MIPS: [builtins] Fix MathMaxMin.

Port b86ac0e0 Original commit message: Both of these were broken in different ways: * On arm, the loop counter was passed as argc on the stack. * On arm64, we passed argc + 1 instead of argc. The result in both cases was an incorrect receiver for the builtin frame when generating stack traces. BUG=v8:4815 Review-Url: https://codereview.chromium.org/2120463002 Cr-Commit-Position: refs/heads/master@{#37481}

MIPS: [builtins] Fix MathMaxMin.
Port b86ac0e0 Original commit message: Both of these were broken in different ways: * On arm, the loop counter was passed as argc on the stack. * On arm64, we passed argc + 1 instead of argc. The result in both cases was an incorrect receiver for the builtin frame when generating stack traces. BUG=v8:4815 Review-Url: https://codereview.chromium.org/2120463002 Cr-Commit-Position: refs/heads/master@{#37481}
e65035f2 · balazs.kilvady · Commit bot · a757a62b · e65035f2 · e65035f2
Commit e65035f2 authored Jul 01, 2016 by balazs.kilvady Committed by Commit bot Jul 01, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 22 deletions

builtins-mips.cc src/mips/builtins-mips.cc +13 -11

builtins-mips64.cc src/mips64/builtins-mips64.cc +13 -11

No files found.
--- a/src/mips/builtins-mips.cc
+++ b/src/mips/builtins-mips.cc
@@ -128,12 +128,12 @@ void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
 // static
 void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  // ----------- S t a t e -------------
-  //  -- a0                 : number of arguments
+  //  -- a0                     : number of arguments
-  //  -- a1                 : function
+  //  -- a1                     : function
-  //  -- cp                 : context
+  //  -- cp                     : context
-  //  -- ra                 : return address
+  //  -- ra                     : return address
-  //  -- sp[(argc - n) * 8] : arg[n] (zero-based)
+  //  -- sp[(argc - n - 1) * 4] : arg[n] (zero-based)
-  //  -- sp[(argc + 1) * 8] : receiver
+  //  -- sp[argc * 4]           : receiver
  // -----------------------------------
  Heap::RootListIndex const root_index =
      (kind == MathMaxMinKind::kMin) ? Heap::kInfinityValueRootIndex
@@ -143,17 +143,17 @@ void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  // +Infinity), with the tagged value in t2 and the double value in f0.
  __ LoadRoot(t2, root_index);
  __ ldc1(f0, FieldMemOperand(t2, HeapNumber::kValueOffset));
-  __ Addu(a3, a0, Operand(1));
  Label done_loop, loop;
+  __ mov(a3, a0);
  __ bind(&loop);
  {
    // Check if all parameters done.
-    __ Subu(a0, a0, Operand(1));
+    __ Subu(a3, a3, Operand(1));
-    __ Branch(&done_loop, lt, a0, Operand(zero_reg));
+    __ Branch(&done_loop, lt, a3, Operand(zero_reg));
    // Load the next parameter tagged value into a2.
-    __ Lsa(at, sp, a0, kPointerSizeLog2);
+    __ Lsa(at, sp, a3, kPointerSizeLog2);
    __ lw(a2, MemOperand(at));
    // Load the double value of the parameter into f2, maybe converting the
@@ -228,7 +228,9 @@ void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  }
  __ bind(&done_loop);
-  __ Lsa(sp, sp, a3, kPointerSizeLog2);
+  // Drop all slots, including the receiver.
+  __ Addu(a0, a0, Operand(1));
+  __ Lsa(sp, sp, a0, kPointerSizeLog2);
  __ Ret(USE_DELAY_SLOT);
  __ mov(v0, t2);  // In delay slot.
 }

--- a/src/mips64/builtins-mips64.cc
+++ b/src/mips64/builtins-mips64.cc
@@ -127,12 +127,12 @@ void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
 // static
 void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  // ----------- S t a t e -------------
-  //  -- a0                 : number of arguments
+  //  -- a0                     : number of arguments
-  //  -- a1                 : function
+  //  -- a1                     : function
-  //  -- cp                 : context
+  //  -- cp                     : context
-  //  -- ra                 : return address
+  //  -- ra                     : return address
-  //  -- sp[(argc - n) * 8] : arg[n] (zero-based)
+  //  -- sp[(argc - n - 1) * 8] : arg[n] (zero-based)
-  //  -- sp[(argc + 1) * 8] : receiver
+  //  -- sp[argc * 8]           : receiver
  // -----------------------------------
  Heap::RootListIndex const root_index =
      (kind == MathMaxMinKind::kMin) ? Heap::kInfinityValueRootIndex
@@ -142,17 +142,17 @@ void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  // +Infinity), with the tagged value in t1 and the double value in f0.
  __ LoadRoot(t1, root_index);
  __ ldc1(f0, FieldMemOperand(t1, HeapNumber::kValueOffset));
-  __ Addu(a3, a0, 1);
  Label done_loop, loop;
+  __ mov(a3, a0);
  __ bind(&loop);
  {
    // Check if all parameters done.
-    __ Dsubu(a0, a0, Operand(1));
+    __ Dsubu(a3, a3, Operand(1));
-    __ Branch(&done_loop, lt, a0, Operand(zero_reg));
+    __ Branch(&done_loop, lt, a3, Operand(zero_reg));
    // Load the next parameter tagged value into a2.
-    __ Dlsa(at, sp, a0, kPointerSizeLog2);
+    __ Dlsa(at, sp, a3, kPointerSizeLog2);
    __ ld(a2, MemOperand(at));
    // Load the double value of the parameter into f2, maybe converting the
@@ -224,7 +224,9 @@ void Builtins::Generate_MathMaxMin(MacroAssembler* masm, MathMaxMinKind kind) {
  }
  __ bind(&done_loop);
-  __ Dlsa(sp, sp, a3, kPointerSizeLog2);
+  // Drop all slots, including the receiver.
+  __ Daddu(a0, a0, Operand(1));
+  __ Dlsa(sp, sp, a0, kPointerSizeLog2);
  __ Ret(USE_DELAY_SLOT);
  __ mov(v0, t1);  // In delay slot.
 }