PPC: [Interpreter] Fix incorrect frame walking in arguments create stubs

Port 40f34541 Original commit message: The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub looked at the function slot in order to skip stub frames and find the JS frame. However, stub frames do not have a function slot (in fact their fixed frame ends one slot before the JS frame's function slot). Therefore, if this location in the stub frame happens to have the function object the create arguments stubs won't skip this frame correctly. Replace this approach with one where the stub is specialized to either skip a frame if required (since there will only ever be one extra frame on Ignition the loop approach isn't necessary). R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG=v8:4928 LOG=N Review-Url: https://codereview.chromium.org/1966263002 Cr-Commit-Position: refs/heads/master@{#36186}

PPC: [Interpreter] Fix incorrect frame walking in arguments create stubs
Port 40f34541 Original commit message: The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub looked at the function slot in order to skip stub frames and find the JS frame. However, stub frames do not have a function slot (in fact their fixed frame ends one slot before the JS frame's function slot). Therefore, if this location in the stub frame happens to have the function object the create arguments stubs won't skip this frame correctly. Replace this approach with one where the stub is specialized to either skip a frame if required (since there will only ever be one extra frame on Ignition the loop approach isn't necessary). R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG=v8:4928 LOG=N Review-Url: https://codereview.chromium.org/1966263002 Cr-Commit-Position: refs/heads/master@{#36186}
adcc5119 · bjaideep · Commit bot · 8bb88e85 · adcc5119
Commit adcc5119 authored May 11, 2016 by bjaideep Committed by Commit bot May 11, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 33 deletions

code-stubs-ppc.cc src/ppc/code-stubs-ppc.cc +33 -33

No files found.
--- a/src/ppc/code-stubs-ppc.cc
+++ b/src/ppc/code-stubs-ppc.cc
@@ -4778,20 +4778,20 @@ void FastNewRestParameterStub::Generate(MacroAssembler* masm) {
  // -----------------------------------
  __ AssertFunction(r4);

-  // For Ignition we need to skip all possible handler/stub frames until
-  // we reach the JavaScript frame for the function (similar to what the
-  // runtime fallback implementation does). So make r5 point to that
-  // JavaScript frame.
-  {
-    Label loop, loop_entry;
-    __ mr(r5, fp);
-    __ b(&loop_entry);
-    __ bind(&loop);
+  // Make r5 point to the JavaScript frame.
+  __ mr(r5, fp);
+  if (skip_stub_frame()) {
+    // For Ignition we need to skip the handler/stub frame to reach the
+    // JavaScript frame for the function.
    __ LoadP(r5, MemOperand(r5, StandardFrameConstants::kCallerFPOffset));
-    __ bind(&loop_entry);
+  }
+  if (FLAG_debug_code) {
+    Label ok;
    __ LoadP(ip, MemOperand(r5, StandardFrameConstants::kFunctionOffset));
    __ cmp(ip, r4);
-    __ bne(&loop);
+    __ beq(&ok);
+    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
+    __ bind(&ok);
  }

  // Check if we have rest parameters (only possible if we have an
@@ -4922,20 +4922,20 @@ void FastNewSloppyArgumentsStub::Generate(MacroAssembler* masm) {
  // -----------------------------------
  __ AssertFunction(r4);

-  // For Ignition we need to skip all possible handler/stub frames until
-  // we reach the JavaScript frame for the function (similar to what the
-  // runtime fallback implementation does). So make r10 point to that
-  // JavaScript frame.
-  {
-    Label loop, loop_entry;
-    __ mr(r10, fp);
-    __ b(&loop_entry);
-    __ bind(&loop);
+  // Make r10 point to the JavaScript frame.
+  __ mr(r10, fp);
+  if (skip_stub_frame()) {
+    // For Ignition we need to skip the handler/stub frame to reach the
+    // JavaScript frame for the function.
    __ LoadP(r10, MemOperand(r10, StandardFrameConstants::kCallerFPOffset));
-    __ bind(&loop_entry);
+  }
+  if (FLAG_debug_code) {
+    Label ok;
    __ LoadP(ip, MemOperand(r10, StandardFrameConstants::kFunctionOffset));
    __ cmp(ip, r4);
-    __ bne(&loop);
+    __ beq(&ok);
+    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
+    __ bind(&ok);
  }


@@ -5192,20 +5192,20 @@ void FastNewStrictArgumentsStub::Generate(MacroAssembler* masm) {
  // -----------------------------------
  __ AssertFunction(r4);

-  // For Ignition we need to skip all possible handler/stub frames until
-  // we reach the JavaScript frame for the function (similar to what the
-  // runtime fallback implementation does). So make r5 point to that
-  // JavaScript frame.
-  {
-    Label loop, loop_entry;
-    __ mr(r5, fp);
-    __ b(&loop_entry);
-    __ bind(&loop);
+  // Make r5 point to the JavaScript frame.
+  __ mr(r5, fp);
+  if (skip_stub_frame()) {
+    // For Ignition we need to skip the handler/stub frame to reach the
+    // JavaScript frame for the function.
    __ LoadP(r5, MemOperand(r5, StandardFrameConstants::kCallerFPOffset));
-    __ bind(&loop_entry);
+  }
+  if (FLAG_debug_code) {
+    Label ok;
    __ LoadP(ip, MemOperand(r5, StandardFrameConstants::kFunctionOffset));
    __ cmp(ip, r4);
-    __ bne(&loop);
+    __ b(&ok);
+    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
+    __ bind(&ok);
  }

  // Check if we have an arguments adaptor frame below the function frame.