From b8ecd94c7212e1d2ff7b85e2d02d5c8c0aed4161 Mon Sep 17 00:00:00 2001 From: mstarzinger Date: Sun, 5 Jul 2015 20:40:22 -0700 Subject: [PATCH] [turbofan] Fix bogus materialization from frame with OSR. The context constant cannot be materialized from the frame when we are compiling for OSR, because the context spill slot contains the current instead of the outermost context in full-codegen. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1220013003 Cr-Commit-Position: refs/heads/master@{#29472} --- src/compiler/code-generator.cc | 2 +- test/mjsunit/regress/regress-osr-context.js | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 test/mjsunit/regress/regress-osr-context.js diff --git a/src/compiler/code-generator.cc b/src/compiler/code-generator.cc index 8d4baa3..2903c3d 100644 --- a/src/compiler/code-generator.cc +++ b/src/compiler/code-generator.cc @@ -231,7 +231,7 @@ void CodeGenerator::RecordSafepoint(ReferenceMap* references, bool CodeGenerator::IsMaterializableFromFrame(Handle object, int* offset_return) { if (linkage()->GetIncomingDescriptor()->IsJSFunctionCall()) { - if (object.is_identical_to(info()->context())) { + if (object.is_identical_to(info()->context()) && !info()->is_osr()) { *offset_return = StandardFrameConstants::kContextOffset; return true; } else if (object.is_identical_to(info()->closure())) { diff --git a/test/mjsunit/regress/regress-osr-context.js b/test/mjsunit/regress/regress-osr-context.js new file mode 100644 index 0000000..8ceb791 --- /dev/null +++ b/test/mjsunit/regress/regress-osr-context.js @@ -0,0 +1,19 @@ +// Copyright 2015 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax --context-specialization --turbo-filter=f + +(function() { + "use strict"; + var a = 23; + function f() { + for (let i = 0; i < 5; ++i) { + a--; // Make sure {a} is non-immutable, hence context allocated. + function g() { return i } // Make sure block has a context. + if (i == 2) %OptimizeOsr(); + } + return a; + } + assertEquals(18, f()); +})(); -- 2.7.4