- Fix numeric overflow handling when compiling count operations....

src/ia32/codegen-ia32.cc

 // Copyright 2006-2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 97 matching lines @@
   allocator_ = &register_allocator;
   ASSERT(frame_ == NULL);
   frame_ = new VirtualFrame(this);
   set_in_spilled_code(false);
 
   // Adjust for function-level loop nesting.
   loop_nesting_ += fun->loop_nesting();
 
   JumpTarget::set_compiling_deferred_code(false);
 
+#ifdef DEBUG

[iposva, 2009/05/15 22:35:14]

This moved up here to be able to stop before any code for the function is
generated. This is not relevant to the actual fix.

+  if (strlen(FLAG_stop_at) > 0 &&
+      fun->name()->IsEqualTo(CStrVector(FLAG_stop_at))) {
+    frame_->SpillAll();
+    __ int3();
+  }
+#endif
+  
   {
     HistogramTimerScope codegen_timer(&Counters::code_generation);
     CodeGenState state(this);
 
     // Entry:
     // Stack: receiver, arguments, return address.
     // ebp: caller's frame pointer
     // esp: stack pointer
     // edi: called JS function
     // esi: callee's context
     allocator_->Initialize();
     frame_->Enter();
 
-#ifdef DEBUG
-    if (strlen(FLAG_stop_at) > 0 &&
-        fun->name()->IsEqualTo(CStrVector(FLAG_stop_at))) {
-      frame_->SpillAll();
-      __ int3();
-    }
-#endif
-
     // Allocate space for locals and initialize them.
     frame_->AllocateStackSlots(scope_->num_stack_slots());
     // Initialize the function return target after the locals are set
     // up, because it needs the expected frame height from the frame.
     function_return_.Initialize(this, JumpTarget::BIDIRECTIONAL);
     function_return_is_shadowed_ = false;
 
     // Allocate the arguments object and copy the parameters into it.
     if (scope_->arguments() != NULL) {
       ASSERT(scope_->arguments_shadow() != NULL);
@@ skipping 4722 matching lines @@
     }
 
     // If the count operation didn't overflow and the result is a
     // valid smi, we're done. Otherwise, we jump to the deferred
     // slow-case code.
     //
     // We combine the overflow and the smi check if we could
     // successfully allocate a temporary byte register.
     if (tmp.is_valid()) {
       __ setcc(overflow, tmp.reg());
-      __ or_(Operand(value.reg()), tmp.reg());
+      __ or_(Operand(tmp.reg()), value.reg());
+      __ test(tmp.reg(), Immediate(kSmiTagMask));
       tmp.Unuse();
-      __ test(value.reg(), Immediate(kSmiTagMask));
       deferred->enter()->Branch(not_zero, &value, not_taken);
     } else {  // Otherwise we test separately for overflow and smi check.
       deferred->enter()->Branch(overflow, &value, not_taken);
       __ test(value.reg(), Immediate(kSmiTagMask));
       deferred->enter()->Branch(not_zero, &value, not_taken);
     }
 
     // Store the new value in the target if not const.
     deferred->BindExit(&value);
     frame_->Push(&value);
@@ skipping 2362 matching lines @@
 
   // Slow-case: Go through the JavaScript implementation.
   __ bind(&slow);
   __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal