[v8-dev] MIPS: [builtins] Pass correct number of arguments after adapting arguments. (issue 1322953002 by akos.palfi@imgtec.com)

Mon, 31 Aug 2015 12:20:48 -0700 

Reviewers: Benedikt Meurer, paul.l..., balazs.kilvady, gergely.kis.imgtec,

Message:
PTAL.

Description:
MIPS: [builtins] Pass correct number of arguments after adapting arguments.

Port fbad63669e309e8c5c3f2ecf503df2fefaac79bb

Original commit message:
The call protocol requires that the register dedicated to the number of
actual arguments (i.e. rax on x64) always contains the actual arguments.
That means after adapting arguments it should match the number of
expected arguments.  But currently we pass some semi-random value
(usually some stack address) after adapting arguments.

It looks like this is currently not observable anywhere, because our
builtins and functions either don't look at the number of arguments and
just make hard coded (unchecked) assumptions, or are marked as "don't
adapt arguments", which bypasses the broken code in the trampoline for
arguments adaption.  Nevertheless this should be fixed.

BUG=

Please review this at https://codereview.chromium.org/1322953002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+31, -25 lines):
  M src/mips/builtins-mips.cc
  M src/mips64/builtins-mips64.cc


Index: src/mips/builtins-mips.cc
diff --git a/src/mips/builtins-mips.cc b/src/mips/builtins-mips.cc
index ca15f265cbc192ccb9b6280ee65c805f765ac562..bd8c85285af4574d7d72e5e25c2cef13161a6564 100644 
--- a/src/mips/builtins-mips.cc
+++ b/src/mips/builtins-mips.cc
@@ -1758,26 +1758,27 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     __ bind(&enough);
     EnterArgumentsAdaptorFrame(masm);

-    // Calculate copy start address into a0 and copy end address into a2.
+    // Calculate copy start address into a0 and copy end address into t1.
     __ sll(a0, a0, kPointerSizeLog2 - kSmiTagSize);
     __ Addu(a0, fp, a0);
     // Adjust for return address and receiver.
     __ Addu(a0, a0, Operand(2 * kPointerSize));
     // Compute copy end address.
-    __ sll(a2, a2, kPointerSizeLog2);
-    __ subu(a2, a0, a2);
+    __ sll(t1, a2, kPointerSizeLog2);
+    __ subu(t1, a0, t1);

     // Copy the arguments (including the receiver) to the new stack frame.
     // a0: copy start address
     // a1: function
-    // a2: copy end address
+    // a2: expected number of arguments
     // a3: code entry to call
+    // t1: copy end address

     Label copy;
     __ bind(&copy);
     __ lw(t0, MemOperand(a0));
     __ push(t0);
-    __ Branch(USE_DELAY_SLOT, &copy, ne, a0, Operand(a2));
+    __ Branch(USE_DELAY_SLOT, &copy, ne, a0, Operand(t1));
     __ addiu(a0, a0, -kPointerSize);  // In delay slot.

     __ jmp(&invoke);
@@ -1808,7 +1809,7 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     __ bind(&no_strong_error);
     EnterArgumentsAdaptorFrame(masm);

-    // Calculate copy start address into a0 and copy end address is fp.
+    // Calculate copy start address into a0 and copy end address into t3.
     // a0: actual number of arguments as a smi
     // a1: function
     // a2: expected number of arguments
@@ -1840,21 +1841,23 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     // a3: code entry to call
     __ LoadRoot(t0, Heap::kUndefinedValueRootIndex);
     __ sll(t2, a2, kPointerSizeLog2);
-    __ Subu(a2, fp, Operand(t2));
+    __ Subu(t1, fp, Operand(t2));
     // Adjust for frame.
-    __ Subu(a2, a2, Operand(StandardFrameConstants::kFixedFrameSizeFromFp +
+    __ Subu(t1, t1, Operand(StandardFrameConstants::kFixedFrameSizeFromFp +
                             2 * kPointerSize));

     Label fill;
     __ bind(&fill);
     __ Subu(sp, sp, kPointerSize);
-    __ Branch(USE_DELAY_SLOT, &fill, ne, sp, Operand(a2));
+    __ Branch(USE_DELAY_SLOT, &fill, ne, sp, Operand(t1));
     __ sw(t0, MemOperand(sp));
   }

