Fix potential overwriting of debug jumps of following code.

src/x64/lithium-codegen-x64.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 170 matching lines @@
 
   // Deferred code is the last part of the instruction sequence. Mark
   // the generated code as done unless we bailed out.
   if (!is_aborted()) status_ = DONE;
   return !is_aborted();
 }
 
 
 bool LCodeGen::GenerateSafepointTable() {
   ASSERT(is_done());
-  // Ensure that patching a deoptimization point won't overwrite the table.
-  for (int i = 0; i < Assembler::kCallInstructionLength; i++) {
-    masm()->int3();
+  // Ensure that there is space at the end of the code to write a number
+  // of jump instructions, as well as to afford writing a call near the end
+  // of the code.
+  // The jumps are used when there isn't room in the code stream to write
+  // a long call instruction. Instead it writes a shorter call to a
+  // jump instruction in the same code object.
+  // The calls are used when lazy deoptimizing a function and calls to a
+  // deoptimization function.
+  int short_deopts = safepoints_.CountShortDeoptimizationIntervals(
+      static_cast<unsigned>(MacroAssembler::kJumpInstructionLength));
+  int byte_count = MacroAssembler::kCallInstructionLength +

[Kevin Millikin (Chromium), 2011/02/04 11:34:54]

There is already padding in SafepointTable::Emit in case the function ends in a
call.  You are doubly padding on x64.

It's probably simplest to move the padding into this platform-specific function
on all platforms.

[Lasse Reichstein, 2011/02/04 12:32:13]

I'll remove the extra padding here for now.

+      (short_deopts) * MacroAssembler::kJumpInstructionLength;
+  while (byte_count > 0) {
+    __ int3();
+    byte_count--;
   }
   safepoints_.Emit(masm(), StackSlotCount());
   return !is_aborted();
 }
 
 
 Register LCodeGen::ToRegister(int index) const {
   return Register::FromAllocationIndex(index);
 }
 
@@ skipping 288 matching lines @@
   inlined_function_count_ = deoptimization_literals_.length();
 }
 
 
 void LCodeGen::RecordSafepoint(
     LPointerMap* pointers,
     Safepoint::Kind kind,
     int arguments,
     int deoptimization_index) {
   const ZoneList<LOperand*>* operands = pointers->operands();
+
   Safepoint safepoint = safepoints_.DefineSafepoint(masm(),
       kind, arguments, deoptimization_index);
   for (int i = 0; i < operands->length(); i++) {
     LOperand* pointer = operands->at(i);
     if (pointer->IsStackSlot()) {
       safepoint.DefinePointerSlot(pointer->index());
     } else if (pointer->IsRegister() && (kind & Safepoint::kWithRegisters)) {
       safepoint.DefinePointerRegister(ToRegister(pointer));
     }
   }
@@ skipping 144 matching lines @@
 }
 
 
 void LCodeGen::DoConstantT(LConstantT* instr) {
     ASSERT(instr->result()->IsRegister());
   __ Move(ToRegister(instr->result()), instr->value());
 }
 
 
 void LCodeGen::DoJSArrayLength(LJSArrayLength* instr) {
-  Abort("Unimplemented: %s", "DoJSArrayLength");
+  Register result = ToRegister(instr->result());
+  Register array = ToRegister(instr->InputAt(0));
+  __ movq(result, FieldOperand(array, JSArray::kLengthOffset));
 }
 
 
 void LCodeGen::DoFixedArrayLength(LFixedArrayLength* instr) {
   Abort("Unimplemented: %s", "DoFixedArrayLength");
 }
 
 
 void LCodeGen::DoValueOf(LValueOf* instr) {
   Abort("Unimplemented: %s", "DoValueOf");
@@ skipping 705 matching lines @@
     __ push(rax);
     __ CallRuntime(Runtime::kTraceExit, 1);
   }
   __ movq(rsp, rbp);
   __ pop(rbp);
   __ ret((ParameterCount() + 1) * kPointerSize);
 }
 
