Fix issue 979.

The issue is caused when deoptimizing to an internal AST ID in a postfix increment or decrement operation on variable. This could happen for a global variable. In that case, the optimized code was not properly simulating an extra stack slot in the unoptimized code to hold the original value. Review URL: http://codereview.chromium.org/5871002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix issue 979.
The issue is caused when deoptimizing to an internal AST ID in a postfix increment or decrement operation on variable. This could happen for a global variable. In that case, the optimized code was not properly simulating an extra stack slot in the unoptimized code to hold the original value. Review URL: http://codereview.chromium.org/5871002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
eb7b4e34 · kmillikin@chromium.org · 88dfadd0 · eb7b4e34
Commit eb7b4e34 authored Dec 15, 2010 by kmillikin@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 14 deletions

hydrogen.cc src/hydrogen.cc +13 -14

No files found.
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -4533,26 +4533,25 @@ void HGraphBuilder::VisitCountOperation(CountOperation* expr) {

    VISIT_FOR_VALUE(target);

-    HValue* value = Pop();
-    HInstruction* instr = BuildIncrement(value, inc);
-    AddInstruction(instr);
-
-    if (expr->is_prefix()) {
-      Push(instr);
-    } else {
-      Push(value);
-    }
+    // Match the full code generator stack by simulating an extra stack
+    // element for postfix operations in a non-effect context.
+    bool has_extra = expr->is_postfix() && !ast_context()->IsEffect();
+    HValue* before = has_extra ? Top() : Pop();
+    HInstruction* after = BuildIncrement(before, inc);
+    AddInstruction(after);
+    Push(after);

    if (var->is_global()) {
      HandleGlobalVariableAssignment(var,
-                                     instr,
+                                     after,
                                     expr->position(),
                                     expr->AssignmentId());
    } else {
      ASSERT(var->IsStackAllocated());
-      Bind(var, instr);
+      Bind(var, after);
    }
-    ast_context()->ReturnValue(Pop());
+    Drop(has_extra ? 2 : 1);
+    ast_context()->ReturnValue(expr->is_postfix() ? before : after);

  } else if (prop != NULL) {
    prop->RecordTypeFeedback(oracle());
@@ -4561,7 +4560,7 @@ void HGraphBuilder::VisitCountOperation(CountOperation* expr) {
      // Named property.

      // Match the full code generator stack by simulating an extra stack
-      // element for postfix operations in a value context.
+      // element for postfix operations in a non-effect context.
      bool has_extra = expr->is_postfix() && !ast_context()->IsEffect();
      if (has_extra) Push(graph_->GetConstantUndefined());

@@ -4602,7 +4601,7 @@ void HGraphBuilder::VisitCountOperation(CountOperation* expr) {
      // Keyed property.

      // Match the full code generator stack by simulate an extra stack element
-      // for postfix operations in a value context.
+      // for postfix operations in a non-effect context.
      bool has_extra = expr->is_postfix() && !ast_context()->IsEffect();
      if (has_extra) Push(graph_->GetConstantUndefined());