Skip to content

Commit

Permalink
deps: backport 4af8029 from upstream V8
Browse files Browse the repository at this point in the history
Original commit message:

    [turbofan] Fix missing lazy deopt in object literals.

    This adds a missing lazy bailout point when defining data properties
    with computed property names in object literals. The runtime call to
    Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary
    bailout ID already exists and is now properly used.

    [email protected]
    TEST=mjsunit/regress/regress-crbug-621816
    BUG=chromium:621816

    Review-Url: https://codereview.chromium.org/2099133003
    Cr-Commit-Position: refs/heads/master@{#37294}

Refs: v8/v8@4af8029
PR-URL: #17290
Fixes: #14326
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
targos authored and MylesBorins committed Nov 28, 2017
1 parent ae3ad55 commit 50c3dab
Show file tree
Hide file tree
Showing 13 changed files with 41 additions and 4 deletions.
2 changes: 1 addition & 1 deletion deps/v8/include/v8-version.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 5
#define V8_MINOR_VERSION 1
#define V8_BUILD_NUMBER 281
#define V8_PATCH_LEVEL 108
#define V8_PATCH_LEVEL 109

// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
Expand Down
6 changes: 4 additions & 2 deletions deps/v8/src/compiler/ast-graph-builder.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1620,7 +1620,8 @@ void AstGraphBuilder::VisitClassLiteralContents(ClassLiteral* expr) {
jsgraph()->Constant(property->NeedsSetFunctionName());
const Operator* op =
javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
NewNode(op, receiver, key, value, attr, set_function_name);
Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
PrepareFrameState(call, BailoutId::None());
break;
}
case ObjectLiteral::Property::GETTER: {
Expand Down Expand Up @@ -1870,7 +1871,8 @@ void AstGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
jsgraph()->Constant(property->NeedsSetFunctionName());
const Operator* op =
javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
NewNode(op, receiver, key, value, attr, set_function_name);
Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
PrepareFrameState(call, expr->GetIdForPropertySet(property_index));
break;
}
case ObjectLiteral::Property::PROTOTYPE:
Expand Down
1 change: 0 additions & 1 deletion deps/v8/src/compiler/linkage.cc
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,6 @@ int Linkage::FrameStateInputCount(Runtime::FunctionId function) {
switch (function) {
case Runtime::kAllocateInTargetSpace:
case Runtime::kCreateIterResultObject:
case Runtime::kDefineDataPropertyInLiteral:
case Runtime::kDefineGetterPropertyUnchecked: // TODO(jarin): Is it safe?
case Runtime::kDefineSetterPropertyUnchecked: // TODO(jarin): Is it safe?
case Runtime::kFinalizeClassDefinition: // TODO(conradw): Is it safe?
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/arm/full-codegen-arm.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1572,6 +1572,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1557,6 +1557,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1493,6 +1493,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/mips/full-codegen-mips.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1569,6 +1569,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1570,6 +1570,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1532,6 +1532,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/s390/full-codegen-s390.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1491,6 +1491,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/x64/full-codegen-x64.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1518,6 +1518,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/src/full-codegen/x87/full-codegen-x87.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1485,6 +1485,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
PushOperand(Smi::FromInt(NONE));
PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
NO_REGISTERS);
} else {
DropOperands(3);
}
Expand Down
18 changes: 18 additions & 0 deletions deps/v8/test/mjsunit/regress/regress-crbug-621816.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --allow-natives-syntax --turbo

function f() {
var o = {};
o.a = 1;
}
function g() {
var o = { ['a']: function(){} };
f();
}
f();
f();
%OptimizeFunctionOnNextCall(g);
g();

0 comments on commit 50c3dab

Please sign in to comment.