From 755fcfec4983b756d8d41dcdfc6062fe94fda12d Mon Sep 17 00:00:00 2001
From: "bmeurer@chromium.org"
 <bmeurer@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 24 Sep 2013 09:29:00 +0000
Subject: [PATCH] Fix invalid X87 stack depth after LCompareNumericAndBranch.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23456044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/ia32/lithium-codegen-ia32.cc | 22 ++++++++++++++++++----
 src/ia32/lithium-codegen-ia32.h  |  1 +
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc
index 98a049b..4818b3e 100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -416,6 +416,13 @@ bool LCodeGen::GenerateBody() {
         x87_stack_.LeavingBlock(current_block_, LGoto::cast(instr));
       } else if (FLAG_debug_code && FLAG_enable_slow_asserts &&
                  !instr->IsGap() && !instr->IsReturn()) {
+        if (instr->ClobbersDoubleRegisters()) {
+          if (instr->HasDoubleRegisterResult()) {
+            ASSERT_EQ(1, x87_stack_.depth());
+          } else {
+            ASSERT_EQ(0, x87_stack_.depth());
+          }
+        }
         __ VerifyX87StackDepth(x87_stack_.depth());
       }
     }
@@ -561,6 +568,16 @@ void LCodeGen::X87LoadForUsage(X87Register reg) {
 }
 
 
+void LCodeGen::X87LoadForUsage(X87Register reg1, X87Register reg2) {
+  ASSERT(x87_stack_.Contains(reg1));
+  ASSERT(x87_stack_.Contains(reg2));
+  x87_stack_.Fxch(reg1, 1);
+  x87_stack_.Fxch(reg2);
+  x87_stack_.pop();
+  x87_stack_.pop();
+}
+
+
 void LCodeGen::X87Stack::Fxch(X87Register reg, int other_slot) {
   ASSERT(is_mutable_);
   ASSERT(Contains(reg) && stack_depth_ > other_slot);
@@ -2572,10 +2589,7 @@ void LCodeGen::DoCompareNumericAndBranch(LCompareNumericAndBranch* instr) {
         CpuFeatureScope scope(masm(), SSE2);
         __ ucomisd(ToDoubleRegister(left), ToDoubleRegister(right));
       } else {
-        X87Fxch(ToX87Register(right));
-        X87Fxch(ToX87Register(left), 1);
-        __ fld(0);
-        __ fld(2);
+        X87LoadForUsage(ToX87Register(right), ToX87Register(left));
         __ FCmp();
       }
       // Don't base result on EFLAGS when a NaN is involved. Instead
diff --git a/src/ia32/lithium-codegen-ia32.h b/src/ia32/lithium-codegen-ia32.h
index a2280f8..a813b3c 100644
--- a/src/ia32/lithium-codegen-ia32.h
+++ b/src/ia32/lithium-codegen-ia32.h
@@ -129,6 +129,7 @@ class LCodeGen V8_FINAL BASE_EMBEDDED {
       X87Register left, X87Register right, X87Register result);
 
   void X87LoadForUsage(X87Register reg);
+  void X87LoadForUsage(X87Register reg1, X87Register reg2);
   void X87PrepareToWrite(X87Register reg) { x87_stack_.PrepareToWrite(reg); }
   void X87CommitWrite(X87Register reg) { x87_stack_.CommitWrite(reg); }
 
-- 
2.7.4