 
 void LCodeGen::DoLoadGlobal(LLoadGlobal* instr) {
-  Register result = ToRegister(instr->result());
-  if (result.is(rax)) {
-    __ load_rax(instr->hydrogen()->cell().location(),
-                RelocInfo::GLOBAL_PROPERTY_CELL);
-  } else {
-    __ movq(result, instr->hydrogen()->cell(), RelocInfo::GLOBAL_PROPERTY_CELL);
-    __ movq(result, Operand(result, 0));
-  }
-  if (instr->hydrogen()->check_hole_value()) {
-    __ CompareRoot(result, Heap::kTheHoleValueRootIndex);
-    DeoptimizeIf(equal, instr->environment());
-  }
+  Abort("Unimplemented: %s", "DoLoadGlobal");
 }
 
 
 void LCodeGen::DoStoreGlobal(LStoreGlobal* instr) {
   Register value = ToRegister(instr->InputAt(0));
-  if (value.is(rax)) {
+  Register temp = ToRegister(instr->TempAt(0));
+  ASSERT(!value.is(temp));
+  bool check_hole = instr->hydrogen()->check_hole_value();
+  if (!check_hole && value.is(rax)) {
     __ store_rax(instr->hydrogen()->cell().location(),
                  RelocInfo::GLOBAL_PROPERTY_CELL);
-  } else {
-    __ movq(kScratchRegister,
-            Handle<Object>::cast(instr->hydrogen()->cell()),
-            RelocInfo::GLOBAL_PROPERTY_CELL);
-    __ movq(Operand(kScratchRegister, 0), value);
+    return;
   }
+  // If the cell we are storing to contains the hole it could have
+  // been deleted from the property dictionary. In that case, we need
+  // to update the property details in the property dictionary to mark
+  // it as no longer deleted. We deoptimize in that case.
+  __ movq(temp,
+          Handle<Object>::cast(instr->hydrogen()->cell()),
+          RelocInfo::GLOBAL_PROPERTY_CELL);
+  if (check_hole) {
+    __ CompareRoot(Operand(temp, 0), Heap::kTheHoleValueRootIndex);
+    DeoptimizeIf(equal, instr->environment());
+  }
+  __ movq(Operand(temp, 0), value);
 }
 
 
 void LCodeGen::DoLoadContextSlot(LLoadContextSlot* instr) {
   Abort("Unimplemented: %s", "DoLoadContextSlot");
 }
 
 
 void LCodeGen::DoLoadNamedField(LLoadNamedField* instr) {
   Register object = ToRegister(instr->InputAt(0));
@@ skipping 85 matching lines @@
 void LCodeGen::DoGlobalReceiver(LGlobalReceiver* instr) {
   Register result = ToRegister(instr->result());
   __ movq(result, Operand(rsi, Context::SlotOffset(Context::GLOBAL_INDEX)));
   __ movq(result, FieldOperand(result, GlobalObject::kGlobalReceiverOffset));
 }
 
 
 void LCodeGen::CallKnownFunction(Handle<JSFunction> function,
                                  int arity,
                                  LInstruction* instr) {
-  Abort("Unimplemented: %s", "CallKnownFunction");
+  // Change context if needed.
+  bool change_context =
+      (graph()->info()->closure()->context() != function->context()) ||
+      scope()->contains_with() ||
+      (scope()->num_heap_slots() > 0);
+  if (change_context) {
+    __ movq(rsi, FieldOperand(rdi, JSFunction::kContextOffset));
+  }
+
+  // Set rax to arguments count if adaption is not needed. Assumes that rax
+  // is available to write to at this point.
+  if (!function->NeedsArgumentsAdaption()) {
+    __ Set(rax, arity);
+  }
+
+  LPointerMap* pointers = instr->pointer_map();
+  RecordPosition(pointers->position());
+
+  // Invoke function.
+  if (*function == *graph()->info()->closure()) {
+    __ CallSelf();
+  } else {
+    __ call(FieldOperand(rdi, JSFunction::kCodeEntryOffset));
+  }
+
+  // Setup deoptimization.
+  RegisterLazyDeoptimization(instr);
+
+  // Restore context.
+  __ movq(rsi, Operand(rbp, StandardFrameConstants::kContextOffset));
 }
 
