From 3487c67a9dc42e1304ec3cd14c4215e5315e0739 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 3 Jul 2010 13:13:20 -0700 Subject: [PATCH] [JAEGER] Fixed bug in JSOP_POS. --- js/src/methodjit/FrameState-inl.h | 21 +++++++++++++++++++++ js/src/methodjit/FrameState.h | 6 ++++++ js/src/methodjit/nunbox/Assembler.h | 10 ++++++++++ js/src/methodjit/nunbox/FastOps.cpp | 6 ++++-- 4 files changed, 41 insertions(+), 2 deletions(-) diff --git a/js/src/methodjit/FrameState-inl.h b/js/src/methodjit/FrameState-inl.h index 9966a2f5f2c..f5c725bba00 100644 --- a/js/src/methodjit/FrameState-inl.h +++ b/js/src/methodjit/FrameState-inl.h @@ -686,6 +686,27 @@ FrameState::dataRematInfo(const FrameEntry *fe) const return remat; } +inline void +FrameState::giveOwnRegs(FrameEntry *fe) +{ + JS_ASSERT(!fe->isConstant()); + JS_ASSERT(fe == peek(-1)); + + if (!fe->isCopy()) + return; + + RegisterID data = copyDataIntoReg(fe); + if (fe->isTypeKnown()) { + JSValueType type = fe->getKnownType(); + pop(); + pushTypedPayload(type, data); + } else { + RegisterID type = copyTypeIntoReg(fe); + pop(); + pushRegs(type, data); + } +} + } /* namspace mjit */ } /* namspace js */ diff --git a/js/src/methodjit/FrameState.h b/js/src/methodjit/FrameState.h index 214411f35b3..d87f28045cb 100644 --- a/js/src/methodjit/FrameState.h +++ b/js/src/methodjit/FrameState.h @@ -489,6 +489,12 @@ class FrameState */ inline void dupAt(int32 n); + /* + * If the frameentry is a copy, give it its own registers. + * This may only be called on the topmost fe. + */ + inline void giveOwnRegs(FrameEntry *fe); + /* * Returns the current stack depth of the frame. */ diff --git a/js/src/methodjit/nunbox/Assembler.h b/js/src/methodjit/nunbox/Assembler.h index fc377584779..78245db5179 100644 --- a/js/src/methodjit/nunbox/Assembler.h +++ b/js/src/methodjit/nunbox/Assembler.h @@ -178,6 +178,16 @@ class Assembler : public BaseAssembler return branch32(cond, tagOf(address), ImmTag(JSVAL_TAG_INT32)); } + Jump testNumber(Assembler::Condition cond, RegisterID reg) { + cond = (cond == Assembler::Equal) ? Assembler::BelowOrEqual : Assembler::Above; + return branch32(cond, reg, ImmTag(JSVAL_TAG_INT32)); + } + + Jump testNumber(Assembler::Condition cond, Address address) { + cond = (cond == Assembler::Equal) ? Assembler::BelowOrEqual : Assembler::Above; + return branch32(cond, tagOf(address), ImmTag(JSVAL_TAG_INT32)); + } + Jump testPrimitive(Assembler::Condition cond, RegisterID reg) { cond = (cond == Assembler::NotEqual) ? Assembler::AboveOrEqual : Assembler::Below; return branch32(cond, reg, ImmTag(JSVAL_TAG_OBJECT)); diff --git a/js/src/methodjit/nunbox/FastOps.cpp b/js/src/methodjit/nunbox/FastOps.cpp index b89bb47f978..56b8ee37f9b 100644 --- a/js/src/methodjit/nunbox/FastOps.cpp +++ b/js/src/methodjit/nunbox/FastOps.cpp @@ -1215,11 +1215,13 @@ mjit::Compiler::jsop_pos() return; } + frame.giveOwnRegs(top); + Jump j; if (frame.shouldAvoidTypeRemat(top)) - j = masm.branch32(Assembler::GreaterThan, frame.addressOf(top), ImmTag(JSVAL_TAG_INT32)); + j = masm.testNumber(Assembler::NotEqual, frame.addressOf(top)); else - j = masm.branch32(Assembler::GreaterThan, frame.tempRegForType(top), ImmTag(JSVAL_TAG_INT32)); + j = masm.testNumber(Assembler::NotEqual, frame.tempRegForType(top)); stubcc.linkExit(j); stubcc.leave();