[v8-dev] Add missing FrameState to JSToName nodes. (issue 880963002 by mstarzinger@chromium.org)

[mstarzinger]

Reviewers: jarin,

Message:
Note that architecture ports are still missing.
Description:
Add missing FrameState to JSToName nodes.

R=ja...@chromium.org
TEST=mjsunit/regress/regress-crbug-451770
BUG=chromium:451770
LOG=N

Please review this at https://codereview.chromium.org/880963002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+47, -14 lines):
  M src/ast.h
  M src/ast-numbering.cc
  M src/compiler/ast-graph-builder.h
  M src/compiler/ast-graph-builder.cc
  M src/compiler/operator-properties.cc
  M src/full-codegen.h
  M src/full-codegen.cc
  M src/ia32/full-codegen-ia32.cc
  A test/mjsunit/regress/regress-crbug-451770.js
  M test/unittests/compiler/js-operator-unittest.cc


Index: src/ast-numbering.cc
diff --git a/src/ast-numbering.cc b/src/ast-numbering.cc
index  
fd74b2e700af424ca554e088b49a964b805a6454..a2bc65827d9ded4afdc131c0467d2dab6d0006f4  
100644
--- a/src/ast-numbering.cc
+++ b/src/ast-numbering.cc
@@ -441,7 +441,7 @@ void  
AstNumberingVisitor::VisitForStatement(ForStatement* node) {
 void AstNumberingVisitor::VisitClassLiteral(ClassLiteral* node) {
   IncrementNodeCount();
   DisableOptimization(kClassLiteral);
-  node->set_base_id(ReserveIdRange(ClassLiteral::num_ids()));
+  node->set_base_id(ReserveIdRange(node->num_ids()));
   if (node->extends()) Visit(node->extends());
   if (node->constructor()) Visit(node->constructor());
   if (node->class_variable_proxy()) {
@@ -455,7 +455,7 @@ void  
AstNumberingVisitor::VisitClassLiteral(ClassLiteral* node) {

 void AstNumberingVisitor::VisitObjectLiteral(ObjectLiteral* node) {
   IncrementNodeCount();
-  node->set_base_id(ReserveIdRange(ObjectLiteral::num_ids()));
+  node->set_base_id(ReserveIdRange(node->num_ids()));
   for (int i = 0; i < node->properties()->length(); i++) {
     VisitObjectLiteralProperty(node->properties()->at(i));
   }
Index: src/ast.h
diff --git a/src/ast.h b/src/ast.h
index  
4903928456dd540cce2cfbdae6f17e3c058b731e..6da9a5f57bee1393b83985601b37e9c07112dbfd  
100644
--- a/src/ast.h
+++ b/src/ast.h
@@ -1530,7 +1530,12 @@ class ObjectLiteral FINAL : public  
MaterializedLiteral {

   BailoutId CreateLiteralId() const { return BailoutId(local_id(0)); }

-  static int num_ids() { return parent_num_ids() + 1; }
+  // Return an AST id for a property that is used in simulate instructions.
+  BailoutId GetIdForProperty(int i) { return BailoutId(local_id(i + 1)); }
+
+  // Unlike other AST nodes, this number of bailout IDs allocated for an
+  // ObjectLiteral can vary, so num_ids() is not a static method.
+  int num_ids() const { return parent_num_ids() + 1 +  
properties()->length(); }

  protected:
   ObjectLiteral(Zone* zone, ZoneList<Property*>* properties, int  
literal_index,
@@ -2641,11 +2646,17 @@ class ClassLiteral FINAL : public Expression {
   int start_position() const { return position(); }
   int end_position() const { return end_position_; }

-  static int num_ids() { return parent_num_ids() + 3; }
   BailoutId EntryId() const { return BailoutId(local_id(0)); }
   BailoutId DeclsId() const { return BailoutId(local_id(1)); }
   BailoutId ExitId() { return BailoutId(local_id(2)); }

