nanojit/Nativei386.cpp: asm_load64 for i386 wasn't properly copying the loaded value into the stack frames in all cases for non-sse2 path. (r=edwsmith, bug=534613)
authorSteven Johnson <stejohns@adobe.com>
Mon, 14 Dec 2009 10:58:24 -0800
changeset 36545 212a5664fd797226d2b4f91351928972d62e3411
parent 36496 ec5b16168109d921959f9510972c03e6efd89184
child 36546 55d3f8fc69fcbc2380e2f5f04cc5dc51eca6bfeb
push idunknown
push userunknown
push dateunknown
reviewersedwsmith
bugs534613
milestone1.9.3a1pre
nanojit/Nativei386.cpp: asm_load64 for i386 wasn't properly copying the loaded value into the stack frames in all cases for non-sse2 path. (r=edwsmith, bug=534613)
js/src/nanojit/Nativei386.cpp
--- a/js/src/nanojit/Nativei386.cpp
+++ b/js/src/nanojit/Nativei386.cpp
@@ -612,21 +612,26 @@ namespace nanojit
                     break;
                 case LIR_ld32f:
                 case LIR_ldc32f:
                     freeRsrcOf(ins, false);
                     if (isKnownReg(rr))
                     {
                         NanoAssert(rmask(rr)&x87Regs);
                         _allocator.retire(rr);
+                        // Be sure to shadow the value onto our local area if there's space for it,
+                        // but don't pop the FP stack, we expect the register to stay valid.
+                        if (dr)
+                            FSTQ(0,dr, FP);
                         FLD32(db, rb);
                     }
                     else
                     {
-                        // need to use fpu to expand 32->64
+                        // We need to use fpu to expand 32->64, can't use asm_mmq...
+                        // just load-and-store-with-pop. 
                         NanoAssert(dr != 0);
                         FSTPQ(dr, FP);
                         FLD32(db, rb);
                     }
                     break;
                 default:
                     NanoAssertMsg(0, "asm_load64 should never receive this LIR opcode");
                     break;