Revision: 8028
Author: [email protected]
Date: Tue May 24 05:12:41 2011
Log: Fix a bug in deoptimization on x64.
When deoptimizing to just after an ignored (because of a duplicate
property name) object literal property initializer, we incorrectly saw
the value of the initializer expression on the stack in the
unoptimized code. The bug affected x64 only.
[email protected]
BUG=v8:1404
Review URL: http://codereview.chromium.org/7066015
http://code.google.com/p/v8/source/detail?r=8028
Modified:
/branches/bleeding_edge/src/x64/full-codegen-x64.cc
=======================================
--- /branches/bleeding_edge/src/x64/full-codegen-x64.cc Mon May 23 08:59:38
2011
+++ /branches/bleeding_edge/src/x64/full-codegen-x64.cc Tue May 24 05:12:41
2011
@@ -1392,13 +1392,17 @@
// Fall through.
case ObjectLiteral::Property::COMPUTED:
if (key->handle()->IsSymbol()) {
- VisitForAccumulatorValue(value);
- __ Move(rcx, key->handle());
- __ movq(rdx, Operand(rsp, 0));
if (property->emit_store()) {
- Handle<Code> ic = isolate()->builtins()->StoreIC_Initialize();
+ VisitForAccumulatorValue(value);
+ __ Move(rcx, key->handle());
+ __ movq(rdx, Operand(rsp, 0));
+ Handle<Code> ic = is_strict_mode()
+ ? isolate()->builtins()->StoreIC_Initialize_Strict()
+ : isolate()->builtins()->StoreIC_Initialize();
EmitCallIC(ic, RelocInfo::CODE_TARGET, key->id());
PrepareForBailoutForId(key->id(), NO_REGISTERS);
+ } else {
+ VisitForEffect(value);
}
break;
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
