Reviewers: Sven Panne,
Message:
PTAL
Description:
[turbofan] Make Factory::NewNumber() always return the minus_zero_value.
TEST=unittests
Please review this at https://codereview.chromium.org/857783002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+36, -1 lines):
M src/factory.cc
M src/ic/ic.cc
A test/unittests/factory-unittest.cc
M test/unittests/unittests.gyp
Index: src/factory.cc
diff --git a/src/factory.cc b/src/factory.cc
index
fe99aa63227892c8f9527935c3f4bfe824b8f7fa..1f210bf7429419bc4a8e9062978d0f4906dc2689
100644
--- a/src/factory.cc
+++ b/src/factory.cc
@@ -1018,7 +1018,7 @@ Handle<Object> Factory::NewNumber(double value,
// We need to distinguish the minus zero value and this cannot be
// done after conversion to int. Doing this by comparing bit
// patterns is faster than using fpclassify() et al.
- if (IsMinusZero(value)) return NewHeapNumber(-0.0, IMMUTABLE, pretenure);
+ if (IsMinusZero(value)) return minus_zero_value();
int int_value = FastD2IChecked(value);
if (value == int_value && Smi::IsValid(int_value)) {
Index: src/ic/ic.cc
diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index
16dc6dc93c715a0f0c051cdb583e7b8028188c18..24689332ffb1a3279827e277919cc03d925efb8c
100644
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -2499,6 +2499,19 @@ MaybeHandle<Object> BinaryOpIC::Transition(
ASSIGN_RETURN_ON_EXCEPTION(
isolate(), result, Execution::Call(isolate(), function, left, 1,
&right),
Object);
+ if (result->IsHeapNumber()) {
+ // If the result of this BinaryOpIC is used as left or right hand side
of
+ // another binary operation, full-codegen.cc might have decided that
its
+ // safe to reuse the double box returned by this BinaryOpIC, but the
builtin
+ // above does not know or care about this fact and might return a
canonical
+ // value (i.e. the global minus zero constant), which we would then
+ // overwrite in the surrounding binary operation. So to be safe, we
need to
+ // take a copy of heap numbers here.
+ result = isolate()->factory()->NewHeapNumber(result->Number());
+ }
+ DCHECK(!result.is_identical_to(isolate()->factory()->nan_value()));
+ DCHECK(!result.is_identical_to(isolate()->factory()->infinity_value()));
+
DCHECK(!result.is_identical_to(isolate()->factory()->minus_zero_value()));
// Execution::Call can execute arbitrary JavaScript, hence potentially
// update the state of this very IC, so we must update the stored state.
Index: test/unittests/factory-unittest.cc
diff --git a/test/unittests/factory-unittest.cc
b/test/unittests/factory-unittest.cc
new file mode 100644
index
0000000000000000000000000000000000000000..472f364651757e7e39d985ad472ee74043bbf740
--- /dev/null
+++ b/test/unittests/factory-unittest.cc
@@ -0,0 +1,21 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/factory.h"
+#include "src/handles-inl.h"
+#include "test/unittests/test-utils.h"
+
+namespace v8 {
+namespace internal {
+
+typedef TestWithIsolate FactoryTest;
+
+
+TEST_F(FactoryTest, NewNumberWithMinusZero) {
+ Handle<Object> minus_zero_value = factory()->minus_zero_value();
+
EXPECT_TRUE(minus_zero_value.is_identical_to(factory()->NewNumber(-0.0)));
+}
+
+} // namespace internal
+} // namespace v8
Index: test/unittests/unittests.gyp
diff --git a/test/unittests/unittests.gyp b/test/unittests/unittests.gyp
index
52413be1d3f69f636960f9e50a0eeca785b4fc7d..ee66eb7d5a46ee06d84cf7e2c937f9a357440f13
100644
--- a/test/unittests/unittests.gyp
+++ b/test/unittests/unittests.gyp
@@ -69,6 +69,7 @@
'compiler/simplified-operator-unittest.cc',
'compiler/value-numbering-reducer-unittest.cc',
'compiler/zone-pool-unittest.cc',
+ 'factory-unittest.cc',
'libplatform/default-platform-unittest.cc',
'libplatform/task-queue-unittest.cc',
'libplatform/worker-thread-unittest.cc',
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
