Skip to content
Permalink
Browse files

Fix bug in x64 immediate operand handling for smi-converting loads

Bug: chromium:802060
Change-Id: I032930af26f7eab8d5d3469ad273bdcdff85b045
Reviewed-on: https://chromium-review.googlesource.com/897723
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51035}
  • Loading branch information...
dannoc authored and Commit Bot committed Feb 1, 2018
1 parent 51af4f5 commit 9ef2ed308522d86ea93cd5a39bd4e188a5ae4f02
Showing with 29 additions and 1 deletion.
  1. +5 −1 src/compiler/x64/instruction-selector-x64.cc
  2. +24 −0 test/mjsunit/regress/regress-802060.js
@@ -109,7 +109,7 @@ class X64OperandGenerator final : public OperandGenerator {
DCHECK(scale_exponent >= 0 && scale_exponent <= 3);
inputs[(*input_count)++] = UseRegister(index);
if (displacement != nullptr) {
inputs[(*input_count)++] = displacement_mode
inputs[(*input_count)++] = displacement_mode == kNegativeDisplacement
? UseNegatedImmediate(displacement)
: UseImmediate(displacement);
static const AddressingMode kMRnI_modes[] = {kMode_MR1I, kMode_MR2I,
@@ -717,6 +717,10 @@ bool TryMatchLoadWord64AndShiftRight(InstructionSelector* selector, Node* node,
}
inputs[input_count++] = ImmediateOperand(ImmediateOperand::INLINE, 4);
} else {
// In the case that the base address was zero, the displacement will be
// in a register and replacing it with an immediate is not allowed. This
// usually only happens in dead code anyway.
if (!inputs[input_count - 1].IsImmediate()) return false;
int32_t displacement = g.GetImmediateIntegerValue(mleft.displacement());
inputs[input_count - 1] =
ImmediateOperand(ImmediateOperand::INLINE, displacement + 4);
@@ -0,0 +1,24 @@
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --allow-natives-syntax

function assertEquals(expected, found) {
found.length !== expected.length;
}
assertEquals([], [])
assertEquals("a", "a");
assertEquals([], []);
function f() {
assertEquals(0, undefined);
}
try {
f();
} catch (e) {
}
%OptimizeFunctionOnNextCall(f);
try {
f();
} catch (e) {
}

0 comments on commit 9ef2ed3

Please sign in to comment.
You can’t perform that action at this time.