From d955c20beb4b5ea383f7cf06e4bbc4d5bc34da4d Mon Sep 17 00:00:00 2001
From: "fschneider@chromium.org"
 <fschneider@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 22 Feb 2010 15:42:23 +0000
Subject: [PATCH] Fix reliability crash caused by wrong assert.

These two asserts in ComputeEntryFrame are wrong since the
virtual frame already knows how to deal with the number type
information of copy elements: We do not store type
information with copy elements. Instead the backing element
contains the type information.


Review URL: http://codereview.chromium.org/652044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/frame-element.h   | 3 +++
 src/jump-target-inl.h | 2 +-
 src/jump-target.cc    | 2 --
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/frame-element.h b/src/frame-element.h
index 4b372802d..5762814ff 100644
--- a/src/frame-element.h
+++ b/src/frame-element.h
@@ -65,6 +65,9 @@ class FrameElement BASE_EMBEDDED {
   }
 
   inline void set_number_info(NumberInfo::Type info) {
+    // Copied elements do not have number info. Instead
+    // we have to inspect their backing element in the frame.
+    ASSERT(!is_copy());
     value_ = value_ & ~NumberInfoField::mask();
     value_ = value_ | NumberInfoField::encode(info);
   }
diff --git a/src/jump-target-inl.h b/src/jump-target-inl.h
index dcd615eef..3cd9a8bde 100644
--- a/src/jump-target-inl.h
+++ b/src/jump-target-inl.h
@@ -42,7 +42,7 @@ void JumpTarget::InitializeEntryElement(int index, FrameElement* target) {
   } else if (target->is_copy()) {
     entry_frame_->elements_[target->index()].set_copied();
   }
-  if (direction_ == BIDIRECTIONAL) {
+  if (direction_ == BIDIRECTIONAL && !target->is_copy()) {
     entry_frame_->elements_[index].set_number_info(NumberInfo::kUnknown);
   }
 }
diff --git a/src/jump-target.cc b/src/jump-target.cc
index 66764e6a7..bce379a92 100644
--- a/src/jump-target.cc
+++ b/src/jump-target.cc
@@ -105,7 +105,6 @@ void JumpTarget::ComputeEntryFrame() {
         FrameElement* other = &reaching_frames_[j]->elements_[i];
         if (element != NULL && !element->is_copy()) {
           ASSERT(other != NULL);
-          ASSERT(!other->is_copy());
           // We overwrite the number information of one of the incoming frames.
           // This is safe because we only use the frame for emitting merge code.
           // The number information of incoming frames is not used anymore.
@@ -128,7 +127,6 @@ void JumpTarget::ComputeEntryFrame() {
     // elements as copied exactly when they have a copy.  Undetermined
     // elements are initially recorded as if in memory.
     if (target != NULL) {
-      ASSERT(!target->is_copy());  // These initial elements are never copies.
       entry_frame_->elements_[index] = *target;
       InitializeEntryElement(index, target);
     }
-- 
2.34.1