 
 void LCodeGen::DoCallConstantFunction(LCallConstantFunction* instr) {
   Abort("Unimplemented: %s", "DoCallConstantFunction");
 }
 
 
 void LCodeGen::DoDeferredMathAbsTaggedHeapNumber(LUnaryMathOperation* instr) {
   Abort("Unimplemented: %s", "DoDeferredMathAbsTaggedHeapNumber");
@@ skipping 64 matching lines @@
   Abort("Unimplemented: %s", "DoCallFunction");
 }
 
 
 void LCodeGen::DoCallGlobal(LCallGlobal* instr) {
   Abort("Unimplemented: %s", "DoCallGlobal");
 }
 
 
 void LCodeGen::DoCallKnownGlobal(LCallKnownGlobal* instr) {
-  Abort("Unimplemented: %s", "DoCallKnownGlobal");
+  ASSERT(ToRegister(instr->result()).is(rax));
+  __ Move(rdi, instr->target());
+  CallKnownFunction(instr->target(), instr->arity(), instr);
 }
 
 
 void LCodeGen::DoCallNew(LCallNew* instr) {
   ASSERT(ToRegister(instr->InputAt(0)).is(rdi));
   ASSERT(ToRegister(instr->result()).is(rax));
 
   Handle<Code> builtin(Builtins::builtin(Builtins::JSConstructCall));
   __ Set(rax, instr->arity());
   CallCode(builtin, RelocInfo::CONSTRUCT_CALL, instr);
@@ skipping 185 matching lines @@
   ASSERT(input->IsRegister());
   Condition cc = masm()->CheckSmi(ToRegister(input));
   if (instr->condition() != equal) {
     cc = NegateCondition(cc);
   }
   DeoptimizeIf(cc, instr->environment());
 }
 
 
 void LCodeGen::DoCheckInstanceType(LCheckInstanceType* instr) {
-  Abort("Unimplemented: %s", "DoCheckInstanceType");
+  Register input = ToRegister(instr->InputAt(0));
+  InstanceType first = instr->hydrogen()->first();
+  InstanceType last = instr->hydrogen()->last();
+
+  __ movq(kScratchRegister, FieldOperand(input, HeapObject::kMapOffset));
+
+  // If there is only one type in the interval check for equality.
+  if (first == last) {
+    __ cmpb(FieldOperand(kScratchRegister, Map::kInstanceTypeOffset),
+            Immediate(static_cast<int8_t>(first)));
+    DeoptimizeIf(not_equal, instr->environment());
+  } else if (first == FIRST_STRING_TYPE && last == LAST_STRING_TYPE) {
+    // String has a dedicated bit in instance type.
+    __ testb(FieldOperand(kScratchRegister, Map::kInstanceTypeOffset),
+             Immediate(kIsNotStringMask));
+    DeoptimizeIf(not_zero, instr->environment());
+  } else {
+    __ cmpb(FieldOperand(kScratchRegister, Map::kInstanceTypeOffset),
+            Immediate(static_cast<int8_t>(first)));
+    DeoptimizeIf(below, instr->environment());
+    // Omit check for the last type.
+    if (last != LAST_TYPE) {
+      __ cmpb(FieldOperand(kScratchRegister, Map::kInstanceTypeOffset),
+              Immediate(static_cast<int8_t>(last)));
+      DeoptimizeIf(above, instr->environment());
+    }
+  }
 }
 
 
 void LCodeGen::DoCheckFunction(LCheckFunction* instr) {
   ASSERT(instr->InputAt(0)->IsRegister());
   Register reg = ToRegister(instr->InputAt(0));
   __ Cmp(reg, instr->hydrogen()->target());
   DeoptimizeIf(not_equal, instr->environment());
 }
 
@@ skipping 181 matching lines @@
 
 void LCodeGen::DoOsrEntry(LOsrEntry* instr) {
   Abort("Unimplemented: %s", "DoOsrEntry");
 }
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_X64