From ae0bc41635759d67dbb4bc7dfdec2dce48e1b098 Mon Sep 17 00:00:00 2001 From: jarin Date: Mon, 27 Apr 2015 01:31:56 -0700 Subject: [PATCH] Fix stack layout of full code arm64 for object literal. BUG= Review URL: https://codereview.chromium.org/1095203005 Cr-Commit-Position: refs/heads/master@{#28055} --- src/arm64/full-codegen-arm64.cc | 12 +++++------- test/mjsunit/compiler/lazy-deopt-in-literal.js | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 test/mjsunit/compiler/lazy-deopt-in-literal.js diff --git a/src/arm64/full-codegen-arm64.cc b/src/arm64/full-codegen-arm64.cc index 18c0237..80013e4 100644 --- a/src/arm64/full-codegen-arm64.cc +++ b/src/arm64/full-codegen-arm64.cc @@ -1740,19 +1740,17 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) { } break; } + __ Peek(x0, 0); + __ Push(x0); + VisitForStackValue(key); + VisitForStackValue(value); if (property->emit_store()) { - // Duplicate receiver on stack. - __ Peek(x0, 0); - __ Push(x0); - VisitForStackValue(key); - VisitForStackValue(value); EmitSetHomeObjectIfNeeded(value, 2); __ Mov(x0, Smi::FromInt(SLOPPY)); // Language mode __ Push(x0); __ CallRuntime(Runtime::kSetProperty, 4); } else { - VisitForEffect(key); - VisitForEffect(value); + __ Drop(3); } break; case ObjectLiteral::Property::PROTOTYPE: diff --git a/test/mjsunit/compiler/lazy-deopt-in-literal.js b/test/mjsunit/compiler/lazy-deopt-in-literal.js new file mode 100644 index 0000000..0a1481c --- /dev/null +++ b/test/mjsunit/compiler/lazy-deopt-in-literal.js @@ -0,0 +1,20 @@ +// Copyright 2015 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function deopt() { + %DeoptimizeFunction(fun3); +} + +function fun3() { + var r = { 113: deopt(), 113: 7 }; + return r[113]; +} + +fun3(); +fun3(); +%OptimizeFunctionOnNextCall(fun3); +var y = fun3(); +assertEquals(7, y); -- 2.7.4