[turbofan] Fix missing lazy deopt in object literals.

mstarzinger · Commit bot · commit 4af80298b66f · 2016-06-27T13:56:00.000Z
This adds a missing lazy bailout point when defining data properties with computed property names in object literals. The runtime call to Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary bailout ID already exists and is now properly used. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-621816 BUG=chromium:621816 Review-Url: https://codereview.chromium.org/2099133003 Cr-Commit-Position: refs/heads/master@{#37294}
diff --git a/src/compiler/ast-graph-builder.cc b/src/compiler/ast-graph-builder.cc
@@ -1668,7 +1668,8 @@ void AstGraphBuilder::VisitClassLiteralContents(ClassLiteral* expr) {
             jsgraph()->Constant(property->NeedsSetFunctionName());
         const Operator* op =
             javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
-        NewNode(op, receiver, key, value, attr, set_function_name);
+        Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
+        PrepareFrameState(call, BailoutId::None());
         break;
       }
       case ObjectLiteral::Property::GETTER: {
@@ -1916,7 +1917,8 @@ void AstGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
             jsgraph()->Constant(property->NeedsSetFunctionName());
         const Operator* op =
             javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
-        NewNode(op, receiver, key, value, attr, set_function_name);
+        Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
+        PrepareFrameState(call, expr->GetIdForPropertySet(property_index));
         break;
       }
       case ObjectLiteral::Property::PROTOTYPE:
diff --git a/src/compiler/linkage.cc b/src/compiler/linkage.cc
@@ -139,7 +139,6 @@ bool Linkage::NeedsFrameStateInput(Runtime::FunctionId function) {
     case Runtime::kAbort:
     case Runtime::kAllocateInTargetSpace:
     case Runtime::kCreateIterResultObject:
-    case Runtime::kDefineDataPropertyInLiteral:
     case Runtime::kDefineGetterPropertyUnchecked:  // TODO(jarin): Is it safe?
     case Runtime::kDefineSetterPropertyUnchecked:  // TODO(jarin): Is it safe?
     case Runtime::kForInDone:
diff --git a/src/full-codegen/arm/full-codegen-arm.cc b/src/full-codegen/arm/full-codegen-arm.cc
@@ -1548,6 +1548,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/arm64/full-codegen-arm64.cc b/src/full-codegen/arm64/full-codegen-arm64.cc
@@ -1531,6 +1531,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/ia32/full-codegen-ia32.cc b/src/full-codegen/ia32/full-codegen-ia32.cc
@@ -1466,6 +1466,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/mips/full-codegen-mips.cc b/src/full-codegen/mips/full-codegen-mips.cc
@@ -1542,6 +1542,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/mips64/full-codegen-mips64.cc b/src/full-codegen/mips64/full-codegen-mips64.cc
@@ -1543,6 +1543,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/ppc/full-codegen-ppc.cc b/src/full-codegen/ppc/full-codegen-ppc.cc
@@ -1508,6 +1508,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/s390/full-codegen-s390.cc b/src/full-codegen/s390/full-codegen-s390.cc
@@ -1469,6 +1469,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/x64/full-codegen-x64.cc b/src/full-codegen/x64/full-codegen-x64.cc
@@ -1494,6 +1494,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/src/full-codegen/x87/full-codegen-x87.cc b/src/full-codegen/x87/full-codegen-x87.cc
@@ -1463,6 +1463,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   BailoutState::NO_REGISTERS);
           } else {
             DropOperands(3);
           }
diff --git a/test/mjsunit/regress/regress-crbug-621816.js b/test/mjsunit/regress/regress-crbug-621816.js
@@ -0,0 +1,18 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turbo
+
+function f() {
+  var o = {};
+  o.a = 1;
+}
+function g() {
+  var o = { ['a']: function(){} };
+  f();
+}
+f();
+f();
+%OptimizeFunctionOnNextCall(g);
+g();

Original file line number	Diff line number	Diff line change
`@@ -1548,6 +1548,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1548`	`1548`	`PushOperand(Smi::FromInt(NONE));`
`1549`	`1549`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1550`	`1550`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1551`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1552`	`+ BailoutState::NO_REGISTERS);`
`1551`	`1553`	`} else {`
`1552`	`1554`	`DropOperands(3);`
`1553`	`1555`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1531,6 +1531,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1531`	`1531`	`PushOperand(Smi::FromInt(NONE));`
`1532`	`1532`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1533`	`1533`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1534`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1535`	`+ BailoutState::NO_REGISTERS);`
`1534`	`1536`	`} else {`
`1535`	`1537`	`DropOperands(3);`
`1536`	`1538`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1466,6 +1466,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1466`	`1466`	`PushOperand(Smi::FromInt(NONE));`
`1467`	`1467`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1468`	`1468`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1469`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1470`	`+ BailoutState::NO_REGISTERS);`
`1469`	`1471`	`} else {`
`1470`	`1472`	`DropOperands(3);`
`1471`	`1473`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1542,6 +1542,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1542`	`1542`	`PushOperand(Smi::FromInt(NONE));`
`1543`	`1543`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1544`	`1544`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1545`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1546`	`+ BailoutState::NO_REGISTERS);`
`1545`	`1547`	`} else {`
`1546`	`1548`	`DropOperands(3);`
`1547`	`1549`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1543,6 +1543,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1543`	`1543`	`PushOperand(Smi::FromInt(NONE));`
`1544`	`1544`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1545`	`1545`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1546`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1547`	`+ BailoutState::NO_REGISTERS);`
`1546`	`1548`	`} else {`
`1547`	`1549`	`DropOperands(3);`
`1548`	`1550`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1508,6 +1508,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1508`	`1508`	`PushOperand(Smi::FromInt(NONE));`
`1509`	`1509`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1510`	`1510`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1511`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1512`	`+ BailoutState::NO_REGISTERS);`
`1511`	`1513`	`} else {`
`1512`	`1514`	`DropOperands(3);`
`1513`	`1515`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1469,6 +1469,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1469`	`1469`	`PushOperand(Smi::FromInt(NONE));`
`1470`	`1470`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1471`	`1471`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1472`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1473`	`+ BailoutState::NO_REGISTERS);`
`1472`	`1474`	`} else {`
`1473`	`1475`	`DropOperands(3);`
`1474`	`1476`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1494,6 +1494,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {`
`1494`	`1494`	`PushOperand(Smi::FromInt(NONE));`
`1495`	`1495`	`PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));`
`1496`	`1496`	`CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);`
	`1497`	`+ PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),`
	`1498`	`+ BailoutState::NO_REGISTERS);`
`1497`	`1499`	`} else {`
`1498`	`1500`	`DropOperands(3);`
`1499`	`1501`	`}`