Fix native stacks flag for pointer compression

The interpreted-frames-native-stack flag has been broken since pointer compression was enabled. This fixes the load of the field. Bug: v8:10138 Change-Id: I746407a7a5680c5d3e9a3b190371af00818282b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011206 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65878}

Fix native stacks flag for pointer compression
The interpreted-frames-native-stack flag has been broken since pointer compression was enabled. This fixes the load of the field. Bug: v8:10138 Change-Id: I746407a7a5680c5d3e9a3b190371af00818282b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011206 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65878}
99641cb4 · Bill Ticehurst · Commit Bot · 7fe5ce42 · 99641cb4 · 99641cb4
Commit 99641cb4 authored Jan 21, 2020 by Bill Ticehurst Committed by Commit Bot Jan 21, 2020
4 changed files
--- a/src/builtins/arm64/builtins-arm64.cc
+++ b/src/builtins/arm64/builtins-arm64.cc
@@ -1477,8 +1477,8 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
                       INTERPRETER_DATA_TYPE);
  __ B(ne, &builtin_trampoline);

-  __ Ldr(x1,
-         FieldMemOperand(x1, InterpreterData::kInterpreterTrampolineOffset));
+  __ LoadTaggedPointerField(
+      x1, FieldMemOperand(x1, InterpreterData::kInterpreterTrampolineOffset));
  __ Add(x1, x1, Operand(Code::kHeaderSize - kHeapObjectTag));
  __ B(&trampoline_loaded);


--- a/src/builtins/x64/builtins-x64.cc
+++ b/src/builtins/x64/builtins-x64.cc
@@ -1382,8 +1382,8 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
  __ CmpObjectType(rbx, INTERPRETER_DATA_TYPE, kScratchRegister);
  __ j(not_equal, &builtin_trampoline, Label::kNear);

-  __ movq(rbx,
-          FieldOperand(rbx, InterpreterData::kInterpreterTrampolineOffset));
+  __ LoadTaggedPointerField(
+      rbx, FieldOperand(rbx, InterpreterData::kInterpreterTrampolineOffset));
  __ addq(rbx, Immediate(Code::kHeaderSize - kHeapObjectTag));
  __ jmp(&trampoline_loaded, Label::kNear);


--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@@ -370,6 +370,9 @@

  # Slow with pointer compression.
  'regress/regress-crbug-319860': [PASS, ['pointer_compression', SLOW]],
+
+  # Flag --interpreted-frames-native-stack incompatible with jitless
+  'regress/regress-10138': [SKIP],
 }],  # 'lite_mode or variant == jitless'

 ##############################################################################

--- a/test/mjsunit/regress/regress-10138.js
+++ b/test/mjsunit/regress/regress-10138.js
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file
+
+// Flags: --allow-natives-syntax --interpreted-frames-native-stack
+
+function f() {
+  g();
+}
+
+function g() {
+  %DeoptimizeFunction(f);
+  %DeoptimizeFunction(f);
+}
+
+%PrepareFunctionForOptimization(f);
+f(); f();
+%OptimizeFunctionOnNextCall(f);
+f();