+  // Return an AST id for a property that is used in simulate instructions.
+  BailoutId GetIdForProperty(int i) { return BailoutId(local_id(i + 3)); }
+
+  // Unlike other AST nodes, this number of bailout IDs allocated for an
+  // ClassLiteral can vary, so num_ids() is not a static method.
+  int num_ids() const { return parent_num_ids() + 3 +  
properties()->length(); }
+
  protected:
   ClassLiteral(Zone* zone, const AstRawString* name, Scope* scope,
                VariableProxy* class_variable_proxy, Expression* extends,
Index: src/compiler/ast-graph-builder.cc
diff --git a/src/compiler/ast-graph-builder.cc  
b/src/compiler/ast-graph-builder.cc
index  
28378a59a5d2fa6372e2bc73e49dd8953dfd8f13..d37ca7eab2183fa1d97298f3ca764e680af9d2b1  
100644
--- a/src/compiler/ast-graph-builder.cc
+++ b/src/compiler/ast-graph-builder.cc
@@ -899,7 +899,8 @@ void  
AstGraphBuilder::VisitClassLiteralContents(ClassLiteral* expr) {
     environment()->Push(property->is_static() ? literal : proto);

     VisitForValue(property->key());
-    environment()->Push(BuildToName(environment()->Pop()));
+    environment()->Push(
+        BuildToName(environment()->Pop(), expr->GetIdForProperty(i)));
     VisitForValue(property->value());
     Node* value = environment()->Pop();
     Node* key = environment()->Pop();
@@ -1131,7 +1132,8 @@ void  
AstGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {

     environment()->Push(literal);  // Duplicate receiver.
     VisitForValue(property->key());
-    environment()->Push(BuildToName(environment()->Pop()));
+    environment()->Push(BuildToName(environment()->Pop(),
+                                     
expr->GetIdForProperty(property_index)));
     // TODO(mstarzinger): For ObjectLiteral::Property::PROTOTYPE the key  
should
     // not be on the operand stack while the value is being evaluated.  
Come up
     // with a repro for this and fix it. Also find a nice way to do so. :)
@@ -2324,11 +2326,13 @@ Node* AstGraphBuilder::BuildToBoolean(Node* input) {
 }


-Node* AstGraphBuilder::BuildToName(Node* input) {
+Node* AstGraphBuilder::BuildToName(Node* input, BailoutId bailout_id) {
   // TODO(turbofan): Possible optimization is to NOP on name constants.  
But the
   // same caveat as with BuildToBoolean applies, and it should be factored  
out
   // into a JSOperatorReducer.
-  return NewNode(javascript()->ToName(), input);
+  Node* name = NewNode(javascript()->ToName(), input);
+  PrepareFrameState(name, bailout_id);
+  return name;
 }


Index: src/compiler/ast-graph-builder.h
diff --git a/src/compiler/ast-graph-builder.h  
b/src/compiler/ast-graph-builder.h
index  
98d7fb63049b3d79415f3297775ff61edd2f94a7..6830c984461cf35f68dab8f0e17c283d79c29757  
100644
--- a/src/compiler/ast-graph-builder.h
+++ b/src/compiler/ast-graph-builder.h
@@ -99,7 +99,7 @@ class AstGraphBuilder : public StructuredGraphBuilder,  
public AstVisitor {

   // Builders for automatic type conversion.
   Node* BuildToBoolean(Node* value);
-  Node* BuildToName(Node* value);
+  Node* BuildToName(Node* value, BailoutId bailout_id);

   // Builders for error reporting at runtime.
   Node* BuildThrowReferenceError(Variable* var, BailoutId bailout_id);
Index: src/compiler/operator-properties.cc
diff --git a/src/compiler/operator-properties.cc  
b/src/compiler/operator-properties.cc
index  
319ed977d97a32ae66bb3e241115595e6a978038..81299e34ffe830adce4ffa155cf126e0a962a01f  
100644
--- a/src/compiler/operator-properties.cc
+++ b/src/compiler/operator-properties.cc
@@ -70,6 +70,7 @@ bool OperatorProperties::HasFrameStateInput(const  
Operator* op) {
     // Conversions
     case IrOpcode::kJSToObject:
     case IrOpcode::kJSToNumber:
+    case IrOpcode::kJSToName:

     // Properties
     case IrOpcode::kJSLoadNamed:
Index: src/full-codegen.cc
diff --git a/src/full-codegen.cc b/src/full-codegen.cc
index  
42941d88abcfcf2bb948ca57959fcf4b6e59b9fa..cc32c3e31fa50b5fd8e3601d69869dcc4187a56e  
100644
--- a/src/full-codegen.cc
+++ b/src/full-codegen.cc
@@ -1211,9 +1211,11 @@ void FullCodeGenerator::EmitUnwindBeforeReturn() {
 }


