Reviewers: Søren Gjesse,
Description:
Merge r8028 to the 3.2 branch.
Fix a bug in a corner case of deoptimization on x64. The bug was triggered
by deoptimizing to immediately after a duplicated property name in an object
literal.
[email protected]
Please review this at http://codereview.chromium.org/7063022/
SVN Base: https://v8.googlecode.com/svn/branches/3.2
Affected files:
M src/version.cc
M src/x64/full-codegen-x64.cc
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
ed0f59b0e7c85b3d7f2e88fe98e3a029dfd7ecc7..4d8ded9a99a96283f42b815ff2266e73c79a7dc8
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 2
#define BUILD_NUMBER 10
-#define PATCH_LEVEL 12
+#define PATCH_LEVEL 13
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index
97168cdce4615ebbe96ddd9ed1dd0c460eee885f..6933d7800e9602069cc071bdbbfca69147fa624f
100644
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -1398,13 +1398,17 @@ void
FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
// Fall through.
case ObjectLiteral::Property::COMPUTED:
if (key->handle()->IsSymbol()) {
- VisitForAccumulatorValue(value);
- __ Move(rcx, key->handle());
- __ movq(rdx, Operand(rsp, 0));
if (property->emit_store()) {
- Handle<Code> ic = isolate()->builtins()->StoreIC_Initialize();
+ VisitForAccumulatorValue(value);
+ __ Move(rcx, key->handle());
+ __ movq(rdx, Operand(rsp, 0));
+ Handle<Code> ic = is_strict_mode()
+ ? isolate()->builtins()->StoreIC_Initialize_Strict()
+ : isolate()->builtins()->StoreIC_Initialize();
EmitCallIC(ic, RelocInfo::CODE_TARGET);
PrepareForBailoutForId(key->id(), NO_REGISTERS);
+ } else {
+ VisitForEffect(value);
}
break;
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
