PPC: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily

Port 6689cc27 Original commit message: Handlers should be in charge of this work. The change uncovered a bug in vector-ics related to keyed loads into strings. It's important for StringCharCodeAtGenerator, a helper used in full code and in LoadIndexedStringStub (a handler) to protect the vector and slot registers when it makes a runtime call to convert a HeapNumber to a Smi. It's still possible for the handler to MISS after this call, perhaps due to out of bounds access. In that case, the vector and slot registers need to be delivered safely to the MISS handler. R=mbrandy@us.ibm.com, svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/1029413002 Cr-Commit-Position: refs/heads/master@{#27430}

PPC: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Port 6689cc27 Original commit message: Handlers should be in charge of this work. The change uncovered a bug in vector-ics related to keyed loads into strings. It's important for StringCharCodeAtGenerator, a helper used in full code and in LoadIndexedStringStub (a handler) to protect the vector and slot registers when it makes a runtime call to convert a HeapNumber to a Smi. It's still possible for the handler to MISS after this call, perhaps due to out of bounds access. In that case, the vector and slot registers need to be delivered safely to the MISS handler. R=mbrandy@us.ibm.com, svenpanne@chromium.org BUG= Review URL: https://codereview.chromium.org/1029413002 Cr-Commit-Position: refs/heads/master@{#27430}
039247c4 · michael_dawson · Commit bot · b6385503 · 039247c4 · 039247c4
Commit 039247c4 authored Mar 25, 2015 by michael_dawson Committed by Commit bot Mar 25, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 10 deletions

code-stubs-ppc.cc src/ppc/code-stubs-ppc.cc +17 -8

full-codegen-ppc.cc src/ppc/full-codegen-ppc.cc +2 -2

No files found.
--- a/src/ppc/code-stubs-ppc.cc
+++ b/src/ppc/code-stubs-ppc.cc
@@ -1594,7 +1594,7 @@ void LoadIndexedStringStub::Generate(MacroAssembler* masm) {
  __ Ret();

  StubRuntimeCallHelper call_helper;
-  char_at_generator.GenerateSlow(masm, call_helper);
+  char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper);

  __ bind(&miss);
  PropertyAccessCompiler::TailCallBuiltin(
@@ -3079,7 +3079,8 @@ void StringCharCodeAtGenerator::GenerateFast(MacroAssembler* masm) {


 void StringCharCodeAtGenerator::GenerateSlow(
-    MacroAssembler* masm, const RuntimeCallHelper& call_helper) {
+    MacroAssembler* masm, EmbedMode embed_mode,
+    const RuntimeCallHelper& call_helper) {
  __ Abort(kUnexpectedFallthroughToCharCodeAtSlowCase);

  // Index is not a smi.
@@ -3088,8 +3089,13 @@ void StringCharCodeAtGenerator::GenerateSlow(
  __ CheckMap(index_, result_, Heap::kHeapNumberMapRootIndex, index_not_number_,
              DONT_DO_SMI_CHECK);
  call_helper.BeforeCall(masm);
-  __ push(object_);
-  __ push(index_);  // Consumed by runtime conversion function.
+  if (FLAG_vector_ics && embed_mode == PART_OF_IC_HANDLER) {
+    __ Push(VectorLoadICDescriptor::VectorRegister(),
+            VectorLoadICDescriptor::SlotRegister(), object_, index_);
+  } else {
+    // index_ is consumed by runtime conversion function.
+    __ Push(object_, index_);
+  }
  if (index_flags_ == STRING_INDEX_IS_NUMBER) {
    __ CallRuntime(Runtime::kNumberToIntegerMapMinusZero, 1);
  } else {
@@ -3100,7 +3106,12 @@ void StringCharCodeAtGenerator::GenerateSlow(
  // Save the conversion result before the pop instructions below
  // have a chance to overwrite it.
  __ Move(index_, r3);
-  __ pop(object_);
+  if (FLAG_vector_ics && embed_mode == PART_OF_IC_HANDLER) {
+    __ Pop(VectorLoadICDescriptor::VectorRegister(),
+           VectorLoadICDescriptor::SlotRegister(), object_);
+  } else {
+    __ pop(object_);
+  }
  // Reload the instance type.
  __ LoadP(result_, FieldMemOperand(object_, HeapObject::kMapOffset));
  __ lbz(result_, FieldMemOperand(result_, Map::kInstanceTypeOffset));
@@ -4778,7 +4789,6 @@ void VectorRawKeyedLoadStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
  __ LoadP(scratch1, FieldMemOperand(feedback, HeapObject::kMapOffset));
  __ CompareRoot(scratch1, Heap::kWeakCellMapRootIndex);
  __ bne(&try_array);
-  __ JumpIfNotSmi(key, &miss);
  HandleMonomorphicCase(masm, receiver, key, vector, slot, feedback, scratch1,
                        &miss);

@@ -4786,9 +4796,8 @@ void VectorRawKeyedLoadStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
  // Is it a fixed array?
  __ CompareRoot(scratch1, Heap::kFixedArrayMapRootIndex);
  __ bne(&not_array);
-  // We have a polymorphic element handler.
-  __ JumpIfNotSmi(key, &miss);

+  // We have a polymorphic element handler.
  Label polymorphic, try_poly_name;
  __ bind(&polymorphic);
  HandleArrayCases(masm, receiver, key, vector, slot, feedback, scratch1, r9,

--- a/src/ppc/full-codegen-ppc.cc
+++ b/src/ppc/full-codegen-ppc.cc
@@ -4105,7 +4105,7 @@ void FullCodeGenerator::EmitStringCharCodeAt(CallRuntime* expr) {
  __ b(&done);

  NopRuntimeCallHelper call_helper;
-  generator.GenerateSlow(masm_, call_helper);
+  generator.GenerateSlow(masm_, NOT_PART_OF_IC_HANDLER, call_helper);

  __ bind(&done);
  context()->Plug(result);
@@ -4147,7 +4147,7 @@ void FullCodeGenerator::EmitStringCharAt(CallRuntime* expr) {
  __ b(&done);

  NopRuntimeCallHelper call_helper;
-  generator.GenerateSlow(masm_, call_helper);
+  generator.GenerateSlow(masm_, NOT_PART_OF_IC_HANDLER, call_helper);

  __ bind(&done);
  context()->Plug(result);