Reviewers: Benedikt Meurer,
Message:
Note that this is a reland, patch set #1 is the original CL and patch set #2
contains the fixup.
Benedikt: PTAL.
Arv: FYI.
Description:
Fix clobbered register when setting this_function variable.
Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91
[email protected]
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N
Please review this at https://codereview.chromium.org/1214483008/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+38, -6 lines):
M src/arm/full-codegen-arm.cc
M src/arm64/full-codegen-arm64.cc
M src/ia32/full-codegen-ia32.cc
M src/mips/full-codegen-mips.cc
M src/mips64/full-codegen-mips64.cc
M src/ppc/full-codegen-ppc.cc
M src/x64/full-codegen-x64.cc
M src/x87/full-codegen-x87.cc
A + test/mjsunit/regress/regress-crbug-498022.js
Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index
b2bd6c8fc77aa8ef0057d8fcef36555a60a73269..e0ecc1ef0902bd692d4173034e710d92068231ba
100644
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -243,6 +243,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ ldr(r1, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, r1, r0, r2);
}
Index: src/arm64/full-codegen-arm64.cc
diff --git a/src/arm64/full-codegen-arm64.cc
b/src/arm64/full-codegen-arm64.cc
index
f407c94e64903fa60a0a50eeea40b62bb262598a..163e089b0ba9f84f71b14efd220f1c476646aa9b
100644
--- a/src/arm64/full-codegen-arm64.cc
+++ b/src/arm64/full-codegen-arm64.cc
@@ -244,6 +244,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register_x1) {
+ __ Ldr(x1, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, x1, x0, x2);
}
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index
04d48bdfdfb581c57096e8502ad50ee67f8531c2..116be1fa94adc90301acbefbfb238c413fa6ca1b
100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -239,6 +239,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, edi, ebx, edx);
}
Index: src/mips/full-codegen-mips.cc
diff --git a/src/mips/full-codegen-mips.cc b/src/mips/full-codegen-mips.cc
index
08a39a1400b2a872c8fb6ef9818d6b38cdcade48..5f2ed7534f3f97b0ee99620e8591ecc1c98c2346
100644
--- a/src/mips/full-codegen-mips.cc
+++ b/src/mips/full-codegen-mips.cc
@@ -252,6 +252,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, a1, a2, a3);
}
Index: src/mips64/full-codegen-mips64.cc
diff --git a/src/mips64/full-codegen-mips64.cc
b/src/mips64/full-codegen-mips64.cc
index
62991c9eaac39b7041569835f2d3bdbcc9d8aec4..b831fa99bb43683f2716e5e605e0af1733c8832a
100644
--- a/src/mips64/full-codegen-mips64.cc
+++ b/src/mips64/full-codegen-mips64.cc
@@ -249,6 +249,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ ld(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, a1, a2, a3);
}
Index: src/ppc/full-codegen-ppc.cc
diff --git a/src/ppc/full-codegen-ppc.cc b/src/ppc/full-codegen-ppc.cc
index
533e097fc379ebbb1453ca3a91133b0c1bf44d1b..cd6e7e60ab82fb38895e30e485de1d77c499829e
100644
--- a/src/ppc/full-codegen-ppc.cc
+++ b/src/ppc/full-codegen-ppc.cc
@@ -248,6 +248,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ LoadP(r4, MemOperand(fp,
JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, r4, r3, r5);
}
Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index
0b19edd683084bd92d7f67ebdff57ec6f3d43d12..879d670a0b24431e408c330c313bc6ef9ebba541
100644
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -235,6 +235,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ movp(rdi, Operand(rbp,
JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, rdi, rbx, rdx);
}
Index: src/x87/full-codegen-x87.cc
diff --git a/src/x87/full-codegen-x87.cc b/src/x87/full-codegen-x87.cc
index
4ee27490a9bf03024839ca3bf9794791eb3e83bb..cd49e0aa08d5cd37833da162e08a23ec36beb175
100644
--- a/src/x87/full-codegen-x87.cc
+++ b/src/x87/full-codegen-x87.cc
@@ -236,6 +236,10 @@ void FullCodeGenerator::Generate() {
Variable* this_function_var = scope()->this_function_var();
if (this_function_var != nullptr) {
Comment cmnt(masm_, "[ This function");
+ if (!function_in_register) {
+ __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+ // The write barrier clobbers register again, keep is marked as such.
+ }
SetVar(this_function_var, edi, ebx, edx);
}
Index: test/mjsunit/regress/regress-crbug-498022.js
diff --git a/test/mjsunit/es6/regress/regress-455141.js
b/test/mjsunit/regress/regress-crbug-498022.js
similarity index 63%
copy from test/mjsunit/es6/regress/regress-455141.js
copy to test/mjsunit/regress/regress-crbug-498022.js
index
676adebe72b5532496112099d7cd41ccca395070..cb8e0a460df7ed1189ccfa2781754f446b752b3f
100644
--- a/test/mjsunit/es6/regress/regress-455141.js
+++ b/test/mjsunit/regress/regress-crbug-498022.js
@@ -1,15 +1,15 @@
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-//
-// Flags: --no-lazy
+
+// Flags: --debug-code --nouse-gvn
+
"use strict";
class Base {
}
-class Subclass extends Base {
+class Derived extends Base {
constructor() {
- this.prp1 = 3;
+ eval();
}
}
-function __f_1(){
-}
+assertThrows("new Derived()", ReferenceError);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
