Revision: 8043 Author: [email protected] Date: Tue May 24 07:57:38 2011 Log: Merge r8028 to the 3.2 branch.
Fix a bug in a corner case of deoptimization on x64. The bug was triggered by deoptimizing to immediately after a duplicated property name in an object literal. [email protected] Review URL: http://codereview.chromium.org/7063022 http://code.google.com/p/v8/source/detail?r=8043 Modified: /branches/3.2/src/version.cc /branches/3.2/src/x64/full-codegen-x64.cc ======================================= --- /branches/3.2/src/version.cc Tue May 24 06:36:24 2011 +++ /branches/3.2/src/version.cc Tue May 24 07:57:38 2011 @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 2 #define BUILD_NUMBER 10 -#define PATCH_LEVEL 12 +#define PATCH_LEVEL 13 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 ======================================= --- /branches/3.2/src/x64/full-codegen-x64.cc Mon Apr 11 05:33:05 2011 +++ /branches/3.2/src/x64/full-codegen-x64.cc Tue May 24 07:57:38 2011 @@ -1398,13 +1398,17 @@ // Fall through. case ObjectLiteral::Property::COMPUTED: if (key->handle()->IsSymbol()) { - VisitForAccumulatorValue(value); - __ Move(rcx, key->handle()); - __ movq(rdx, Operand(rsp, 0)); if (property->emit_store()) { - Handle<Code> ic = isolate()->builtins()->StoreIC_Initialize(); + VisitForAccumulatorValue(value); + __ Move(rcx, key->handle()); + __ movq(rdx, Operand(rsp, 0)); + Handle<Code> ic = is_strict_mode() + ? isolate()->builtins()->StoreIC_Initialize_Strict() + : isolate()->builtins()->StoreIC_Initialize(); EmitCallIC(ic, RelocInfo::CODE_TARGET); PrepareForBailoutForId(key->id(), NO_REGISTERS); + } else { + VisitForEffect(value); } break; } -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
