Reviewers: Michael Starzinger, Description: Fixed deoptimization of inlined getters.
It is necessary to explicitly handle the internal frame lying between the caller
of the getter and the getter itself in the deoptimizer: When the getter is inlined, leaving the internal frame restores the correct context. BUG=http://crbug/134609 TEST=mjsunit/regress/regress-crbug-134609 Please review this at http://codereview.chromium.org/10910110/ SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge Affected files: M include/v8.h M src/arm/deoptimizer-arm.cc M src/arm/lithium-codegen-arm.cc M src/arm/stub-cache-arm.cc M src/builtins.h M src/builtins.cc M src/deoptimizer.h M src/deoptimizer.cc M src/flag-definitions.h M src/heap.h M src/hydrogen-instructions.h M src/hydrogen.h M src/hydrogen.cc M src/ia32/deoptimizer-ia32.cc M src/ia32/lithium-codegen-ia32.cc M src/ia32/stub-cache-ia32.cc M src/mips/deoptimizer-mips.cc M src/mips/lithium-codegen-mips.cc M src/mips/stub-cache-mips.cc M src/objects.cc M src/stub-cache.h M src/x64/deoptimizer-x64.cc M src/x64/lithium-codegen-x64.cc M src/x64/stub-cache-x64.cc A + test/mjsunit/regress/regress-crbug-134609.js -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
