From 6287c675d81f20356096918ba2a4970cf532d6bf Mon Sep 17 00:00:00 2001 From: "feng.qian.v8" Date: Tue, 2 Sep 2008 21:47:45 +0000 Subject: [PATCH] Change __ mov(eax, TOS) to __ pop(eax); ... __ push(eax); to enable push/pop eliminations. __ push(eax) must happen before RecordWrite because RecordWrite may destroy eax value. To be safe, also moved __ push(r0) on ARM to above RecordWrite. This only affects the case where a context variable is used in a inner scope. Create a tests for it. It fails if __ push(eax) is after RecordWrite. git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@111 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/codegen-arm.cc | 2 +- src/codegen-ia32.cc | 3 +- test/mjsunit/context-variable-assignments.js | 37 ++++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 test/mjsunit/context-variable-assignments.js diff --git a/src/codegen-arm.cc b/src/codegen-arm.cc index 4ada0ad4a..efa0e63ec 100644 --- a/src/codegen-arm.cc +++ b/src/codegen-arm.cc @@ -3238,6 +3238,7 @@ void ArmCodeGenerator::VisitSlot(Slot* node) { // r2 may be loaded with context; used below in RecordWrite. __ pop(r0); __ str(r0, SlotOperand(node, r2)); + __ push(r0); if (node->type() == Slot::CONTEXT) { // Skip write barrier if the written value is a smi. Label exit; @@ -3249,7 +3250,6 @@ void ArmCodeGenerator::VisitSlot(Slot* node) { __ RecordWrite(r2, r3, r1); __ bind(&exit); } - __ push(r0); break; } } diff --git a/src/codegen-ia32.cc b/src/codegen-ia32.cc index 21a179c8d..9fd01ea73 100644 --- a/src/codegen-ia32.cc +++ b/src/codegen-ia32.cc @@ -3440,8 +3440,9 @@ void Ia32CodeGenerator::VisitSlot(Slot* node) { // Variable::CONST because of const declarations which will // initialize consts to 'the hole' value and by doing so, end // up calling this code. - __ mov(eax, TOS); + __ pop(eax); __ mov(SlotOperand(node, ecx), eax); + __ push(eax); // RecordWrite may destroy the value in eax. if (node->type() == Slot::CONTEXT) { // ecx is loaded with context when calling SlotOperand above. int offset = FixedArray::kHeaderSize + node->index() * kPointerSize; diff --git a/test/mjsunit/context-variable-assignments.js b/test/mjsunit/context-variable-assignments.js new file mode 100644 index 000000000..7b3b1ad9c --- /dev/null +++ b/test/mjsunit/context-variable-assignments.js @@ -0,0 +1,37 @@ +// Copyright 2008 Google Inc. All Rights Reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +function foo() { + var a, b; + var bar = function() { + a = b = "hello world"; + } + bar(); + return a; +} + +assertEquals("hello world", foo()); -- 2.34.1