Commit a95cdbb4 authored by mstarzinger's avatar mstarzinger Committed by Commit bot

[turbofan] Fix deopt point for [[ToObject]] lazy bailout.

This fixes the deoptimization information for the lazy bailout point
after a [[ToObject]] operation inserted for with statements. The result
value was pushed on the operand stack but erroneously ignored and left
on the operand stack by the FullCodeGenerator.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-5205
BUG=v8:5205

Review-Url: https://codereview.chromium.org/2158443002
Cr-Commit-Position: refs/heads/master@{#37818}
parent 3e5872f1
......@@ -1070,7 +1070,7 @@ void FullCodeGenerator::VisitWithStatement(WithStatement* stmt) {
Callable callable = CodeFactory::ToObject(isolate());
__ Move(callable.descriptor().GetRegisterParameter(0), result_register());
__ Call(callable.code(), RelocInfo::CODE_TARGET);
PrepareForBailoutForId(stmt->ToObjectId(), BailoutState::NO_REGISTERS);
PrepareForBailoutForId(stmt->ToObjectId(), BailoutState::TOS_REGISTER);
PushOperand(result_register());
PushFunctionArgumentForContextAllocation();
CallRuntimeWithOperands(Runtime::kPushWithContext);
......
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --gc-global
(function TestGCDuringToObjectForWith() {
function f(o) {
if (o == 'warmup') { return g() }
with (o) { return x }
}
function g() {
// Only a marker function serving as weak embedded object.
}
// Warm up 'f' so that weak embedded object 'g' will be used.
f('warmup');
f('warmup');
g = null;
// Test that 'f' behaves correctly unoptimized.
assertEquals(23, f({ x:23 }));
assertEquals(42, f({ x:42 }));
// Test that 'f' behaves correctly optimized.
%OptimizeFunctionOnNextCall(f);
assertEquals(65, f({ x:65 }));
// Test that 'f' behaves correctly on numbers.
Number.prototype.x = 99;
assertEquals(99, f(0));
// Make sure the next [[ToObject]] allocation triggers GC. This in turn will
// deoptimize 'f' because it has the weak embedded object 'g' in the code.
%SetAllocationTimeout(1000, 1, false);
assertEquals(99, f(0));
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment