From 50ecb6f011f1a4cc55e81547211db1ae720f7a44 Mon Sep 17 00:00:00 2001 From: "erik.corry@gmail.com" Date: Thu, 10 May 2012 20:34:06 +0000 Subject: [PATCH] Fix compose-discard crasher from 11524. We can't do a call (to a generic stub) unless there is a pointer map. This does not fix the 3d-raytrace regression, that will be in another change. Review URL: https://chromiumcodereview.appspot.com/10382102 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/ia32/lithium-codegen-ia32.cc | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc index 053bcb6424..63f9c973bf 100644 --- a/src/ia32/lithium-codegen-ia32.cc +++ b/src/ia32/lithium-codegen-ia32.cc @@ -2275,8 +2275,7 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) { int map_count = instr->hydrogen()->types()->length(); Handle name = instr->hydrogen()->name(); - if (map_count == 0) { - ASSERT(instr->hydrogen()->need_generic()); + if (map_count == 0 && instr->hydrogen()->need_generic()) { __ mov(ecx, name); Handle ic = isolate()->builtins()->LoadIC_Initialize(); CallCode(ic, RelocInfo::CODE_TARGET, instr); @@ -2291,20 +2290,28 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) { __ jmp(&done, Label::kNear); __ bind(&next); } - Handle map = instr->hydrogen()->types()->last(); - __ cmp(FieldOperand(object, HeapObject::kMapOffset), map); if (instr->hydrogen()->need_generic()) { - Label generic; - __ j(not_equal, &generic, Label::kNear); - EmitLoadFieldOrConstantFunction(result, object, map, name); - __ jmp(&done, Label::kNear); - __ bind(&generic); + if (map_count != 0) { + Handle map = instr->hydrogen()->types()->last(); + __ cmp(FieldOperand(object, HeapObject::kMapOffset), map); + Label generic; + __ j(not_equal, &generic, Label::kNear); + EmitLoadFieldOrConstantFunction(result, object, map, name); + __ jmp(&done, Label::kNear); + __ bind(&generic); + } __ mov(ecx, name); Handle ic = isolate()->builtins()->LoadIC_Initialize(); CallCode(ic, RelocInfo::CODE_TARGET, instr); } else { - DeoptimizeIf(not_equal, instr->environment()); - EmitLoadFieldOrConstantFunction(result, object, map, name); + if (map_count != 0) { + Handle map = instr->hydrogen()->types()->last(); + __ cmp(FieldOperand(object, HeapObject::kMapOffset), map); + DeoptimizeIf(not_equal, instr->environment()); + EmitLoadFieldOrConstantFunction(result, object, map, name); + } else { + DeoptimizeIf(no_condition, instr->environment()); + } } __ bind(&done); }