Fix for an ARM register allocation bug.

An off-by-one in the register allocator could lead to allocating (and
clobbering) the reserved 0.0 double register.  This required a function with
14 or more live double values.

BUG=
TEST=

Review URL: http://codereview.chromium.org/9114038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/arm/assembler-arm-inl.h

@@ -32,7 +32,7 @@
 
 // The original source code covered by the above license above has been modified
 // significantly by Google Inc.
-// Copyright 2006-2008 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 
 #ifndef V8_ARM_ASSEMBLER_ARM_INL_H_
 #define V8_ARM_ASSEMBLER_ARM_INL_H_
@@ -46,6 +46,13 @@ namespace v8 {
 namespace internal {
 
 
+int DwVfpRegister::ToAllocationIndex(DwVfpRegister reg) {
+  ASSERT(!reg.is(kDoubleRegZero));
+  ASSERT(!reg.is(kScratchDoubleReg));
+  return reg.code();
+}
+
+
 void RelocInfo::apply(intptr_t delta) {
   if (RelocInfo::IsInternalReference(rmode_)) {
     // absolute code pointer inside code object moves with the code object.

src/arm/assembler-arm.h

@@ -32,7 +32,7 @@
 
 // The original source code covered by the above license above has been
 // modified significantly by Google Inc.
-// Copyright 2011 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 
 // A light-weight ARM Assembler
 // Generates user mode instructions for the ARM architecture up to version 5
@@ -176,14 +176,11 @@ struct DwVfpRegister {
   static const int kNumAllocatableRegisters = kNumRegisters -
       kNumReservedRegisters;
 
-  static int ToAllocationIndex(DwVfpRegister reg) {
-    ASSERT(reg.code() != 0);
-    return reg.code() - 1;
-  }
+  inline static int ToAllocationIndex(DwVfpRegister reg);
 
   static DwVfpRegister FromAllocationIndex(int index) {
     ASSERT(index >= 0 && index < kNumAllocatableRegisters);
-    return from_code(index + 1);
+    return from_code(index);
   }
 
   static const char* AllocationIndexToString(int index) {
@@ -307,6 +304,7 @@ const DwVfpRegister d15 = { 15 };
 static const DwVfpRegister& kFirstCalleeSavedDoubleReg = d8;
 static const DwVfpRegister& kLastCalleeSavedDoubleReg = d15;
 static const DwVfpRegister& kDoubleRegZero = d14;
+static const DwVfpRegister& kScratchDoubleReg = d15;
 
 
 // Coprocessor register

src/arm/lithium-codegen-arm.h

@@ -156,7 +156,7 @@ class LCodeGen BASE_EMBEDDED {
   HGraph* graph() const { return chunk_->graph(); }
 
   Register scratch0() { return r9; }
-  DwVfpRegister double_scratch0() { return d15; }
+  DwVfpRegister double_scratch0() { return kScratchDoubleReg; }
 
   int GetNextEmittedBlock(int block);
   LInstruction* GetNextInstruction();

src/arm/lithium-gap-resolver-arm.cc

-// Copyright 2011 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -34,7 +34,6 @@ namespace v8 {
 namespace internal {
 
 static const Register kSavedValueRegister = { 9 };
-static const DoubleRegister kSavedDoubleValueRegister = { 0 };
 
 LGapResolver::LGapResolver(LCodeGen* owner)
     : cgen_(owner), moves_(32), root_index_(0), in_cycle_(false),
@@ -172,9 +171,9 @@ void LGapResolver::BreakCycle(int index) {
   } else if (source->IsStackSlot()) {
     __ ldr(kSavedValueRegister, cgen_->ToMemOperand(source));
   } else if (source->IsDoubleRegister()) {
-    __ vmov(kSavedDoubleValueRegister, cgen_->ToDoubleRegister(source));
+    __ vmov(kScratchDoubleReg, cgen_->ToDoubleRegister(source));
   } else if (source->IsDoubleStackSlot()) {
-    __ vldr(kSavedDoubleValueRegister, cgen_->ToMemOperand(source));
+    __ vldr(kScratchDoubleReg, cgen_->ToMemOperand(source));
   } else {
     UNREACHABLE();
   }
@@ -193,11 +192,9 @@ void LGapResolver::RestoreValue() {
   } else if (saved_destination_->IsStackSlot()) {
     __ str(kSavedValueRegister, cgen_->ToMemOperand(saved_destination_));
   } else if (saved_destination_->IsDoubleRegister()) {
-    __ vmov(cgen_->ToDoubleRegister(saved_destination_),
-            kSavedDoubleValueRegister);
+    __ vmov(cgen_->ToDoubleRegister(saved_destination_), kScratchDoubleReg);
   } else if (saved_destination_->IsDoubleStackSlot()) {
-    __ vstr(kSavedDoubleValueRegister,
-            cgen_->ToMemOperand(saved_destination_));
+    __ vstr(kScratchDoubleReg, cgen_->ToMemOperand(saved_destination_));
   } else {
     UNREACHABLE();
   }
@@ -235,8 +232,8 @@ void LGapResolver::EmitMove(int index) {
           // ip is overwritten while saving the value to the destination.
           // Therefore we can't use ip.  It is OK if the read from the source
           // destroys ip, since that happens before the value is read.
-          __ vldr(kSavedDoubleValueRegister.low(), source_operand);
-          __ vstr(kSavedDoubleValueRegister.low(), destination_operand);
+          __ vldr(kScratchDoubleReg.low(), source_operand);
+          __ vstr(kScratchDoubleReg.low(), destination_operand);
         } else {
           __ ldr(ip, source_operand);
           __ str(ip, destination_operand);
@@ -297,8 +294,8 @@ void LGapResolver::EmitMove(int index) {
         __ ldr(kSavedValueRegister, source_high_operand);
         __ str(kSavedValueRegister, destination_high_operand);
       } else {
-        __ vldr(kSavedDoubleValueRegister, source_operand);
-        __ vstr(kSavedDoubleValueRegister, destination_operand);
+        __ vldr(kScratchDoubleReg, source_operand);
+        __ vstr(kScratchDoubleReg, destination_operand);
       }
     }
   } else {