Fix compose-discard crasher from 11524. We can't do a call (to a generic

stub) unless there is a pointer map.  This does not fix the 3d-raytrace
regression, that will be in another change.
Review URL: https://chromiumcodereview.appspot.com/10382102

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11539 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
erik.corry@gmail.com 2012-05-10 20:34:06 +00:00
parent 7bf37bc6c6
commit 50ecb6f011

View File

@ -2275,8 +2275,7 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
int map_count = instr->hydrogen()->types()->length(); int map_count = instr->hydrogen()->types()->length();
Handle<String> name = instr->hydrogen()->name(); Handle<String> name = instr->hydrogen()->name();
if (map_count == 0) { if (map_count == 0 && instr->hydrogen()->need_generic()) {
ASSERT(instr->hydrogen()->need_generic());
__ mov(ecx, name); __ mov(ecx, name);
Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize(); Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
CallCode(ic, RelocInfo::CODE_TARGET, instr); CallCode(ic, RelocInfo::CODE_TARGET, instr);
@ -2291,20 +2290,28 @@ void LCodeGen::DoLoadNamedFieldPolymorphic(LLoadNamedFieldPolymorphic* instr) {
__ jmp(&done, Label::kNear); __ jmp(&done, Label::kNear);
__ bind(&next); __ bind(&next);
} }
Handle<Map> map = instr->hydrogen()->types()->last();
__ cmp(FieldOperand(object, HeapObject::kMapOffset), map);
if (instr->hydrogen()->need_generic()) { if (instr->hydrogen()->need_generic()) {
Label generic; if (map_count != 0) {
__ j(not_equal, &generic, Label::kNear); Handle<Map> map = instr->hydrogen()->types()->last();
EmitLoadFieldOrConstantFunction(result, object, map, name); __ cmp(FieldOperand(object, HeapObject::kMapOffset), map);
__ jmp(&done, Label::kNear); Label generic;
__ bind(&generic); __ j(not_equal, &generic, Label::kNear);
EmitLoadFieldOrConstantFunction(result, object, map, name);
__ jmp(&done, Label::kNear);
__ bind(&generic);
}
__ mov(ecx, name); __ mov(ecx, name);
Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize(); Handle<Code> ic = isolate()->builtins()->LoadIC_Initialize();
CallCode(ic, RelocInfo::CODE_TARGET, instr); CallCode(ic, RelocInfo::CODE_TARGET, instr);
} else { } else {
DeoptimizeIf(not_equal, instr->environment()); if (map_count != 0) {
EmitLoadFieldOrConstantFunction(result, object, map, name); Handle<Map> map = instr->hydrogen()->types()->last();
__ cmp(FieldOperand(object, HeapObject::kMapOffset), map);
DeoptimizeIf(not_equal, instr->environment());
EmitLoadFieldOrConstantFunction(result, object, map, name);
} else {
DeoptimizeIf(no_condition, instr->environment());
}
} }
__ bind(&done); __ bind(&done);
} }