Commit 789f327d authored by Ivica Bogosavljevic's avatar Ivica Bogosavljevic Committed by Commit Bot

MIPS: Fix stack overwrite when calling complex turbofan functions

TEST=cctest/test-code-generator/FuzzAssembleMoveAndSwap

Bug: 
Change-Id: I36d0b7df56f3c895a7fd4017e5e9a7cfd0053b2a
Reviewed-on: https://chromium-review.googlesource.com/850399Reviewed-by: 's avatarMiran Karić <miran.karic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50410}
parent 9180b2ca
......@@ -1627,9 +1627,23 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
}
case kMipsPush:
if (instr->InputAt(0)->IsFPRegister()) {
__ Sdc1(i.InputDoubleRegister(0), MemOperand(sp, -kDoubleSize));
__ Subu(sp, sp, Operand(kDoubleSize));
frame_access_state()->IncreaseSPDelta(kDoubleSize / kPointerSize);
LocationOperand* op = LocationOperand::cast(instr->InputAt(0));
switch (op->representation()) {
case MachineRepresentation::kFloat32:
__ swc1(i.InputFloatRegister(0), MemOperand(sp, -kFloatSize));
__ Subu(sp, sp, Operand(kFloatSize));
frame_access_state()->IncreaseSPDelta(kFloatSize / kPointerSize);
break;
case MachineRepresentation::kFloat64:
__ Sdc1(i.InputDoubleRegister(0), MemOperand(sp, -kDoubleSize));
__ Subu(sp, sp, Operand(kDoubleSize));
frame_access_state()->IncreaseSPDelta(kDoubleSize / kPointerSize);
break;
default: {
UNREACHABLE();
break;
}
}
} else {
__ Push(i.InputRegister(0));
frame_access_state()->IncreaseSPDelta(1);
......
......@@ -1180,8 +1180,16 @@ void InstructionSelector::EmitPrepareArguments(
// Possibly align stack here for functions.
int push_count = static_cast<int>(descriptor->StackParameterCount());
if (push_count > 0) {
// Calculate needed space
int stack_size = 0;
for (size_t n = 0; n < arguments->size(); ++n) {
PushParameter input = (*arguments)[n];
if (input.node) {
stack_size += input.location.GetSizeInPointers();
}
}
Emit(kMipsStackClaim, g.NoOutput(),
g.TempImmediate(push_count << kPointerSizeLog2));
g.TempImmediate(stack_size << kPointerSizeLog2));
}
for (size_t n = 0; n < arguments->size(); ++n) {
PushParameter input = (*arguments)[n];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment