From 8fef70114a7b348fd43a3251d29566d33d5d7cfd Mon Sep 17 00:00:00 2001
From: Luke Wagner <luke@mozilla.com>
Date: Wed, 11 Jun 2014 16:58:17 -0500
Subject: [PATCH] Bug 1022142: OdinMonkey - fix bug in optimized asm.js-to-Ion
 calls on ARM (r=bbouvier)

---
 js/src/jit-test/tests/asm.js/testFFI.js | 10 ++++++++++
 js/src/jit/AsmJS.cpp                    |  5 +----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/js/src/jit-test/tests/asm.js/testFFI.js b/js/src/jit-test/tests/asm.js/testFFI.js
index 4809f403bdcb..e7405c9cc93b 100644
--- a/js/src/jit-test/tests/asm.js/testFFI.js
+++ b/js/src/jit-test/tests/asm.js/testFFI.js
@@ -96,3 +96,13 @@ assertThrowsValue(function() { f(1,2.4) }, 2.4+8);
 assertThrowsValue(function() { f(8,2.4) }, 2.4+36);
 
 assertEq(asmLink(asmCompile('glob', 'imp', USE_ASM + 'var identity=imp.identity; function g(x) { x=+x; return +identity(x) } return g'), null, imp)(13.37), 13.37);
+
+setJitCompilerOption("ion.usecount.trigger", 20);
+function ffiInt(a,b,c,d,e,f,g,h,i,j) { return j+1 }
+var f = asmLink(asmCompile('glob', 'imp', USE_ASM + 'var ffi=imp.ffi; function f(i) { i=i|0; return ffi(i|0,(i+1)|0,(i+2)|0,(i+3)|0,(i+4)|0,(i+5)|0,(i+6)|0,(i+7)|0,(i+8)|0,(i+9)|0)|0 } return f'), null, {ffi:ffiInt});
+for (var i = 0; i < 40; i++)
+    assertEq(f(i), i+10);
+function ffiDouble(a,b,c,d,e,f,g,h,i,j) { return j+1 }
+var f = asmLink(asmCompile('glob', 'imp', USE_ASM + 'var ffi=imp.ffi; function f(i) { i=+i; return +ffi(i,i+1.0,i+2.0,i+3.0,i+4.0,i+5.0,i+6.0,i+7.0,i+8.0,i+9.0) } return f'), null, {ffi:ffiDouble});
+for (var i = 0; i < 40; i++)
+    assertEq(f(i), i+10);
diff --git a/js/src/jit/AsmJS.cpp b/js/src/jit/AsmJS.cpp
index e89abf8c8fb2..b9509232f46a 100644
--- a/js/src/jit/AsmJS.cpp
+++ b/js/src/jit/AsmJS.cpp
@@ -6627,10 +6627,7 @@ GenerateFFIIonExit(ModuleCompiler &m, const ModuleCompiler::ExitDescriptor &exit
     argOffset += sizeof(Value);
 
     // 5. Fill the arguments
-    unsigned offsetToCallerStackArgs = masm.framePushed();
-#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)
-    offsetToCallerStackArgs += NativeFrameSize;
-#endif
+    unsigned offsetToCallerStackArgs = masm.framePushed() + NativeFrameSize;
     FillArgumentArray(m, exit.sig().args(), argOffset, offsetToCallerStackArgs, scratch);
     argOffset += exit.sig().args().length() * sizeof(Value);
     JS_ASSERT(argOffset == offsetToArgs + argBytes);