[v8-dev] Re: [es6] Make new.target work in functions (issue 1203813002 by arv@chromium.org)

Thu, 25 Jun 2015 13:00:13 -0700 

On 2015/06/25 18:58:32, arv wrote:

On 2015/06/25 18:48:19, paul.l... wrote:
> The stack layout is mixed up somewhere. I've not got a real fix, but this 
diff

> gets it a little farther:
>
> diff --git a/src/mips/builtins-mips.cc b/src/mips/builtins-mips.cc
> index e7ba9f1..adc4fb5 100644
> --- a/src/mips/builtins-mips.cc
> +++ b/src/mips/builtins-mips.cc
> @@ -646,6 +646,8 @@ static void

Generate_JSConstructStubHelper(MacroAssembler*

> masm,
>        __ bind(&count_incremented);
>      }
>
> +    __ Pop(a1);
> +
>      // Retrieve smi-tagged arguments count from the stack.
>      __ lw(a0, MemOperand(sp, 0));
>      __ SmiUntag(a0);
> @@ -654,7 +656,6 @@ static void

Generate_JSConstructStubHelper(MacroAssembler*

> masm,
>      if (use_new_target) {
>        __ Pop(a3);  // new.target
>      }
> -    __ Pop(a1);
>
>      if (use_new_target) {
>        __ Push(a3, t4, t4);
>
> a0 was getting a tagged pointer, rather than the smi argument count you
wanted.
>
> I have to leave now for an appointment, I will be back in ~1.5 hours, and 
can

> look more.
>
> If you want to look further, build mipsel.debug with snapshot=off, then

start

up
> the shell with --trace-sim flag. You can see where it fails, and watch the 
> loads/stores to the stack.
>
> With the above patch it now fails where it is trying to offset the stack by 
some
> integer value, and is again loading a tagged pointer from stack into a1,
rather
> than an Smi.
>
> 0x26727d14 8fa20000 lw v0, 0(sp) 00000002 <-- 
> [f53cae60]    (65888)
> 0x26727d18 8fa50004 lw a1, 4(sp) 26727941 <-- > [f53cae64] (65889) <<--- this gets left-shifted an added to sp, as if 
it

> was smi.



Thanks. Very useful. Hopefully I'll have it working by the time you come  
back.


I fixed the push/pop discrepancy and now both mips and mips64 error out with
"Unaligned write".



https://codereview.chromium.org/1203813002/

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev

--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to