From 0e76bfeae79d905a94f58ab94fe5f4608839e403 Mon Sep 17 00:00:00 2001 From: "kmillikin@chromium.org" Date: Tue, 24 May 2011 12:12:41 +0000 Subject: [PATCH] Fix a bug in deoptimization on x64. When deoptimizing to just after an ignored (because of a duplicate property name) object literal property initializer, we incorrectly saw the value of the initializer expression on the stack in the unoptimized code. The bug affected x64 only. R=fschneider@chromium.org BUG=v8:1404 Review URL: http://codereview.chromium.org/7066015 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8028 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/x64/full-codegen-x64.cc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc index e2bdef7..bcfbc38 100644 --- a/src/x64/full-codegen-x64.cc +++ b/src/x64/full-codegen-x64.cc @@ -1392,13 +1392,17 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) { // Fall through. case ObjectLiteral::Property::COMPUTED: if (key->handle()->IsSymbol()) { - VisitForAccumulatorValue(value); - __ Move(rcx, key->handle()); - __ movq(rdx, Operand(rsp, 0)); if (property->emit_store()) { - Handle ic = isolate()->builtins()->StoreIC_Initialize(); + VisitForAccumulatorValue(value); + __ Move(rcx, key->handle()); + __ movq(rdx, Operand(rsp, 0)); + Handle ic = is_strict_mode() + ? isolate()->builtins()->StoreIC_Initialize_Strict() + : isolate()->builtins()->StoreIC_Initialize(); EmitCallIC(ic, RelocInfo::CODE_TARGET, key->id()); PrepareForBailoutForId(key->id(), NO_REGISTERS); + } else { + VisitForEffect(value); } break; } -- 2.7.4