   // Call the entry point.
   __ bind(&invoke);
-
+  __ mov(a0, a2);
+  // a0 : expected number of arguments
+  // a1 : function (passed through to callee)
   __ Call(a3);

   // Store offset of return address for deoptimizer.
Index: src/mips64/builtins-mips64.cc
diff --git a/src/mips64/builtins-mips64.cc b/src/mips64/builtins-mips64.cc
index 11bc8516a4901d464d9acea5af01da8f8a61ab2b..3c0a32667e0cfd6f3bd4f61e6ee65e7ff27101ae 100644 
--- a/src/mips64/builtins-mips64.cc
+++ b/src/mips64/builtins-mips64.cc
@@ -1757,26 +1757,27 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     __ bind(&enough);
     EnterArgumentsAdaptorFrame(masm);

-    // Calculate copy start address into a0 and copy end address into a2.
+    // Calculate copy start address into a0 and copy end address into a4.
     __ SmiScale(a0, a0, kPointerSizeLog2);
     __ Daddu(a0, fp, a0);
     // Adjust for return address and receiver.
     __ Daddu(a0, a0, Operand(2 * kPointerSize));
     // Compute copy end address.
-    __ dsll(a2, a2, kPointerSizeLog2);
-    __ dsubu(a2, a0, a2);
+    __ dsll(a4, a2, kPointerSizeLog2);
+    __ dsubu(a4, a0, a4);

     // Copy the arguments (including the receiver) to the new stack frame.
     // a0: copy start address
     // a1: function
-    // a2: copy end address
+    // a2: expected number of arguments
     // a3: code entry to call
+    // a4: copy end address

     Label copy;
     __ bind(&copy);
-    __ ld(a4, MemOperand(a0));
-    __ push(a4);
-    __ Branch(USE_DELAY_SLOT, &copy, ne, a0, Operand(a2));
+    __ ld(a5, MemOperand(a0));
+    __ push(a5);
+    __ Branch(USE_DELAY_SLOT, &copy, ne, a0, Operand(a4));
     __ daddiu(a0, a0, -kPointerSize);  // In delay slot.

     __ jmp(&invoke);
@@ -1807,7 +1808,7 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     __ bind(&no_strong_error);
     EnterArgumentsAdaptorFrame(masm);

-    // Calculate copy start address into a0 and copy end address is fp.
+    // Calculate copy start address into a0 and copy end address into a7.
     // a0: actual number of arguments as a smi
     // a1: function
     // a2: expected number of arguments
@@ -1837,23 +1838,25 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) { 
     // a1: function
     // a2: expected number of arguments
     // a3: code entry to call
-    __ LoadRoot(a4, Heap::kUndefinedValueRootIndex);
+    __ LoadRoot(a5, Heap::kUndefinedValueRootIndex);
     __ dsll(a6, a2, kPointerSizeLog2);
-    __ Dsubu(a2, fp, Operand(a6));
+    __ Dsubu(a4, fp, Operand(a6));
     // Adjust for frame.
- __ Dsubu(a2, a2, Operand(StandardFrameConstants::kFixedFrameSizeFromFp + 
-                            2 * kPointerSize));
+ __ Dsubu(a4, a4, Operand(StandardFrameConstants::kFixedFrameSizeFromFp + 
+                             2 * kPointerSize));

     Label fill;
     __ bind(&fill);
     __ Dsubu(sp, sp, kPointerSize);
-    __ Branch(USE_DELAY_SLOT, &fill, ne, sp, Operand(a2));
-    __ sd(a4, MemOperand(sp));
+    __ Branch(USE_DELAY_SLOT, &fill, ne, sp, Operand(a4));
+    __ sd(a5, MemOperand(sp));
   }

   // Call the entry point.
   __ bind(&invoke);
-
+  __ mov(a0, a2);
+  // a0 : expected number of arguments
+  // a1 : function (passed through to callee)
   __ Call(a3);

   // Store offset of return address for deoptimizer.


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to