Fix deoptimization of context.

We need to handle the case where the context was removed by dead code
elimination. In that case, we just use the context from the activation
(or from the inlined function if we are inlined).

For reference, here is the CL that introduced the bug: https://codereview.chromium.org/522873002

BUG=410566
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/542613002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23699 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/deoptimizer.cc

@@ -1067,6 +1067,18 @@ void Deoptimizer::DoComputeJSFrame(TranslationIterator* iterator,
   // The context should not be a placeholder for a materialized object.
   CHECK(value !=
         reinterpret_cast<intptr_t>(isolate_->heap()->arguments_marker()));
+  if (value ==
+      reinterpret_cast<intptr_t>(isolate_->heap()->undefined_value())) {
+    // If the context was optimized away, just use the context from
+    // the activation. This should only apply to Crankshaft code.
+    CHECK(!compiled_code_->is_turbofanned());
+    if (is_bottommost) {
+      value = input_->GetFrameSlot(input_offset);
+    } else {
+      value = reinterpret_cast<intptr_t>(function->context());
+    }
+    output_frame->SetFrameSlot(output_offset, value);
+  }
   output_frame->SetContext(value);
   if (is_topmost) output_frame->SetRegister(context_reg.code(), value);
   if (trace_scope_ != NULL) {

test/cctest/compiler/test-codegen-deopt.cc

@@ -139,10 +139,11 @@ class TrivialDeoptCodegenTester : public DeoptCodegenTester {
         Unique<Object>::CreateUninitialized(deopt_function);
     Node* deopt_fun_node = m.NewNode(common.HeapConstant(deopt_fun_constant));
 
-    Handle<Context> context(deopt_function->context(), CcTest::i_isolate());
-    Unique<Object> context_constant =
-        Unique<Object>::CreateUninitialized(context);
-    Node* context_node = m.NewNode(common.HeapConstant(context_constant));
+    Handle<Context> caller_context(function->context(), CcTest::i_isolate());
+    Unique<Object> caller_context_constant =
+        Unique<Object>::CreateUninitialized(caller_context);
+    Node* caller_context_node =
+        m.NewNode(common.HeapConstant(caller_context_constant));
 
     bailout_id = GetCallBailoutId();
     Node* parameters = m.NewNode(common.StateValues(1), m.UndefinedConstant());
@@ -151,7 +152,12 @@ class TrivialDeoptCodegenTester : public DeoptCodegenTester {
 
     Node* state_node =
         m.NewNode(common.FrameState(bailout_id, kIgnoreOutput), parameters,
-                  locals, stack, m.UndefinedConstant(), m.UndefinedConstant());
+                  locals, stack, caller_context_node, m.UndefinedConstant());
+
+    Handle<Context> context(deopt_function->context(), CcTest::i_isolate());
+    Unique<Object> context_constant =
+        Unique<Object>::CreateUninitialized(context);
+    Node* context_node = m.NewNode(common.HeapConstant(context_constant));
 
     m.CallJS0(deopt_fun_node, m.UndefinedConstant(), context_node, state_node);
 
@@ -260,7 +266,7 @@ class TrivialRuntimeDeoptCodegenTester : public DeoptCodegenTester {
 
     Node* state_node =
         m.NewNode(common.FrameState(bailout_id, kIgnoreOutput), parameters,
-                  locals, stack, m.UndefinedConstant(), m.UndefinedConstant());
+                  locals, stack, context_node, m.UndefinedConstant());
 
     m.CallRuntime1(Runtime::kDeoptimizeFunction, this_fun_node, context_node,
                    state_node);