                    Register scratch2,

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index 66714f8..14a9c2f 100644 (file)
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -4686,6 +4686,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
   __ StoreNumberToDoubleElements(value_reg,
                                  key_reg,
                                  receiver_reg,
+                                 // All registers after this are overwritten.
                                  elements_reg,
                                  scratch1,
                                  scratch2,