Fix clobbered register when setting this_function variable.

Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91 R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-498022 BUG=chromium:498022 LOG=N Review URL: https://codereview.chromium.org/1214483008 Cr-Commit-Position: refs/heads/master@{#29372}

Fix clobbered register when setting this_function variable.
Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91 R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-498022 BUG=chromium:498022 LOG=N Review URL: https://codereview.chromium.org/1214483008 Cr-Commit-Position: refs/heads/master@{#29372}
a7697bdc · mstarzinger · Commit bot · 6527825f · a7697bdc · a7697bdc
Commit a7697bdc authored Jun 30, 2015 by mstarzinger Committed by Commit bot Jun 30, 2015
9 changed files
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -243,6 +243,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ ldr(r1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, r1, r0, r2);
  }


--- a/src/arm64/full-codegen-arm64.cc
+++ b/src/arm64/full-codegen-arm64.cc
@@ -244,6 +244,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register_x1) {
+      __ Ldr(x1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, x1, x0, x2);
  }


--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -239,6 +239,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, edi, ebx, edx);
  }


--- a/src/mips/full-codegen-mips.cc
+++ b/src/mips/full-codegen-mips.cc
@@ -252,6 +252,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, a1, a2, a3);
  }


--- a/src/mips64/full-codegen-mips64.cc
+++ b/src/mips64/full-codegen-mips64.cc
@@ -249,6 +249,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ ld(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, a1, a2, a3);
  }


--- a/src/ppc/full-codegen-ppc.cc
+++ b/src/ppc/full-codegen-ppc.cc
@@ -248,6 +248,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ LoadP(r4, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, r4, r3, r5);
  }


--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -235,6 +235,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ movp(rdi, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, rdi, rbx, rdx);
  }


--- a/src/x87/full-codegen-x87.cc
+++ b/src/x87/full-codegen-x87.cc
@@ -236,6 +236,10 @@ void FullCodeGenerator::Generate() {
  Variable* this_function_var = scope()->this_function_var();
  if (this_function_var != nullptr) {
    Comment cmnt(masm_, "[ This function");
+    if (!function_in_register) {
+      __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+      // The write barrier clobbers register again, keep is marked as such.
+    }
    SetVar(this_function_var, edi, ebx, edx);
  }


--- a/test/mjsunit/regress/regress-crbug-498022.js
+++ b/test/mjsunit/regress/regress-crbug-498022.js
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --debug-code --nouse-gvn
+
+"use strict";
+class Base {
+}
+class Derived extends Base {
+  constructor() {
+    eval();
+  }
+}
+assertThrows("new Derived()", ReferenceError);