From fe0d860ba8e045080bef466d1611ec5ffdbf8498 Mon Sep 17 00:00:00 2001 From: "akos.palfi" Date: Mon, 23 Mar 2015 15:45:05 -0700 Subject: [PATCH] MIPS64: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily Port 6689cc27ebe60685c025de9ae1f09919093f8213 Original commit message: Handlers should be in charge of this work. The change uncovered a bug in vector-ics related to keyed loads into strings. It's important for StringCharCodeAtGenerator, a helper used in full code and in LoadIndexedStringStub (a handler) to protect the vector and slot registers when it makes a runtime call to convert a HeapNumber to a Smi. It's still possible for the handler to MISS after this call, perhaps due to out of bounds access. In that case, the vector and slot registers need to be delivered safely to the MISS handler. BUG= Review URL: https://codereview.chromium.org/1025303005 Cr-Commit-Position: refs/heads/master@{#27383} --- src/mips64/code-stubs-mips64.cc | 24 +++++++++++++++--------- src/mips64/full-codegen-mips64.cc | 4 ++-- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/src/mips64/code-stubs-mips64.cc b/src/mips64/code-stubs-mips64.cc index 643ff5c..74477b5 100644 --- a/src/mips64/code-stubs-mips64.cc +++ b/src/mips64/code-stubs-mips64.cc @@ -1380,12 +1380,8 @@ void LoadIndexedStringStub::Generate(MacroAssembler* masm) { Register result = v0; DCHECK(!scratch.is(receiver) && !scratch.is(index)); DCHECK(!FLAG_vector_ics || - (!scratch.is(VectorLoadICDescriptor::VectorRegister()) && - result.is(VectorLoadICDescriptor::SlotRegister()))); + !scratch.is(VectorLoadICDescriptor::VectorRegister())); - // StringCharAtGenerator doesn't use the result register until it's passed - // the different miss possibilities. If it did, we would have a conflict - // when FLAG_vector_ics is true. StringCharAtGenerator char_at_generator(receiver, index, scratch, result, &miss, // When not a string. &miss, // When not a number. @@ -1396,7 +1392,7 @@ void LoadIndexedStringStub::Generate(MacroAssembler* masm) { __ Ret(); StubRuntimeCallHelper call_helper; - char_at_generator.GenerateSlow(masm, call_helper); + char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper); __ bind(&miss); PropertyAccessCompiler::TailCallBuiltin( @@ -3089,7 +3085,7 @@ void CallICStub::GenerateMiss(MacroAssembler* masm) { void StringCharCodeAtGenerator::GenerateSlow( - MacroAssembler* masm, + MacroAssembler* masm, EmbedMode embed_mode, const RuntimeCallHelper& call_helper) { __ Abort(kUnexpectedFallthroughToCharCodeAtSlowCase); @@ -3103,7 +3099,12 @@ void StringCharCodeAtGenerator::GenerateSlow( DONT_DO_SMI_CHECK); call_helper.BeforeCall(masm); // Consumed by runtime conversion function: - __ Push(object_, index_); + if (FLAG_vector_ics && embed_mode == PART_OF_IC_HANDLER) { + __ Push(VectorLoadICDescriptor::VectorRegister(), + VectorLoadICDescriptor::SlotRegister(), object_, index_); + } else { + __ Push(object_, index_); + } if (index_flags_ == STRING_INDEX_IS_NUMBER) { __ CallRuntime(Runtime::kNumberToIntegerMapMinusZero, 1); } else { @@ -3116,7 +3117,12 @@ void StringCharCodeAtGenerator::GenerateSlow( // have a chance to overwrite it. __ Move(index_, v0); - __ pop(object_); + if (FLAG_vector_ics && embed_mode == PART_OF_IC_HANDLER) { + __ Pop(VectorLoadICDescriptor::SlotRegister(), + VectorLoadICDescriptor::VectorRegister(), object_); + } else { + __ pop(object_); + } // Reload the instance type. __ ld(result_, FieldMemOperand(object_, HeapObject::kMapOffset)); __ lbu(result_, FieldMemOperand(result_, Map::kInstanceTypeOffset)); diff --git a/src/mips64/full-codegen-mips64.cc b/src/mips64/full-codegen-mips64.cc index 7d1261f..0f157ec 100644 --- a/src/mips64/full-codegen-mips64.cc +++ b/src/mips64/full-codegen-mips64.cc @@ -4111,7 +4111,7 @@ void FullCodeGenerator::EmitStringCharCodeAt(CallRuntime* expr) { __ jmp(&done); NopRuntimeCallHelper call_helper; - generator.GenerateSlow(masm_, call_helper); + generator.GenerateSlow(masm_, NOT_PART_OF_IC_HANDLER, call_helper); __ bind(&done); context()->Plug(result); @@ -4160,7 +4160,7 @@ void FullCodeGenerator::EmitStringCharAt(CallRuntime* expr) { __ jmp(&done); NopRuntimeCallHelper call_helper; - generator.GenerateSlow(masm_, call_helper); + generator.GenerateSlow(masm_, NOT_PART_OF_IC_HANDLER, call_helper); __ bind(&done); context()->Plug(result); -- 2.7.4