From 5fe01da56885a5495376bcc2576317e3984f6235 Mon Sep 17 00:00:00 2001 From: "mstarzinger@chromium.org" Date: Mon, 17 Jun 2013 11:11:41 +0000 Subject: [PATCH] Fix bogus replay of arguments object binding in LChunkBuilder. R=jkummerow@chromium.org BUG=chromium:249894 TEST=webkit:fast/js/regress/inline-arguments-access.html Review URL: https://codereview.chromium.org/16938009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15179 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/arm/lithium-arm.cc | 5 +++-- src/ia32/lithium-ia32.cc | 5 +++-- src/mips/lithium-mips.cc | 5 +++-- src/x64/lithium-x64.cc | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/arm/lithium-arm.cc b/src/arm/lithium-arm.cc index 84aa2a6..b421f8a 100644 --- a/src/arm/lithium-arm.cc +++ b/src/arm/lithium-arm.cc @@ -2592,8 +2592,9 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { undefined, instr->inlining_kind(), instr->undefined_receiver()); - if (instr->arguments_var() != NULL) { - inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); + // Only replay binding of arguments object if it wasn't removed from graph. + if (instr->arguments_var() != NULL && instr->arguments_object()->IsLinked()) { + inner->Bind(instr->arguments_var(), instr->arguments_object()); } inner->set_entry(instr); current_block_->UpdateEnvironment(inner); diff --git a/src/ia32/lithium-ia32.cc b/src/ia32/lithium-ia32.cc index 706e031..885b2e3 100644 --- a/src/ia32/lithium-ia32.cc +++ b/src/ia32/lithium-ia32.cc @@ -2734,8 +2734,9 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { undefined, instr->inlining_kind(), instr->undefined_receiver()); - if (instr->arguments_var() != NULL) { - inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); + // Only replay binding of arguments object if it wasn't removed from graph. + if (instr->arguments_var() != NULL && instr->arguments_object()->IsLinked()) { + inner->Bind(instr->arguments_var(), instr->arguments_object()); } inner->set_entry(instr); current_block_->UpdateEnvironment(inner); diff --git a/src/mips/lithium-mips.cc b/src/mips/lithium-mips.cc index d4f450e..f725a11 100644 --- a/src/mips/lithium-mips.cc +++ b/src/mips/lithium-mips.cc @@ -2463,8 +2463,9 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { undefined, instr->inlining_kind(), instr->undefined_receiver()); - if (instr->arguments_var() != NULL) { - inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); + // Only replay binding of arguments object if it wasn't removed from graph. + if (instr->arguments_var() != NULL && instr->arguments_object()->IsLinked()) { + inner->Bind(instr->arguments_var(), instr->arguments_object()); } inner->set_entry(instr); current_block_->UpdateEnvironment(inner); diff --git a/src/x64/lithium-x64.cc b/src/x64/lithium-x64.cc index f776bf3..980cb21 100644 --- a/src/x64/lithium-x64.cc +++ b/src/x64/lithium-x64.cc @@ -2529,8 +2529,9 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { undefined, instr->inlining_kind(), instr->undefined_receiver()); - if (instr->arguments_var() != NULL) { - inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); + // Only replay binding of arguments object if it wasn't removed from graph. + if (instr->arguments_var() != NULL && instr->arguments_object()->IsLinked()) { + inner->Bind(instr->arguments_var(), instr->arguments_object()); } inner->set_entry(instr); current_block_->UpdateEnvironment(inner); -- 2.7.4