Reviewers: Jakob,
Description:
Fix bogus replay of arguments object binding in LChunkBuilder.
[email protected]
BUG=chromium:249894
TEST=webkit:fast/js/regress/inline-arguments-access.html
Please review this at https://codereview.chromium.org/16938009/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/arm/lithium-arm.cc
M src/ia32/lithium-ia32.cc
M src/mips/lithium-mips.cc
M src/x64/lithium-x64.cc
Index: src/arm/lithium-arm.cc
diff --git a/src/arm/lithium-arm.cc b/src/arm/lithium-arm.cc
index
84aa2a61dd7f0faf93de0a4fdbacdc8a9f2d2ed4..b421f8a045204126c48babca9592b147b001f15f
100644
--- a/src/arm/lithium-arm.cc
+++ b/src/arm/lithium-arm.cc
@@ -2592,8 +2592,9 @@ LInstruction*
LChunkBuilder::DoEnterInlined(HEnterInlined* instr) {
undefined,
instr->inlining_kind(),
instr->undefined_receiver());
- if (instr->arguments_var() != NULL) {
- inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
+ // Only replay binding of arguments object if it wasn't removed from
graph.
+ if (instr->arguments_var() != NULL &&
instr->arguments_object()->IsLinked()) {
+ inner->Bind(instr->arguments_var(), instr->arguments_object());
}
inner->set_entry(instr);
current_block_->UpdateEnvironment(inner);
Index: src/ia32/lithium-ia32.cc
diff --git a/src/ia32/lithium-ia32.cc b/src/ia32/lithium-ia32.cc
index
706e031d9f21fd13498974c85220dee0402b935d..885b2e304e3a57b8cb473a02ed61a069379ac017
100644
--- a/src/ia32/lithium-ia32.cc
+++ b/src/ia32/lithium-ia32.cc
@@ -2734,8 +2734,9 @@ LInstruction*
LChunkBuilder::DoEnterInlined(HEnterInlined* instr) {
undefined,
instr->inlining_kind(),
instr->undefined_receiver());
- if (instr->arguments_var() != NULL) {
- inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
+ // Only replay binding of arguments object if it wasn't removed from
graph.
+ if (instr->arguments_var() != NULL &&
instr->arguments_object()->IsLinked()) {
+ inner->Bind(instr->arguments_var(), instr->arguments_object());
}
inner->set_entry(instr);
current_block_->UpdateEnvironment(inner);
Index: src/mips/lithium-mips.cc
diff --git a/src/mips/lithium-mips.cc b/src/mips/lithium-mips.cc
index
d4f450e5c4ce60be2cdaaeb3a6e961223055ac57..f725a11419c7d42cf6f38bc9dd661c2cbe40fefa
100644
--- a/src/mips/lithium-mips.cc
+++ b/src/mips/lithium-mips.cc
@@ -2463,8 +2463,9 @@ LInstruction*
LChunkBuilder::DoEnterInlined(HEnterInlined* instr) {
undefined,
instr->inlining_kind(),
instr->undefined_receiver());
- if (instr->arguments_var() != NULL) {
- inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
+ // Only replay binding of arguments object if it wasn't removed from
graph.
+ if (instr->arguments_var() != NULL &&
instr->arguments_object()->IsLinked()) {
+ inner->Bind(instr->arguments_var(), instr->arguments_object());
}
inner->set_entry(instr);
current_block_->UpdateEnvironment(inner);
Index: src/x64/lithium-x64.cc
diff --git a/src/x64/lithium-x64.cc b/src/x64/lithium-x64.cc
index
f776bf339f5d595e63a9a2633a72f7927efd4e97..980cb2112825a5d2969a1ea024120946efbf3c72
100644
--- a/src/x64/lithium-x64.cc
+++ b/src/x64/lithium-x64.cc
@@ -2529,8 +2529,9 @@ LInstruction*
LChunkBuilder::DoEnterInlined(HEnterInlined* instr) {
undefined,
instr->inlining_kind(),
instr->undefined_receiver());
- if (instr->arguments_var() != NULL) {
- inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
+ // Only replay binding of arguments object if it wasn't removed from
graph.
+ if (instr->arguments_var() != NULL &&
instr->arguments_object()->IsLinked()) {
+ inner->Bind(instr->arguments_var(), instr->arguments_object());
}
inner->set_entry(instr);
current_block_->UpdateEnvironment(inner);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
