Revision: 8261
Author: [email protected]
Date: Fri Jun 10 04:39:56 2011
Log: Merge r8237 to V8 3.3 branch. Fix bug v8:1434, optimized compare
of undefined can fail.
Review URL: http://codereview.chromium.org/7003109
http://code.google.com/p/v8/source/detail?r=8261
Added:
/branches/3.3/test/mjsunit/regress/regress-1434.js
Modified:
/branches/3.3/src/arm/lithium-arm.h
/branches/3.3/src/arm/lithium-codegen-arm.cc
/branches/3.3/src/arm/lithium-codegen-arm.h
/branches/3.3/src/hydrogen-instructions.cc
/branches/3.3/src/hydrogen-instructions.h
/branches/3.3/src/hydrogen.cc
/branches/3.3/src/hydrogen.h
/branches/3.3/src/ia32/lithium-codegen-ia32.cc
/branches/3.3/src/ia32/lithium-codegen-ia32.h
/branches/3.3/src/ia32/lithium-ia32.h
/branches/3.3/src/version.cc
/branches/3.3/src/x64/lithium-codegen-x64.cc
/branches/3.3/src/x64/lithium-codegen-x64.h
/branches/3.3/src/x64/lithium-x64.h
=======================================
--- /dev/null
+++ /branches/3.3/test/mjsunit/regress/regress-1434.js Fri Jun 10 04:39:56
2011
@@ -0,0 +1,36 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+function compare(a, b) {
+ return a === b;
+}
+
+compare(1.5, 2.5);
+%OptimizeFunctionOnNextCall(compare);
+assertTrue(compare(undefined, undefined));
=======================================
--- /branches/3.3/src/arm/lithium-arm.h Wed May 18 02:12:58 2011
+++ /branches/3.3/src/arm/lithium-arm.h Fri Jun 10 04:39:56 2011
@@ -1682,6 +1682,7 @@
}
DECLARE_CONCRETE_INSTRUCTION(NumberUntagD, "double-untag")
+ DECLARE_HYDROGEN_ACCESSOR(Change)
};
=======================================
--- /branches/3.3/src/arm/lithium-codegen-arm.cc Mon May 30 07:32:41 2011
+++ /branches/3.3/src/arm/lithium-codegen-arm.cc Fri Jun 10 04:39:56 2011
@@ -3790,6 +3790,7 @@
void LCodeGen::EmitNumberUntagD(Register input_reg,
DoubleRegister result_reg,
+ bool deoptimize_on_undefined,
LEnvironment* env) {
Register scratch = scratch0();
SwVfpRegister flt_scratch = s0;
@@ -3805,20 +3806,25 @@
__ ldr(scratch, FieldMemOperand(input_reg, HeapObject::kMapOffset));
__ LoadRoot(ip, Heap::kHeapNumberMapRootIndex);
__ cmp(scratch, Operand(ip));
- __ b(eq, &heap_number);
-
- __ LoadRoot(ip, Heap::kUndefinedValueRootIndex);
- __ cmp(input_reg, Operand(ip));
- DeoptimizeIf(ne, env);
-
- // Convert undefined to NaN.
- __ LoadRoot(ip, Heap::kNanValueRootIndex);
- __ sub(ip, ip, Operand(kHeapObjectTag));
- __ vldr(result_reg, ip, HeapNumber::kValueOffset);
- __ jmp(&done);
-
+ if (deoptimize_on_undefined) {
+ DeoptimizeIf(ne, env);
+ } else {
+ Label heap_number;
+ __ b(eq, &heap_number);
+
+ __ LoadRoot(ip, Heap::kUndefinedValueRootIndex);
+ __ cmp(input_reg, Operand(ip));
+ DeoptimizeIf(ne, env);
+
+ // Convert undefined to NaN.
+ __ LoadRoot(ip, Heap::kNanValueRootIndex);
+ __ sub(ip, ip, Operand(kHeapObjectTag));
+ __ vldr(result_reg, ip, HeapNumber::kValueOffset);
+ __ jmp(&done);
+
+ __ bind(&heap_number);
+ }
// Heap number to double register conversion.
- __ bind(&heap_number);
__ sub(ip, input_reg, Operand(kHeapObjectTag));
__ vldr(result_reg, ip, HeapNumber::kValueOffset);
__ jmp(&done);
@@ -3952,7 +3958,9 @@
Register input_reg = ToRegister(input);
DoubleRegister result_reg = ToDoubleRegister(result);
- EmitNumberUntagD(input_reg, result_reg, instr->environment());
+ EmitNumberUntagD(input_reg, result_reg,
+ instr->hydrogen()->deoptimize_on_undefined(),
+ instr->environment());
}
=======================================
--- /branches/3.3/src/arm/lithium-codegen-arm.h Wed May 25 00:58:50 2011
+++ /branches/3.3/src/arm/lithium-codegen-arm.h Fri Jun 10 04:39:56 2011
@@ -266,6 +266,7 @@
void EmitCmpI(LOperand* left, LOperand* right);
void EmitNumberUntagD(Register input,
DoubleRegister result,
+ bool deoptimize_on_undefined,
LEnvironment* env);
// Emits optimized code for typeof x == "y". Modifies input register.
