Revision: 8072
Author: [email protected]
Date: Thu May 26 03:56:07 2011
Log: Do not allow inlining functions with direct arguments access.
Our implementations of arguments without materializing the arguments
object (based on inspecting the stack frame) does not work for inlined
functions. Guard all attempts by disallowing them if possible or else
bailing out of the optimizing compiler.
[email protected]
BUG=
TEST=
Review URL: http://codereview.chromium.org/6976022
http://code.google.com/p/v8/source/detail?r=8072
Modified:
/branches/bleeding_edge/src/ast.cc
/branches/bleeding_edge/src/hydrogen.cc
=======================================
--- /branches/bleeding_edge/src/ast.cc Tue May 24 07:01:36 2011
+++ /branches/bleeding_edge/src/ast.cc Thu May 26 03:56:07 2011
@@ -544,6 +544,17 @@
bool CallRuntime::IsInlineable() const {
+ // Don't try to inline JS runtime calls because we don't (currently) even
+ // optimize them.
+ if (is_jsruntime()) return false;
+ // Don't inline the %_ArgumentsLength or %_Arguments because their
+ // implementation will not work. There is no stack frame to get them
+ // from.
+ if (function()->intrinsic_type == Runtime::INLINE &&
+ (name()->IsEqualTo(CStrVector("_ArgumentsLength")) ||
+ name()->IsEqualTo(CStrVector("_Arguments")))) {
+ return false;
+ }
const int count = arguments()->length();
for (int i = 0; i < count; ++i) {
if (!arguments()->at(i)->IsInlineable()) return false;
=======================================
--- /branches/bleeding_edge/src/hydrogen.cc Tue May 24 07:01:36 2011
+++ /branches/bleeding_edge/src/hydrogen.cc Thu May 26 03:56:07 2011
@@ -3847,6 +3847,13 @@
if
(!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
return false;
}
+
+ // Our implementation of arguments (based on this stack frame or an
+ // adapter below it) does not work for inlined functions.
+ if (function_state()->outer() != NULL) {
+ Bailout("arguments access in inlined function");
+ return true;
+ }
HInstruction* result = NULL;
if (expr->key()->IsPropertyName()) {
@@ -4395,6 +4402,13 @@
if (!expr->IsMonomorphic() ||
expr->check_type() != RECEIVER_MAP_CHECK) return false;
+
+ // Our implementation of arguments (based on this stack frame or an
+ // adapter below it) does not work for inlined functions.
+ if (function_state()->outer() != NULL) {
+ Bailout("Function.prototype.apply optimization in inlined function");
+ return true;
+ }
// Found pattern f.apply(receiver, arguments).
VisitForValue(prop->obj());
@@ -5422,6 +5436,10 @@
// Support for arguments.length and arguments[?].
void HGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
+ // Our implementation of arguments (based on this stack frame or an
+ // adapter below it) does not work for inlined functions. This runtime
+ // function is blacklisted by AstNode::IsInlineable.
+ ASSERT(function_state()->outer() == NULL);
ASSERT(call->arguments()->length() == 0);
HInstruction* elements = AddInstruction(new(zone()) HArgumentsElements);
HArgumentsLength* result = new(zone()) HArgumentsLength(elements);
@@ -5430,6 +5448,10 @@
void HGraphBuilder::GenerateArguments(CallRuntime* call) {
+ // Our implementation of arguments (based on this stack frame or an
+ // adapter below it) does not work for inlined functions. This runtime
+ // function is blacklisted by AstNode::IsInlineable.
+ ASSERT(function_state()->outer() == NULL);
ASSERT(call->arguments()->length() == 1);
CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
HValue* index = Pop();
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
