• Leszek Swirski's avatar
    [sparkplug] Clobber accumulator in StaGlobal · 732f394c
    Leszek Swirski authored
    StaGlobal didn't write the accumulator, but the baseline implementation
    assumed that it could preserve the accumulator by taking the return
    value of the StoreGlobalIC. This almost always worked, except for
    setters on the global object.
    
    Fix this by marking StaGlobal as clobbering the accumulator, same as
    StaNamedProperty (StaNamedProperty needs to do this anyway to avoid
    inlined setters from needing to create accumulator-preserving frames;
    StaGlobal would have needed the same thing if we'd ever inlined setters
    for it).
    
    Also, add a new debug scope, EnsureAccumulatorPreservedScope, to the
    baseline compiler, which checks if the accumulator value is preserved
    across non-accumulator-writing bytecodes. This found a (benign) bug with
    ForInPrepare, so fix that too.
    
    Fixed: chromium:1242306
    Change-Id: I220b5b1c41010c16ac9f944cbd55d2705c299434
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122325
    Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    Auto-Submit: Leszek Swirski <leszeks@chromium.org>
    Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#76525}
    732f394c
baseline-assembler-x64-inl.h 16.9 KB