=======================================
--- /branches/3.3/src/hydrogen-instructions.cc Thu Jun 9 04:41:49 2011
+++ /branches/3.3/src/hydrogen-instructions.cc Fri Jun 10 04:39:56 2011
@@ -1231,6 +1231,10 @@
if (r.IsTagged()) {
SetAllSideEffects();
ClearFlag(kUseGVN);
+ } else if (r.IsDouble()) {
+ SetFlag(kDeoptimizeOnUndefined);
+ ClearAllSideEffects();
+ SetFlag(kUseGVN);
} else {
ClearAllSideEffects();
SetFlag(kUseGVN);
=======================================
--- /branches/3.3/src/hydrogen-instructions.h Thu Jun 9 04:41:49 2011
+++ /branches/3.3/src/hydrogen-instructions.h Fri Jun 10 04:39:56 2011
@@ -483,6 +483,7 @@
kCanOverflow,
kBailoutOnMinusZero,
kCanBeDivByZero,
+ kDeoptimizeOnUndefined,
kIsArguments,
kTruncatingToInt32,
kLastFlag = kTruncatingToInt32
@@ -1033,8 +1034,11 @@
HChange(HValue* value,
Representation from,
Representation to,
- bool is_truncating)
- : HUnaryOperation(value), from_(from) {
+ bool is_truncating,
+ bool deoptimize_on_undefined)
+ : HUnaryOperation(value),
+ from_(from),
+ deoptimize_on_undefined_(deoptimize_on_undefined) {
ASSERT(!from.IsNone() && !to.IsNone());
ASSERT(!from.Equals(to));
set_representation(to);
@@ -1050,6 +1054,7 @@
Representation from() const { return from_; }
Representation to() const { return representation(); }
+ bool deoptimize_on_undefined() const { return deoptimize_on_undefined_; }
virtual Representation RequiredInputRepresentation(int index) const {
return from_;
}
@@ -1065,11 +1070,13 @@
if (!other->IsChange()) return false;
HChange* change = HChange::cast(other);
return value() == change->value()
- && to().Equals(change->to());
+ && to().Equals(change->to())
+ && deoptimize_on_undefined() == change->deoptimize_on_undefined();
}
private:
Representation from_;
+ bool deoptimize_on_undefined_;
};
=======================================
--- /branches/3.3/src/hydrogen.cc Thu Jun 9 04:41:49 2011
+++ /branches/3.3/src/hydrogen.cc Fri Jun 10 04:39:56 2011
@@ -1841,6 +1841,8 @@
// change instructions for them.
HInstruction* new_value = NULL;
bool is_truncating = use_value->CheckFlag(HValue::kTruncatingToInt32);
+ bool deoptimize_on_undefined =
+ use_value->CheckFlag(HValue::kDeoptimizeOnUndefined);
if (value->IsConstant()) {
HConstant* constant = HConstant::cast(value);
// Try to create a new copy of the constant with the new
representation.
@@ -1850,8 +1852,8 @@
}
if (new_value == NULL) {
- new_value =
- new(zone()) HChange(value, value->representation(), to,
is_truncating);
+ new_value = new(zone()) HChange(value, value->representation(), to,
+ is_truncating,
deoptimize_on_undefined);
}
new_value->InsertBefore(next);
@@ -1931,6 +1933,40 @@
}
}
}
+
+
+void HGraph::RecursivelyMarkPhiDeoptimizeOnUndefined(HPhi* phi) {
+ if (phi->CheckFlag(HValue::kDeoptimizeOnUndefined)) return;
+ phi->SetFlag(HValue::kDeoptimizeOnUndefined);
+ for (int i = 0; i < phi->OperandCount(); ++i) {
+ HValue* input = phi->OperandAt(i);
+ if (input->IsPhi()) {
+ RecursivelyMarkPhiDeoptimizeOnUndefined(HPhi::cast(input));
+ }
+ }
+}
+
+
+void HGraph::MarkDeoptimizeOnUndefined() {
+ HPhase phase("MarkDeoptimizeOnUndefined", this);
+ // Compute DeoptimizeOnUndefined flag for phis.
+ // Any phi that can reach a use with DeoptimizeOnUndefined set must
+ // have DeoptimizeOnUndefined set. Currently only HCompare, with
+ // double input representation, has this flag set.
