Reviewers: Michael Starzinger,
Description:
Reland "[turbofan] Fix control reducer bug with NTLs."
[email protected]
BUG=
Please review this at https://codereview.chromium.org/789083004/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+47, -3 lines):
M src/compiler/control-reducer.cc
A test/mjsunit/regress-ntl.js
Index: src/compiler/control-reducer.cc
diff --git a/src/compiler/control-reducer.cc
b/src/compiler/control-reducer.cc
index
236ce4b77ef725306f308c3b96771e5041db07a3..e738ccf24e82f874447cb4584a78b8c488e71a57
100644
--- a/src/compiler/control-reducer.cc
+++ b/src/compiler/control-reducer.cc
@@ -107,7 +107,7 @@ class ControlReducerImpl {
// We use a stack of (Node, UseIter) pairs to avoid O(n^2) traversal.
typedef std::pair<Node*, UseIter> FwIter;
- ZoneDeque<FwIter> fw_stack(zone_);
+ ZoneVector<FwIter> fw_stack(zone_);
fw_stack.push_back(FwIter(start, start->uses().begin()));
while (!fw_stack.empty()) {
@@ -123,8 +123,11 @@ class ControlReducerImpl {
marked.SetReachableFromEnd(added);
AddBackwardsReachableNodes(marked, nodes, nodes.size() - 1);
- // The use list of {succ} might have changed.
- fw_stack[fw_stack.size() - 1] = FwIter(succ,
succ->uses().begin());
+ // Reset the use iterators for the entire stack.
+ for (size_t i = 0; i < fw_stack.size(); i++) {
+ FwIter& iter = fw_stack[i];
+ fw_stack[i] = FwIter(iter.first, iter.first->uses().begin());
+ }
pop = false; // restart traversing successors of this node.
break;
}
Index: test/mjsunit/regress-ntl.js
diff --git a/test/mjsunit/regress-ntl.js b/test/mjsunit/regress-ntl.js
new file mode 100644
index
0000000000000000000000000000000000000000..993599e552369a2964c26fade7dc594c1f9d0a20
--- /dev/null
+++ b/test/mjsunit/regress-ntl.js
@@ -0,0 +1,41 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function mod1() {
+ var v_1 = 1;
+ var v_2 = 1;
+ v_1++;
+ v_2 = {valueOf: function() { throw "gagh"; }};
+
+ function bug1() {
+ for (var i = 0; i < 1; v_2++) {
+ if (v_1 == 1) ;
+ }
+ }
+
+ return bug1;
+}
+
+var f = mod1();
+assertThrows(f);
+%OptimizeFunctionOnNextCall(f);
+assertThrows(f);
+
+
+var v_3 = 1;
+var v_4 = 1;
+v_3++;
+v_4 = {valueOf: function() { throw "gagh"; }};
+
+function bug2() {
+ for (var i = 0; i < 1; v_4++) {
+ if (v_3 == 1) ;
+ }
+}
+
+assertThrows(bug2);
+%OptimizeFunctionOnNextCall(bug2);
+assertThrows(bug2);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
