Reviewers: Benedikt Meurer,
Description:
Add missing BailoutId and FrameState to with statements.
[email protected]
TEST=mjsunit/regress/regress-crbug-450642
BUG=chromium:450642
Please review this at https://codereview.chromium.org/865833002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+32, -16 lines):
M src/ast.h
M src/ast-numbering.cc
M src/compiler/ast-graph-builder.cc
M src/compiler/linkage.cc
M src/compiler/operator-properties.cc
M src/full-codegen.cc
A + test/mjsunit/regress/regress-crbug-450642.js
M test/unittests/compiler/js-operator-unittest.cc
Index: src/ast-numbering.cc
diff --git a/src/ast-numbering.cc b/src/ast-numbering.cc
index
70ba5cb0370f6d2835069d0959d6d77af625c03f..d9882ae672c5298e19b5b23e64ec93a99477c8bc
100644
--- a/src/ast-numbering.cc
+++ b/src/ast-numbering.cc
@@ -291,6 +291,7 @@ void AstNumberingVisitor::VisitCallRuntime(CallRuntime*
node) {
void AstNumberingVisitor::VisitWithStatement(WithStatement* node) {
IncrementNodeCount();
DisableOptimization(kWithStatement);
+ node->set_base_id(ReserveIdRange(WithStatement::num_ids()));
Visit(node->expression());
Visit(node->statement());
}
Index: src/ast.h
diff --git a/src/ast.h b/src/ast.h
index
dd4941673f7bf164c1285778ef46a20fba007bf1..a797272cec2d42432c94e6a7f09ad02c64a9a0f8
100644
--- a/src/ast.h
+++ b/src/ast.h
@@ -1102,19 +1102,32 @@ class WithStatement FINAL : public Statement {
Expression* expression() const { return expression_; }
Statement* statement() const { return statement_; }
+ void set_base_id(int id) { base_id_ = id; }
+ static int num_ids() { return parent_num_ids() + 1; }
+ BailoutId EntryId() const { return BailoutId(local_id(0)); }
+
protected:
- WithStatement(
- Zone* zone, Scope* scope,
- Expression* expression, Statement* statement, int pos)
+ WithStatement(Zone* zone, Scope* scope, Expression* expression,
+ Statement* statement, int pos)
: Statement(zone, pos),
scope_(scope),
expression_(expression),
- statement_(statement) { }
+ statement_(statement),
+ base_id_(BailoutId::None().ToInt()) {}
+ static int parent_num_ids() { return 0; }
+
+ int base_id() const {
+ DCHECK(!BailoutId(base_id_).IsNone());
+ return base_id_;
+ }
private:
+ int local_id(int n) const { return base_id() + parent_num_ids() + n; }
+
Scope* scope_;
Expression* expression_;
Statement* statement_;
+ int base_id_;
};
Index: src/compiler/ast-graph-builder.cc
diff --git a/src/compiler/ast-graph-builder.cc
b/src/compiler/ast-graph-builder.cc
index
f001455c3eb1aa0631ca61713a3dcadbaf79f2e2..4177a75982df7337f4d9b1679a9361d9caaf2719
100644
--- a/src/compiler/ast-graph-builder.cc
+++ b/src/compiler/ast-graph-builder.cc
@@ -542,6 +542,7 @@ void AstGraphBuilder::VisitWithStatement(WithStatement*
stmt) {
Node* value = environment()->Pop();
const Operator* op = javascript()->CreateWithContext();
Node* context = NewNode(op, value, GetFunctionClosure());
+ PrepareFrameState(context, stmt->EntryId());
ContextScope scope(this, stmt->scope(), context);
Visit(stmt->statement());
}
@@ -1083,8 +1084,7 @@ void
AstGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
const Operator* op =
javascript()->CallRuntime(Runtime::kInternalSetPrototype, 2);
Node* set_prototype = NewNode(op, receiver, value);
- // SetPrototype should not lazy deopt on an object
- // literal.
+ // SetPrototype should not lazy deopt on an object literal.