+ // The flag is used by HChange tagged->double, which must deoptimize
+ // if one of its uses has this flag set.
+ for (int i = 0; i < phi_list()->length(); i++) {
+ HPhi* phi = phi_list()->at(i);
+ if (phi->representation().IsDouble()) {
+ for (HUseIterator it(phi->uses()); !it.Done(); it.Advance()) {
+ if (it.value()->CheckFlag(HValue::kDeoptimizeOnUndefined)) {
+ RecursivelyMarkPhiDeoptimizeOnUndefined(phi);
+ break;
+ }
+ }
+ }
+ }
+}
void HGraph::ComputeMinusZeroChecks() {
@@ -2239,6 +2275,7 @@
graph()->InitializeInferredTypes();
graph()->Canonicalize();
+ graph()->MarkDeoptimizeOnUndefined();
graph()->InsertRepresentationChanges();
graph()->ComputeMinusZeroChecks();
=======================================
--- /branches/3.3/src/hydrogen.h Thu Jun 9 04:41:49 2011
+++ /branches/3.3/src/hydrogen.h Fri Jun 10 04:39:56 2011
@@ -216,6 +216,7 @@
void InitializeInferredTypes();
void InsertTypeConversions();
void InsertRepresentationChanges();
+ void MarkDeoptimizeOnUndefined();
void ComputeMinusZeroChecks();
bool ProcessArgumentsObject();
void EliminateRedundantPhis();
@@ -279,6 +280,7 @@
void InsertTypeConversions(HInstruction* instr);
void PropagateMinusZeroChecks(HValue* value, BitVector* visited);
+ void RecursivelyMarkPhiDeoptimizeOnUndefined(HPhi* phi);
void InsertRepresentationChangeForUse(HValue* value,
HValue* use_value,
int use_index,
=======================================
--- /branches/3.3/src/ia32/lithium-codegen-ia32.cc Mon May 30 07:32:41 2011
+++ /branches/3.3/src/ia32/lithium-codegen-ia32.cc Fri Jun 10 04:39:56 2011
@@ -3628,8 +3628,9 @@
void LCodeGen::EmitNumberUntagD(Register input_reg,
XMMRegister result_reg,
+ bool deoptimize_on_undefined,
LEnvironment* env) {
- Label load_smi, heap_number, done;
+ Label load_smi, done;
// Smi check.
__ test(input_reg, Immediate(kSmiTagMask));
@@ -3638,18 +3639,23 @@
// Heap number map check.
__ cmp(FieldOperand(input_reg, HeapObject::kMapOffset),
factory()->heap_number_map());
- __ j(equal, &heap_number, Label::kNear);
-
- __ cmp(input_reg, factory()->undefined_value());
- DeoptimizeIf(not_equal, env);
-
- // Convert undefined to NaN.
- ExternalReference nan = ExternalReference::address_of_nan();
- __ movdbl(result_reg, Operand::StaticVariable(nan));
- __ jmp(&done, Label::kNear);
-
+ if (deoptimize_on_undefined) {
+ DeoptimizeIf(not_equal, env);
+ } else {
+ Label heap_number;
+ __ j(equal, &heap_number, Label::kNear);
+
+ __ cmp(input_reg, factory()->undefined_value());
+ DeoptimizeIf(not_equal, env);
+
+ // Convert undefined to NaN.
+ ExternalReference nan = ExternalReference::address_of_nan();
+ __ movdbl(result_reg, Operand::StaticVariable(nan));
+ __ jmp(&done, Label::kNear);
+
+ __ bind(&heap_number);
+ }
// Heap number to XMM conversion.
- __ bind(&heap_number);
__ movdbl(result_reg, FieldOperand(input_reg, HeapNumber::kValueOffset));
__ jmp(&done, Label::kNear);
@@ -3781,7 +3787,9 @@
Register input_reg = ToRegister(input);
XMMRegister result_reg = ToDoubleRegister(result);
- EmitNumberUntagD(input_reg, result_reg, instr->environment());
+ EmitNumberUntagD(input_reg, result_reg,
+ instr->hydrogen()->deoptimize_on_undefined(),
+ instr->environment());
}
=======================================
--- /branches/3.3/src/ia32/lithium-codegen-ia32.h Wed May 25 00:58:50 2011
+++ /branches/3.3/src/ia32/lithium-codegen-ia32.h Fri Jun 10 04:39:56 2011
@@ -261,7 +261,10 @@
void EmitGoto(int block, LDeferredCode* deferred_stack_check = NULL);
void EmitBranch(int left_block, int right_block, Condition cc);
void EmitCmpI(LOperand* left, LOperand* right);
- void EmitNumberUntagD(Register input, XMMRegister result, LEnvironment*
env);
+ void EmitNumberUntagD(Register input,
+ XMMRegister result,
+ bool deoptimize_on_undefined,
+ LEnvironment* env);
// Emits optimized code for typeof x == "y". Modifies input register.
