review.tizen.org Git - platform/upstream/v8.git/commit

Fix bug in environment simulation after inlined call-as-function.

This change is based on my previous change enabling inlining calls-as-function
fixing the bugs related to deoptimization.

The function value on top of the environment was dropped too late in the old code.
As a result we could get a wrong value on top after deoptimization.

This change includes r9619. It was reverted because of test failures that are fixed
with this patch.
Review URL: http://codereview.chromium.org/8360001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

author	fschneider@chromium.org <fschneider@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 24 Oct 2011 13:53:08 +0000 (13:53 +0000)
committer	fschneider@chromium.org <fschneider@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Mon, 24 Oct 2011 13:53:08 +0000 (13:53 +0000)
commit	53e7502fa0b53f53a49de3cd1257107102e887aa
tree	7aaa7fafea1895d4e9a6ba6f586c6057d72336b5	tree \| snapshot
parent	f630ff0c67ccd1847f5ceaf242150b6a52309e48	commit \| diff

src/deoptimizer.cc		diff \| blob \| history
src/hydrogen.cc		diff \| blob \| history
src/hydrogen.h		diff \| blob \| history
src/ia32/full-codegen-ia32.cc		diff \| blob \| history
src/type-info.cc		diff \| blob \| history
src/type-info.h		diff \| blob \| history
test/mjsunit/compiler/regress-deopt-call-as-function.js	[new file with mode: 0644]	blob