Bug 39034

From today's testing, I got two regressions on MIPS. ecma_3/Date/15.9.5.4.js ecma_3/Function/regress-58274.js 2 regressions found. 0 tests fixed. The string access is not correct, if I access from the beginning a[0], a[1], a[2], .... Ex 1: # ./jsc > a="01" 01 > a[0] 0 > a[1] 0 <--- THIS IS WRONG! > a[2] undefined Ex 2: # ./jsc > a="01" 01 > a[2] undefined > a[1] 1 <--- THIS IS CORRECT! > a[0] 0 From debugging, I think the code in JIT::stringGetByValStubGenerator() may contain redundant code. Ex: ... #if USE(JSVALUE64) jit.zeroExtend32ToPtr(regT1, regT1); #else jit.emitFastArithImmToInt(regT1); #endif ... The same code appears in "JIT::emit_op_get_by_val()". So, we may execute one more time in stringGetByValStubGenerator(). I need to comment out jit.emitFastArithImmToInt(regT1) for MIPS to fix two new regressions. Otherwise, regT1 is shifted right by 1 bit (twice) and the index to a string is wrong. I will post a patch soon. Thanks a lot!