// Returns the condition on which a final split to
=======================================
--- /branches/3.3/src/ia32/lithium-ia32.h Sun May 22 23:06:11 2011
+++ /branches/3.3/src/ia32/lithium-ia32.h Fri Jun 10 04:39:56 2011
@@ -1729,6 +1729,7 @@
}
DECLARE_CONCRETE_INSTRUCTION(NumberUntagD, "double-untag")
+ DECLARE_HYDROGEN_ACCESSOR(Change);
};
=======================================
--- /branches/3.3/src/version.cc Thu Jun 9 04:41:49 2011
+++ /branches/3.3/src/version.cc Fri Jun 10 04:39:56 2011
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 3
#define BUILD_NUMBER 10
-#define PATCH_LEVEL 9
+#define PATCH_LEVEL 10
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
=======================================
--- /branches/3.3/src/x64/lithium-codegen-x64.cc Mon May 30 07:32:41 2011
+++ /branches/3.3/src/x64/lithium-codegen-x64.cc Fri Jun 10 04:39:56 2011
@@ -3569,8 +3569,9 @@
void LCodeGen::EmitNumberUntagD(Register input_reg,
XMMRegister result_reg,
+ bool deoptimize_on_undefined,
LEnvironment* env) {
- Label load_smi, heap_number, done;
+ Label load_smi, done;
// Smi check.
__ JumpIfSmi(input_reg, &load_smi, Label::kNear);
@@ -3578,18 +3579,23 @@
// Heap number map check.
__ CompareRoot(FieldOperand(input_reg, HeapObject::kMapOffset),
Heap::kHeapNumberMapRootIndex);
- __ j(equal, &heap_number, Label::kNear);
-
- __ CompareRoot(input_reg, Heap::kUndefinedValueRootIndex);
- DeoptimizeIf(not_equal, env);
-
- // Convert undefined to NaN. Compute NaN as 0/0.
- __ xorps(result_reg, result_reg);
- __ divsd(result_reg, result_reg);
- __ jmp(&done, Label::kNear);
-
+ if (deoptimize_on_undefined) {
+ DeoptimizeIf(not_equal, env);
+ } else {
+ Label heap_number;
+ __ j(equal, &heap_number, Label::kNear);
+
+ __ CompareRoot(input_reg, Heap::kUndefinedValueRootIndex);
+ DeoptimizeIf(not_equal, env);
+
+ // Convert undefined to NaN. Compute NaN as 0/0.
+ __ xorps(result_reg, result_reg);
+ __ divsd(result_reg, result_reg);
+ __ jmp(&done, Label::kNear);
+
+ __ bind(&heap_number);
+ }
// Heap number to XMM conversion.
- __ bind(&heap_number);
__ movsd(result_reg, FieldOperand(input_reg, HeapNumber::kValueOffset));
__ jmp(&done, Label::kNear);
@@ -3680,7 +3686,9 @@
Register input_reg = ToRegister(input);
XMMRegister result_reg = ToDoubleRegister(result);
- EmitNumberUntagD(input_reg, result_reg, instr->environment());
+ EmitNumberUntagD(input_reg, result_reg,
+ instr->hydrogen()->deoptimize_on_undefined(),
+ instr->environment());
}
=======================================
--- /branches/3.3/src/x64/lithium-codegen-x64.h Wed May 25 00:58:50 2011
+++ /branches/3.3/src/x64/lithium-codegen-x64.h Fri Jun 10 04:39:56 2011
@@ -249,7 +249,10 @@
void EmitGoto(int block, LDeferredCode* deferred_stack_check = NULL);
void EmitBranch(int left_block, int right_block, Condition cc);
void EmitCmpI(LOperand* left, LOperand* right);
- void EmitNumberUntagD(Register input, XMMRegister result, LEnvironment*
env);
+ void EmitNumberUntagD(Register input,
+ XMMRegister result,
+ bool deoptimize_on_undefined,
+ LEnvironment* env);
// Emits optimized code for typeof x == "y". Modifies input register.
// Returns the condition on which a final split to
=======================================
--- /branches/3.3/src/x64/lithium-x64.h Wed May 18 02:12:58 2011
+++ /branches/3.3/src/x64/lithium-x64.h Fri Jun 10 04:39:56 2011
@@ -1672,6 +1672,7 @@
}
DECLARE_CONCRETE_INSTRUCTION(NumberUntagD, "double-untag")
+ DECLARE_HYDROGEN_ACCESSOR(Change);
};
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