-void FullCodeGenerator::EmitPropertyKey(ObjectLiteralProperty* property) {
+void FullCodeGenerator::EmitPropertyKey(ObjectLiteralProperty* property,
+                                        BailoutId bailout_id) {
   VisitForStackValue(property->key());
   __ InvokeBuiltin(Builtins::TO_NAME, CALL_FUNCTION);
+  PrepareForBailoutForId(bailout_id, NO_REGISTERS);
   __ Push(result_register());
 }

Index: src/full-codegen.h
diff --git a/src/full-codegen.h b/src/full-codegen.h
index  
f544b7f29833a11e6748476843c194f553f4f5cc..f4bd32d6b66763bd5e1e9b34e5f03a2753bdbefb  
100644
--- a/src/full-codegen.h
+++ b/src/full-codegen.h
@@ -580,7 +580,7 @@ class FullCodeGenerator: public AstVisitor {
   void EmitClassDefineProperties(ClassLiteral* lit);

   // Pushes the property key as a Name on the stack.
-  void EmitPropertyKey(ObjectLiteralProperty* property);
+  void EmitPropertyKey(ObjectLiteralProperty* property, BailoutId  
bailout_id);

   // Apply the compound assignment operator. Expects the left operand on  
top
   // of the stack and the right one in the accumulator.
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index  
2e1be08f8c42de9392da76722ec25e4461e87147..fcec5a8217f27a8d77c62d4a230c6c2d8fff115b  
100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -1732,7 +1732,7 @@ void  
FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
         __ Drop(2);
       }
     } else {
-      EmitPropertyKey(property);
+      EmitPropertyKey(property, expr->GetIdForProperty(property_index));
       VisitForStackValue(value);

       switch (property->kind()) {
@@ -2463,7 +2463,7 @@ void  
FullCodeGenerator::EmitClassDefineProperties(ClassLiteral* lit) {
     } else {
       __ push(Operand(esp, 0));  // prototype
     }
-    EmitPropertyKey(property);
+    EmitPropertyKey(property, lit->GetIdForProperty(i));
     VisitForStackValue(value);
     EmitSetHomeObjectIfNeeded(value, 2);

Index: test/mjsunit/regress/regress-crbug-451770.js
diff --git a/test/mjsunit/regress/regress-crbug-451770.js  
b/test/mjsunit/regress/regress-crbug-451770.js
new file mode 100644
index  
0000000000000000000000000000000000000000..942814a3169c7b04faefed3a2170df72d3411860
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-451770.js
@@ -0,0 +1,15 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --harmony-computed-property-names --harmony-classes  
--harmony-sloppy
+
+assertThrows(function f() {
+  var t = { toString: function() { throw new Error(); } };
+  var o = { [t]: 23 };
+}, Error);
+
+assertThrows(function f() {
+  var t = { toString: function() { throw new Error(); } };
+  class C { [t]() { return 23; } };
+}, Error);
Index: test/unittests/compiler/js-operator-unittest.cc
diff --git a/test/unittests/compiler/js-operator-unittest.cc  
b/test/unittests/compiler/js-operator-unittest.cc
index  
7d4890675176b4dc54b37af3a61a6e49c9a38417..fd70f55bb165a75e1a7cc2e37685bae7d2f41fa5  
100644
--- a/test/unittests/compiler/js-operator-unittest.cc
+++ b/test/unittests/compiler/js-operator-unittest.cc
@@ -68,7 +68,7 @@ const SharedOperator kSharedOperators[] = {
     SHARED(ToBoolean, Operator::kPure, 1, 0, 0, 0, 1, 0),
     SHARED(ToNumber, Operator::kNoProperties, 1, 1, 1, 1, 1, 1),
     SHARED(ToString, Operator::kNoProperties, 1, 0, 1, 1, 1, 1),
-    SHARED(ToName, Operator::kNoProperties, 1, 0, 1, 1, 1, 1),
+    SHARED(ToName, Operator::kNoProperties, 1, 1, 1, 1, 1, 1),
     SHARED(ToObject, Operator::kNoProperties, 1, 1, 1, 1, 1, 1),
     SHARED(Yield, Operator::kNoProperties, 1, 0, 1, 1, 1, 1),
     SHARED(Create, Operator::kEliminatable, 0, 0, 1, 1, 1, 1),


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.