From: erik.corry@gmail.com <erik.corry@gmail.com@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 10 May 2012 21:25:49 +0000 (+0000)
Subject: Fix compose-discard crasher from 11524 - port to x64, ARM, MIPS.
X-Git-Tag: upstream/4.7.83~16726
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f8bdbf1ce112003973cff03668ae5dfa648ac8ff;p=platform%2Fupstream%2Fv8.git

Fix compose-discard crasher from 11524 - port to x64, ARM, MIPS.
This is now bug 2123.
TBR=mstarzinger
Review URL: https://chromiumcodereview.appspot.com/10391061

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index 79b56fc..0caeb12 100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -2589,8 +2589,7 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
   Register scratch = scratch0();
   int map_count = instr->hydrogen()->types()->length();
   Handle<String> name = instr->hydrogen()->name();
-  if (map_count == 0) {
-    ASSERT(instr->hydrogen()->need_generic());
+  if (map_count == 0 && instr->hydrogen()->need_generic()) {
     __ mov(r2, Operand(name));
     Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
     CallCode(ic, RelocInfo::CODE_TARGET, instr);
@@ -2606,20 +2605,28 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
       __ b(&done);
       __ bind(&next);
     }
-    Handle<Map> map = instr->hydrogen()->types()->last();
-    __ cmp(scratch, Operand(map));
     if (instr->hydrogen()->need_generic()) {
-      Label generic;
-      __ b(ne, &generic);
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
-      __ b(&done);
-      __ bind(&generic);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        __ cmp(scratch, Operand(map));
+        Label generic;
+        __ b(ne, &generic);
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+        __ b(&done);
+        __ bind(&generic);
+      }
       __ mov(r2, Operand(name));
       Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
       CallCode(ic, RelocInfo::CODE_TARGET, instr);
     } else {
-      DeoptimizeIf(ne, instr->environment());
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        __ cmp(scratch, Operand(map));
+        DeoptimizeIf(ne, instr->environment());
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+      } else {
+        DeoptimizeIf(al, instr->environment());
+      }
     }
     __ bind(&done);
   }
diff --git a/src/mips/lithium-codegen-mips.cc b/src/mips/lithium-codegen-mips.cc
index 122fd1e..5bf4d95 100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -2345,8 +2345,7 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
   Register scratch = scratch0();
   int map_count = instr->hydrogen()->types()->length();
   Handle<String> name = instr->hydrogen()->name();
-  if (map_count == 0) {
-    ASSERT(instr->hydrogen()->need_generic());
+  if (map_count == 0 && instr->hydrogen()->need_generic()) {
     __ li(a2, Operand(name));
     Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
     CallCode(ic, RelocInfo::CODE_TARGET, instr);
@@ -2361,19 +2360,26 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
       __ Branch(&done);
       __ bind(&next);
     }
-    Handle<Map> map = instr->hydrogen()->types()->last();
     if (instr->hydrogen()->need_generic()) {
-      Label generic;
-      __ Branch(&generic, ne, scratch, Operand(map));
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
-      __ Branch(&done);
-      __ bind(&generic);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        Label generic;
+        __ Branch(&generic, ne, scratch, Operand(map));
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+        __ Branch(&done);
+        __ bind(&generic);
+      }
       __ li(a2, Operand(name));
       Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
       CallCode(ic, RelocInfo::CODE_TARGET, instr);
     } else {
-      DeoptimizeIf(ne, instr->environment(), scratch, Operand(map));
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        DeoptimizeIf(ne, instr->environment(), scratch, Operand(map));
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+      } else {
+        DeoptimizeIf(al, instr->environment(), zero_reg, Operand(zero_reg));
+      }
     }
     __ bind(&done);
   }
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index 85e7ac0..feff9e7 100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -2225,8 +2225,7 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
   int map_count = instr->hydrogen()->types()->length();
   Handle<String> name = instr->hydrogen()->name();
 
-  if (map_count == 0) {
-    ASSERT(instr->hydrogen()->need_generic());
+  if (map_count == 0 && instr->hydrogen()->need_generic()) {
     __ Move(rcx, instr->hydrogen()->name());
     Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
     CallCode(ic, RelocInfo::CODE_TARGET, instr);
@@ -2241,20 +2240,28 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
       __ jmp(&done, Label::kNear);
       __ bind(&next);
     }
-    Handle<Map> map = instr->hydrogen()->types()->last();
-    __ Cmp(FieldOperand(object, HeapObject::kMapOffset), map);
     if (instr->hydrogen()->need_generic()) {
-      Label generic;
-      __ j(not_equal, &generic, Label::kNear);
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
-      __ jmp(&done, Label::kNear);
-      __ bind(&generic);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        __ Cmp(FieldOperand(object, HeapObject::kMapOffset), map);
+        Label generic;
+        __ j(not_equal, &generic, Label::kNear);
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+        __ jmp(&done, Label::kNear);
+        __ bind(&generic);
+      }
       __ Move(rcx, instr->hydrogen()->name());
       Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
       CallCode(ic, RelocInfo::CODE_TARGET, instr);
     } else {
-      DeoptimizeIf(not_equal, instr->environment());
-      EmitLoadFieldOrConstantFunction(result, object, map, name);
+      if (map_count != 0) {
+        Handle<Map> map = instr->hydrogen()->types()->last();
+        __ Cmp(FieldOperand(object, HeapObject::kMapOffset), map);
+        DeoptimizeIf(not_equal, instr->environment());
+        EmitLoadFieldOrConstantFunction(result, object, map, name);
+      } else {
+        DeoptimizeIf(no_condition, instr->environment());
+      }
     }
     __ bind(&done);
   }