Revision: 6190 Author: [email protected] Date: Thu Jan 6 00:52:11 2011 Log: Merge r6189 to trunk.
This fixes a bug that could potentially cause a crash during deoptimization. BUG=1014 TEST= Review URL: http://codereview.chromium.org/5969012 http://code.google.com/p/v8/source/detail?r=6190 Modified: /trunk/src/hydrogen.cc /trunk/src/version.cc ======================================= --- /trunk/src/hydrogen.cc Wed Jan 5 01:51:43 2011 +++ /trunk/src/hydrogen.cc Thu Jan 6 00:52:11 2011 @@ -3103,8 +3103,15 @@ // this basic block the current basic block. HBasicBlock* join_block = graph_->CreateBasicBlock(); for (int i = 0; i < subgraphs->length(); ++i) { - if (subgraphs->at(i)->HasExit()) { - subgraphs->at(i)->exit_block()->Goto(join_block); + HSubgraph* subgraph = subgraphs->at(i); + if (subgraph->HasExit()) { + // In an effect context the value of the type switch is not needed. + // There is no need to merge it at the join block only to discard it. + HBasicBlock* subgraph_exit = subgraph->exit_block(); + if (ast_context()->IsEffect()) { + subgraph_exit->last_environment()->Drop(1); + } + subgraph_exit->Goto(join_block); } } @@ -3242,7 +3249,8 @@ Push(value); instr->set_position(expr->position()); AddInstruction(instr); - if (instr->HasSideEffects()) AddSimulate(expr->id()); + if (instr->HasSideEffects()) AddSimulate(expr->AssignmentId()); + ast_context()->ReturnValue(Pop()); } else { // Build subgraph for generic store through IC. { @@ -3260,11 +3268,14 @@ } HBasicBlock* new_exit_block = - BuildTypeSwitch(&maps, &subgraphs, object, expr->AssignmentId()); + BuildTypeSwitch(&maps, &subgraphs, object, expr->id()); subgraph()->set_exit_block(new_exit_block); - } - - if (subgraph()->HasExit()) ast_context()->ReturnValue(Pop()); + // In an effect context, we did not materialized the value in the + // predecessor environments so there's no need to handle it here. + if (subgraph()->HasExit() && !ast_context()->IsEffect()) { + ast_context()->ReturnValue(Pop()); + } + } } @@ -3548,8 +3559,7 @@ if (maps.length() == 0) { HInstruction* instr = BuildLoadNamedGeneric(object, expr); instr->set_position(expr->position()); - PushAndAdd(instr); - if (instr->HasSideEffects()) AddSimulate(expr->id()); + ast_context()->ReturnInstruction(instr, expr->id()); } else { // Build subgraph for generic load through IC. { @@ -3568,9 +3578,12 @@ HBasicBlock* new_exit_block = BuildTypeSwitch(&maps, &subgraphs, object, expr->id()); subgraph()->set_exit_block(new_exit_block); - } - - if (subgraph()->HasExit()) ast_context()->ReturnValue(Pop()); + // In an effect context, we did not materialized the value in the + // predecessor environments so there's no need to handle it here. + if (subgraph()->HasExit() && !ast_context()->IsEffect()) { + ast_context()->ReturnValue(Pop()); + } + } } @@ -3856,7 +3869,11 @@ HBasicBlock* new_exit_block = BuildTypeSwitch(&maps, &subgraphs, receiver, expr->id()); subgraph()->set_exit_block(new_exit_block); - if (new_exit_block != NULL) ast_context()->ReturnValue(Pop()); + // In an effect context, we did not materialized the value in the + // predecessor environments so there's no need to handle it here. + if (new_exit_block != NULL && !ast_context()->IsEffect()) { + ast_context()->ReturnValue(Pop()); + } } } ======================================= --- /trunk/src/version.cc Wed Jan 5 01:51:43 2011 +++ /trunk/src/version.cc Thu Jan 6 00:52:11 2011 @@ -1,4 +1,4 @@ -// Copyright 2010 the V8 project authors. All rights reserved. +// Copyright 2011 the V8 project authors. All rights reserved. // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 0 #define BUILD_NUMBER 6 -#define PATCH_LEVEL 0 +#define PATCH_LEVEL 1 #define CANDIDATE_VERSION false // Define SONAME to have the SCons build the put a specific SONAME into the -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
