From: kasperl@chromium.org Date: Thu, 17 Dec 2009 07:35:12 +0000 (+0000) Subject: Fix ARM and x64 tests in debug mode after r3477. X-Git-Tag: upstream/4.7.83~22802 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=51aa605e62351c0e2a6f53362a2c9b781892ea54;p=platform%2Fupstream%2Fv8.git Fix ARM and x64 tests in debug mode after r3477. TBR=ager@chromium.org Review URL: http://codereview.chromium.org/500090 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc index 7c5ad0e..958842d 100644 --- a/src/arm/stub-cache-arm.cc +++ b/src/arm/stub-cache-arm.cc @@ -777,8 +777,26 @@ Object* CallStubCompiler::CompileCallGlobal(JSObject* object, __ ldr(r1, FieldMemOperand(r3, JSGlobalPropertyCell::kValueOffset)); // Check that the cell contains the same function. - __ cmp(r1, Operand(Handle(function))); - __ b(ne, &miss); + if (Heap::InNewSpace(function)) { + // We can't embed a pointer to a function in new space so we have + // to verify that the shared function info is unchanged. This has + // the nice side effect that multiple closures based on the same + // function can all use this call IC. Before we load through the + // function, we have to verify that it still is a function. + __ tst(r1, Operand(kSmiTagMask)); + __ b(eq, &miss); + __ CompareObjectType(r1, r3, r3, JS_FUNCTION_TYPE); + __ b(ne, &miss); + + // Check the shared function info. Make sure it hasn't changed. + __ mov(r3, Operand(Handle(function->shared()))); + __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset)); + __ cmp(r2, r3); + __ b(ne, &miss); + } else { + __ cmp(r1, Operand(Handle(function))); + __ b(ne, &miss); + } // Patch the receiver on the stack with the global proxy if // necessary. diff --git a/src/ia32/codegen-ia32.cc b/src/ia32/codegen-ia32.cc index 9c42f02..49cfa3a 100644 --- a/src/ia32/codegen-ia32.cc +++ b/src/ia32/codegen-ia32.cc @@ -3595,7 +3595,7 @@ void CodeGenerator::VisitDebuggerStatement(DebuggerStatement* node) { void CodeGenerator::InstantiateBoilerplate(Handle boilerplate) { ASSERT(boilerplate->IsBoilerplate()); - // Use the fast case closure allocation code that allocated in new + // Use the fast case closure allocation code that allocates in new // space for nested functions that don't need literals cloning. if (scope()->is_function_scope() && boilerplate->NumberOfLiterals() == 0) { FastNewClosureStub stub; diff --git a/src/objects.h b/src/objects.h index 1545bbf..0750525 100644 --- a/src/objects.h +++ b/src/objects.h @@ -1804,7 +1804,7 @@ class DescriptorArray: public FixedArray { } static int ToDetailsIndex(int descriptor_number) { - return( descriptor_number << 1) + 1; + return (descriptor_number << 1) + 1; } static int ToValueIndex(int descriptor_number) { diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc index 81e5dae..32bd345 100644 --- a/src/x64/stub-cache-x64.cc +++ b/src/x64/stub-cache-x64.cc @@ -956,8 +956,24 @@ Object* CallStubCompiler::CompileCallGlobal(JSObject* object, __ movq(rdi, FieldOperand(rdi, JSGlobalPropertyCell::kValueOffset)); // Check that the cell contains the same function. - __ Cmp(rdi, Handle(function)); - __ j(not_equal, &miss); + if (Heap::InNewSpace(function)) { + // We can't embed a pointer to a function in new space so we have + // to verify that the shared function info is unchanged. This has + // the nice side effect that multiple closures based on the same + // function can all use this call IC. Before we load through the + // function, we have to verify that it still is a function. + __ JumpIfSmi(rdi, &miss); + __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rcx); + __ j(not_equal, &miss); + + // Check the shared function info. Make sure it hasn't changed. + __ Move(rcx, Handle(function->shared())); + __ cmpq(FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset), rcx); + __ j(not_equal, &miss); + } else { + __ Cmp(rdi, Handle(function)); + __ j(not_equal, &miss); + } // Patch the receiver on the stack with the global proxy. if (object->IsGlobalObject()) {