Revision: 8045
Author: [email protected]
Date: Tue May 24 08:09:38 2011
Log: Merge r8028 to the 3.1 branch.
Fix a bug in a corner case of deoptimization on x64. The bug was triggered
by deoptimizing to immediately after a duplicated property name in an object
literal.
[email protected]
Review URL: http://codereview.chromium.org/7064025
http://code.google.com/p/v8/source/detail?r=8045
Modified:
/branches/3.1/src/version.cc
/branches/3.1/src/x64/full-codegen-x64.cc
=======================================
--- /branches/3.1/src/version.cc Tue May 24 06:41:45 2011
+++ /branches/3.1/src/version.cc Tue May 24 08:09:38 2011
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 1
#define BUILD_NUMBER 8
-#define PATCH_LEVEL 21
+#define PATCH_LEVEL 22
#define CANDIDATE_VERSION false
// Define SONAME to have the SCons build the put a specific SONAME into the
=======================================
--- /branches/3.1/src/x64/full-codegen-x64.cc Wed Mar 2 05:43:26 2011
+++ /branches/3.1/src/x64/full-codegen-x64.cc Tue May 24 08:09:38 2011
@@ -1383,13 +1383,17 @@
// Fall through.
case ObjectLiteral::Property::COMPUTED:
if (key->handle()->IsSymbol()) {
- VisitForAccumulatorValue(value);
- __ Move(rcx, key->handle());
- __ movq(rdx, Operand(rsp, 0));
if (property->emit_store()) {
- Handle<Code>
ic(Builtins::builtin(Builtins::StoreIC_Initialize));
+ VisitForAccumulatorValue(value);
+ __ Move(rcx, key->handle());
+ __ movq(rdx, Operand(rsp, 0));
+ Handle<Code> ic(Builtins::builtin(
+ is_strict() ? Builtins::StoreIC_Initialize_Strict
+ : Builtins::StoreIC_Initialize));
EmitCallIC(ic, RelocInfo::CODE_TARGET);
PrepareForBailoutForId(key->id(), NO_REGISTERS);
+ } else {
+ VisitForEffect(value);
}
break;
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
