Reviewers: arv,
Description:
Fix clobbered register when setting this_function variable.
[email protected]
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N
Please review this at https://codereview.chromium.org/1185703002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+38, -6 lines):
M src/arm/full-codegen-arm.cc
M src/arm64/full-codegen-arm64.cc
M src/ia32/full-codegen-ia32.cc
M src/mips/full-codegen-mips.cc
M src/mips64/full-codegen-mips64.cc
M src/ppc/full-codegen-ppc.cc
M src/x64/full-codegen-x64.cc
M src/x87/full-codegen-x87.cc
A + test/mjsunit/regress/regress-crbug-498022.js
Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index
a2f24400a4fc53612d0b5123f618266a89f75bfb..32e7a545378906854db9cd68f5b67b1073f7e5b1
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -243,6 +243,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ ldr(r1, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, r1, r0, r2);
}
Index: src/arm64/full-codegen-arm64.cc
diff --git a/src/arm64/full-codegen-arm64.cc
b/src/arm64/full-codegen-arm64.cc
index
454bf03ddcbd2862c1ea02a5edc63437c020e3fa..d35f28479a932772b43fc494ea7efbdc2b31ad9d
100644
--- a/src/arm64/full-codegen-arm64.cc
+++ b/src/arm64/full-codegen-arm64.cc
@@ -244,6 +244,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register_x1) {
+ __ Ldr(x1, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register_x1 = true;
+ }
SetVar(this_function_var, x1, x0, x2);
}
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index
202740b385cc93bef3ba8e9a966d8d6a2708f004..6cbe73fd70178f2831e9ec47fc279f4fab1d1f40
100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -239,6 +239,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, edi, ebx, edx);
}
Index: src/mips/full-codegen-mips.cc
diff --git a/src/mips/full-codegen-mips.cc b/src/mips/full-codegen-mips.cc
index
2440f9838362534dd70a472b133c2670b92824a7..e6fee96d35d066e4aea276aa24f330237a0a87ef
100644
--- a/src/mips/full-codegen-mips.cc
+++ b/src/mips/full-codegen-mips.cc
@@ -252,6 +252,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, a1, a2, a3);
}
Index: src/mips64/full-codegen-mips64.cc
diff --git a/src/mips64/full-codegen-mips64.cc
b/src/mips64/full-codegen-mips64.cc
index
572b5b3a77569a637834ccfff86a49b553da7e04..34e37b37bf7edb85249e2816736e3323af534ea5
100644
--- a/src/mips64/full-codegen-mips64.cc
+++ b/src/mips64/full-codegen-mips64.cc
@@ -249,6 +249,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ ld(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, a1, a2, a3);
}
Index: src/ppc/full-codegen-ppc.cc
diff --git a/src/ppc/full-codegen-ppc.cc b/src/ppc/full-codegen-ppc.cc
index
ebd7efe8fbdb5534631ed245aa7fae530a2f119f..493a1f9c7246226bc60f0b8a30f9a9fa1e14f7ae
100644
--- a/src/ppc/full-codegen-ppc.cc
+++ b/src/ppc/full-codegen-ppc.cc
@@ -248,6 +248,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ LoadP(r4, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, r4, r3, r5);
}
Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index
ed29faf4ed424d5fa0898ae2a8f48fdc47b3a5a7..64c56e2e07b2c4e93fe077f2f4f67c3d3942960c
100644
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -235,6 +235,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ movp(rdi, Operand(rbp,
JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, rdi, rbx, rdx);
}
Index: src/x87/full-codegen-x87.cc
diff --git a/src/x87/full-codegen-x87.cc b/src/x87/full-codegen-x87.cc
index
e2abd9d311181c39cf4e8b17f26aea0c4138bf1d..f934d37385ae148462fe3f59d3ce3681a7fd4d13
100644
--- a/src/x87/full-codegen-x87.cc
+++ b/src/x87/full-codegen-x87.cc
@@ -236,6 +236,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+ function_in_register = true;
+ }
SetVar(this_function_var, edi, ebx, edx);
}
Index: test/mjsunit/regress/regress-crbug-498022.js
diff --git a/test/mjsunit/harmony/regress/regress-455141.js
b/test/mjsunit/regress/regress-crbug-498022.js
similarity index 63%
copy from test/mjsunit/harmony/regress/regress-455141.js
copy to test/mjsunit/regress/regress-crbug-498022.js
index
cf2141f903839222e1065fe49cdaabdd47b1e64d..cb8e0a460df7ed1189ccfa2781754f446b752b3f
100644
--- a/test/mjsunit/harmony/regress/regress-455141.js
+++ b/test/mjsunit/regress/regress-crbug-498022.js
@@ -1,15 +1,15 @@
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-//
-// Flags: --harmony-classes --no-lazy
+
+// Flags: --debug-code --nouse-gvn
+
"use strict";
class Base {
}
-class Subclass extends Base {
+class Derived extends Base {
constructor() {
- this.prp1 = 3;
+ eval();
}
}
-function __f_1(){
-}
+assertThrows("new Derived()", ReferenceError);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