PrepareFrameState(set_prototype, BailoutId::None());
}
break;
Index: src/compiler/linkage.cc
diff --git a/src/compiler/linkage.cc b/src/compiler/linkage.cc
index
80f3fe8053a268ceb8764f66bc7a0f75f47a26c8..d786169a6e20e01a002037b0ffedaacb7273b1d9
100644
--- a/src/compiler/linkage.cc
+++ b/src/compiler/linkage.cc
@@ -190,6 +190,7 @@ bool Linkage::NeedsFrameState(Runtime::FunctionId
function) {
case Runtime::kPreventExtensions:
case Runtime::kPromiseRejectEvent:
case Runtime::kPromiseRevokeReject:
+ case Runtime::kPushWithContext:
case Runtime::kRegExpInitializeAndCompile:
case Runtime::kRegExpExecMultiple:
case Runtime::kResolvePossiblyDirectEval:
Index: src/compiler/operator-properties.cc
diff --git a/src/compiler/operator-properties.cc
b/src/compiler/operator-properties.cc
index
09d964b3c5d3ecb80525fc4a60a22ea12a784671..319ed977d97a32ae66bb3e241115595e6a978038
100644
--- a/src/compiler/operator-properties.cc
+++ b/src/compiler/operator-properties.cc
@@ -57,22 +57,25 @@ bool OperatorProperties::HasFrameStateInput(const
Operator* op) {
case IrOpcode::kJSBitwiseOr:
case IrOpcode::kJSBitwiseXor:
case IrOpcode::kJSDivide:
- case IrOpcode::kJSLoadNamed:
- case IrOpcode::kJSLoadProperty:
case IrOpcode::kJSModulus:
case IrOpcode::kJSMultiply:
case IrOpcode::kJSShiftLeft:
case IrOpcode::kJSShiftRight:
case IrOpcode::kJSShiftRightLogical:
- case IrOpcode::kJSStoreNamed:
- case IrOpcode::kJSStoreProperty:
case IrOpcode::kJSSubtract:
+ // Context operations
+ case IrOpcode::kJSCreateWithContext:
+
// Conversions
case IrOpcode::kJSToObject:
case IrOpcode::kJSToNumber:
- // Other
+ // Properties
+ case IrOpcode::kJSLoadNamed:
+ case IrOpcode::kJSLoadProperty:
+ case IrOpcode::kJSStoreNamed:
+ case IrOpcode::kJSStoreProperty:
case IrOpcode::kJSDeleteProperty:
return true;
Index: src/full-codegen.cc
diff --git a/src/full-codegen.cc b/src/full-codegen.cc
index
0d1ff4f636937d6ec690afca05f1924ad355bd1a..86b781e20a5486957139f378b2976ed025c5c4b1
100644
--- a/src/full-codegen.cc
+++ b/src/full-codegen.cc
@@ -1236,6 +1236,7 @@ void
FullCodeGenerator::VisitWithStatement(WithStatement* stmt) {
PushFunctionArgumentForContextAllocation();
__ CallRuntime(Runtime::kPushWithContext, 2);
StoreToFrameField(StandardFrameConstants::kContextOffset,
context_register());
+ PrepareForBailoutForId(stmt->EntryId(), NO_REGISTERS);
Scope* saved_scope = scope();
scope_ = stmt->scope();
Index: test/mjsunit/regress/regress-crbug-450642.js
diff --git a/test/mjsunit/regress/regress-444805.js
b/test/mjsunit/regress/regress-crbug-450642.js
similarity index 68%
copy from test/mjsunit/regress/regress-444805.js
copy to test/mjsunit/regress/regress-crbug-450642.js
index
5a533acd5ebf2fc196373e2b0e2c4b9df0a29ab6..7f821e0ffc0cba83ca4544d9b61041e49d97d90e
100644
--- a/test/mjsunit/regress/regress-444805.js
+++ b/test/mjsunit/regress/regress-crbug-450642.js
@@ -2,7 +2,4 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-try {
- load("test/mjsunit/regress/regress-444805.js-script");
-} catch (e) {
-}
+assertThrows(function() { with (undefined) {} }, TypeError);
Index: test/unittests/compiler/js-operator-unittest.cc
diff --git a/test/unittests/compiler/js-operator-unittest.cc
b/test/unittests/compiler/js-operator-unittest.cc
index
912f98430d3034592f4e5682dd3a8e8401a486b7..7d4890675176b4dc54b37af3a61a6e49c9a38417
100644
--- a/test/unittests/compiler/js-operator-unittest.cc
+++ b/test/unittests/compiler/js-operator-unittest.cc
@@ -77,7 +77,7 @@ const SharedOperator kSharedOperators[] = {
SHARED(InstanceOf, Operator::kNoProperties, 2, 1, 1, 1, 1, 1),
SHARED(Debugger, Operator::kNoProperties, 0, 0, 1, 1, 0, 1),
SHARED(CreateFunctionContext, Operator::kNoProperties, 1, 0, 1, 1, 1,
1),
- SHARED(CreateWithContext, Operator::kNoProperties, 2, 0, 1, 1, 1, 1),
+ SHARED(CreateWithContext, Operator::kNoProperties, 2, 1, 1, 1, 1, 1),
SHARED(CreateBlockContext, Operator::kNoProperties, 2, 0, 1, 1, 1, 1),
SHARED(CreateModuleContext, Operator::kNoProperties, 2, 0, 1, 1, 1, 1),
SHARED(CreateScriptContext, Operator::kNoProperties, 2, 0, 1, 1, 1, 1)
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
