From: yangguo@chromium.org <yangguo@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 31 Jul 2014 07:50:26 +0000 (+0000)
Subject: Fix issue with storing 31-bit bitfield as Smi.
X-Git-Tag: upstream/4.7.83~7942
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b22724e48b167cea81b8461e6b5fe61f585fd5e6;p=platform%2Fupstream%2Fv8.git

Fix issue with storing 31-bit bitfield as Smi.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/428183003

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/code-stubs.h b/src/code-stubs.h
index 03f7a69..d4a2152 100644
--- a/src/code-stubs.h
+++ b/src/code-stubs.h
@@ -1617,7 +1617,9 @@ class RegExpConstructResultStub V8_FINAL : public HydrogenCodeStub {
 class CallFunctionStub: public PlatformCodeStub {
  public:
   CallFunctionStub(Isolate* isolate, int argc, CallFunctionFlags flags)
-      : PlatformCodeStub(isolate), argc_(argc), flags_(flags) { }
+      : PlatformCodeStub(isolate), argc_(argc), flags_(flags) {
+    ASSERT(argc <= Code::kMaxArguments);
+  }
 
   void Generate(MacroAssembler* masm);
 
@@ -1636,7 +1638,9 @@ class CallFunctionStub: public PlatformCodeStub {
 
   // Minor key encoding in 32 bits with Bitfield <Type, shift, size>.
   class FlagBits: public BitField<CallFunctionFlags, 0, 2> {};
-  class ArgcBits: public BitField<unsigned, 2, 32 - 2> {};
+  class ArgcBits : public BitField<unsigned, 2, Code::kArgumentsBits> {};
+
+  STATIC_ASSERT(Code::kArgumentsBits + 2 <= kStubMinorKeyBits);
 
   Major MajorKey() const { return CallFunction; }
   int MinorKey() const {
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 5ef23c5..42b3913 100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -6182,13 +6182,14 @@ void Code::set_type_feedback_info(Object* value, WriteBarrierMode mode) {
 
 uint32_t Code::stub_key() {
   ASSERT(IsCodeStubOrIC());
-  return Smi::cast(raw_type_feedback_info())->value() - Smi::kMinValue;
+  Smi* smi_key = Smi::cast(raw_type_feedback_info());
+  return static_cast<uint32_t>(smi_key->value());
 }
 
 
 void Code::set_stub_key(uint32_t key) {
   ASSERT(IsCodeStubOrIC());
-  set_raw_type_feedback_info(Smi::FromInt(key + Smi::kMinValue));
+  set_raw_type_feedback_info(Smi::FromInt(key));
 }
 
 
diff --git a/src/objects.h b/src/objects.h
index cd596e9..701a17a 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -305,8 +305,10 @@ static const ExtraICState kNoExtraICState = 0;
 // Instance size sentinel for objects of variable size.
 const int kVariableSizeSentinel = 0;
 
+// We may store the unsigned bit field as signed Smi value and do not
+// use the sign bit.
 const int kStubMajorKeyBits = 7;
-const int kStubMinorKeyBits = kBitsPerInt - kSmiTagSize - kStubMajorKeyBits;
+const int kStubMinorKeyBits = kSmiValueSize - kStubMajorKeyBits - 1;
 
 // All Maps have a field instance_type containing a InstanceType.
 // It describes the type of the instances.