[v8-dev] Fix bug in Code::VerifyRecompiledCode. (issue 1300363002 by yangguo@chromium.org)

Thu, 20 Aug 2015 06:57:19 -0700 

Reviewers: Michael Starzinger,

Description:
Fix bug in Code::VerifyRecompiledCode.

The code should do what the comment says :)

R=mstarzin...@chromium.org
BUG=chromium:522895
LOG=N

Please review this at https://codereview.chromium.org/1300363002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+23, -1 lines):
  M src/objects-debug.cc
  A test/mjsunit/regress/regress-crbug-522895.js


Index: src/objects-debug.cc
diff --git a/src/objects-debug.cc b/src/objects-debug.cc
index 6d87bd7aed8bdcf4af5e0678bd4ba696114625fe..543a528594e05eb27b0dae45cd14eaf47007a087 100644 
--- a/src/objects-debug.cc
+++ b/src/objects-debug.cc
@@ -1295,7 +1295,7 @@ void Code::VerifyRecompiledCode(Code* old_code, Code* new_code) { // Check call target for equality unless it's an IC or an interrupt check. 
     // In both cases they may be patched to be something else.
     if (!old_target->is_handler() && !old_target->is_inline_cache_stub() &&
- new_target == isolate->builtins()->builtin(Builtins::kInterruptCheck)) { + new_target != isolate->builtins()->builtin(Builtins::kInterruptCheck)) { 
       CHECK_EQ(old_target, new_target);
     }
     old_it.next();
Index: test/mjsunit/regress/regress-crbug-522895.js
diff --git a/test/mjsunit/regress/regress-crbug-522895.js b/test/mjsunit/regress/regress-crbug-522895.js 
new file mode 100644
index 0000000000000000000000000000000000000000..f28f3a1cb930ed2ad9775343cd231b346ab94c69 
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-522895.js
@@ -0,0 +1,22 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --use-osr
+
+var body =
+  "function bar1(  )  {" +
+  "  var i = 35;       " +
+  "  while (i-- > 31) {" +
+  "    %OptimizeOsr(); " +
+  "    j = 9;          " +
+  "    while (j-- > 7);" +
+  "  }                 " +
+  "  return i;         " +
+  "}";
+
+function gen() {
+  return eval("(" + body + ")");
+}
+
+gen()();


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to