From: danno@chromium.org <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 16 Oct 2012 08:45:17 +0000 (+0000)
Subject: MIPS: Fix ARM bug introduced in r12604 that caused crashes on ARM on crypto-md5 from... 
X-Git-Tag: upstream/4.7.83~15842
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4a2a4b86473337bde5c62d38eebc5316a84573d4;p=platform%2Fupstream%2Fv8.git

MIPS: Fix ARM bug introduced in r12604 that caused crashes on ARM on crypto-md5 from SunSpider.

Port r12623 (22002351)

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/10979066
Patch from Akos Palfi <palfia@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12742 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/mips/code-stubs-mips.cc b/src/mips/code-stubs-mips.cc
index 73b37a0..ca31826 100644
--- a/src/mips/code-stubs-mips.cc
+++ b/src/mips/code-stubs-mips.cc
@@ -7767,7 +7767,9 @@ void StoreArrayLiteralElementStub::Generate(MacroAssembler* masm) {
   // Array literal has ElementsKind of FAST_*_DOUBLE_ELEMENTS.
   __ bind(&double_elements);
   __ lw(t1, FieldMemOperand(a1, JSObject::kElementsOffset));
-  __ StoreNumberToDoubleElements(a0, a3, a1, t1, t2, t3, t5, a2,
+  __ StoreNumberToDoubleElements(a0, a3, a1,
+                                 // Overwrites all regs after this.
+                                 t1, t2, t3, t5, a2,
                                  &slow_elements);
   __ Ret(USE_DELAY_SLOT);
   __ mov(v0, a0);
diff --git a/src/mips/ic-mips.cc b/src/mips/ic-mips.cc
index 60e0fc1..cf70681 100644
--- a/src/mips/ic-mips.cc
+++ b/src/mips/ic-mips.cc
@@ -1269,8 +1269,8 @@ static void KeyedStoreGenerateGenericHelper(
   __ StoreNumberToDoubleElements(value,
                                  key,
                                  receiver,
-                                 elements,
-                                 a3,
+                                 elements,  // Overwritten.
+                                 a3,        // Scratch regs...
                                  t0,
                                  t1,
                                  t2,
diff --git a/src/mips/macro-assembler-mips.cc b/src/mips/macro-assembler-mips.cc
index e88e5be..489eeb0 100644
--- a/src/mips/macro-assembler-mips.cc
+++ b/src/mips/macro-assembler-mips.cc
@@ -3445,7 +3445,7 @@ void MacroAssembler::StoreNumberToDoubleElements(Register value_reg,
     destination = FloatingPointHelper::kCoreRegisters;
   }
 
-  Register untagged_value = receiver_reg;
+  Register untagged_value = elements_reg;
   SmiUntag(untagged_value, value_reg);
   FloatingPointHelper::ConvertIntToDouble(this,
                                           untagged_value,
diff --git a/src/mips/macro-assembler-mips.h b/src/mips/macro-assembler-mips.h
index ad3004a..a13c8ec 100644
--- a/src/mips/macro-assembler-mips.h
+++ b/src/mips/macro-assembler-mips.h
@@ -973,6 +973,7 @@ class MacroAssembler: public Assembler {
   void StoreNumberToDoubleElements(Register value_reg,
                                    Register key_reg,
                                    Register receiver_reg,
+                                   // All regs below here overwritten.
                                    Register elements_reg,
                                    Register scratch1,
                                    Register scratch2,
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index 391f8e0..ba1d177 100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -4748,6 +4748,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
   __ StoreNumberToDoubleElements(value_reg,
                                  key_reg,
                                  receiver_reg,
+                                 // All registers after this are overwritten.
                                  elements_reg,
                                  scratch1,
                                  scratch2,