HValue* value_to_push = Pop();
HValue* array = Pop();
- HValue* length = Add<HLoadNamedField>(array, static_cast<HValue*>(NULL),
- HObjectAccess::ForArrayLength(elements_kind));
+ HInstruction* new_size = NULL;
+ HValue* length = NULL;
{
NoObservableSideEffectsScope scope(this);
+ length = Add<HLoadNamedField>(array, static_cast<HValue*>(NULL),
+ HObjectAccess::ForArrayLength(elements_kind));
+
+ new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
+
bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
BuildUncheckedMonomorphicElementAccess(array, length,
value_to_push, is_array,
elements_kind, STORE,
NEVER_RETURN_HOLE,
STORE_AND_GROW_NO_TRANSITION);
+ Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
}
- HInstruction* new_size = NewUncasted<HAdd>(length, Add<HConstant>(argc));
Drop(1); // Drop function.
- ast_context()->ReturnInstruction(new_size, expr->id());
+ ast_context()->ReturnValue(new_size);
return true;
}
default:
--- /dev/null
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --deopt-every-n-times=5 --nodead-code-elimination
+
+var array = [];
+
+function push(array, value) {
+ array.push(value);
+}
+
+push(array, 0);
+push(array, 1);
+push(array, 2);
+%OptimizeFunctionOnNextCall(push);
+push(array, 3);
+
+var v = 0;
+Object.defineProperty(Array.prototype, "4", {
+ get: function() { return 100; },
+ set: function(value) { v = value; }
+});
+
+push(array, 4);
+
+assertEquals(5, array.length);
+assertEquals(100, array[4]);
+assertEquals(4, v);
projects / platform / upstream / v8.git / commitdiff