Revision: 10301
Author: [email protected]
Date: Fri Dec 23 02:39:01 2011
Log: Avoid embedding new space objects into code objects in the
lithium gap resolver.
[email protected]
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js
Review URL: http://codereview.chromium.org/8960004
http://code.google.com/p/v8/source/detail?r=10301
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-108296.js
Modified:
/branches/bleeding_edge/src/arm/lithium-codegen-arm.cc
/branches/bleeding_edge/src/arm/lithium-codegen-arm.h
/branches/bleeding_edge/src/arm/lithium-gap-resolver-arm.cc
/branches/bleeding_edge/src/arm/macro-assembler-arm.h
/branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc
/branches/bleeding_edge/src/ia32/lithium-codegen-ia32.h
/branches/bleeding_edge/src/ia32/lithium-gap-resolver-ia32.cc
/branches/bleeding_edge/src/ia32/macro-assembler-ia32.h
/branches/bleeding_edge/src/x64/lithium-gap-resolver-x64.cc
/branches/bleeding_edge/src/x64/macro-assembler-x64.h
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-108296.js Fri Dec
23 02:39:01 2011
@@ -0,0 +1,52 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+// This test checks that young immediates embedded into code objects
+// are referenced through a cell.
+
+function f (k, a, b) {
+ // Create control flow for a.foo. Control flow resolution will
+ // be generated as a part of a gap move. Gap move operate on immediates
as
+ // a.foo is a CONSTANT_FUNCTION.
+ var x = k ? a.foo : a.foo;
+ return x.prototype;
+}
+
+var a = { };
+
+// Make sure that foo is a CONSTANT_FUNCTION but not be pretenured.
+a.foo = (function () { return function () {}; })();
+
+// Ensure that both branches of ternary operator have monomorphic type
feedback.
+f(true, a, a);
+f(true, a, a);
+f(false, a, a);
+f(false, a, a);
+%OptimizeFunctionOnNextCall(f);
+f(true, a, a);
=======================================
--- /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Thu Dec 22
08:23:47 2011
+++ /branches/bleeding_edge/src/arm/lithium-codegen-arm.cc Fri Dec 23
02:39:01 2011
@@ -383,6 +383,18 @@
UNREACHABLE();
return dbl_scratch;
}
+
+
+Handle<Object> LCodeGen::ToHandle(LConstantOperand* op) const {
+ Handle<Object> literal = chunk_->LookupLiteral(op);
+ ASSERT(chunk_->LookupLiteralRepresentation(op).IsTagged());
+ return literal;
+}
+
+
+bool LCodeGen::IsInteger32(LConstantOperand* op) const {
+ return chunk_->LookupLiteralRepresentation(op).IsInteger32();
+}
int LCodeGen::ToInteger32(LConstantOperand* op) const {
=======================================
--- /branches/bleeding_edge/src/arm/lithium-codegen-arm.h Fri Nov 25
05:15:31 2011
+++ /branches/bleeding_edge/src/arm/lithium-codegen-arm.h Fri Dec 23
02:39:01 2011
@@ -93,6 +93,9 @@
// Returns a MemOperand pointing to the high word of a DoubleStackSlot.
MemOperand ToHighMemOperand(LOperand* op) const;
+ bool IsInteger32(LConstantOperand* op) const;
+ Handle<Object> ToHandle(LConstantOperand* op) const;
+
// Try to generate code for the entire chunk, but it may fail if the
// chunk contains constructs we cannot handle. Returns true if the
// code generation attempt succeeded.
=======================================
--- /branches/bleeding_edge/src/arm/lithium-gap-resolver-arm.cc Tue Aug 23
05:00:09 2011
+++ /branches/bleeding_edge/src/arm/lithium-gap-resolver-arm.cc Fri Dec 23
02:39:01 2011
@@ -248,13 +248,24 @@
}
} else if (source->IsConstantOperand()) {
- Operand source_operand = cgen_->ToOperand(source);
+ LConstantOperand* constant_source = LConstantOperand::cast(source);
if (destination->IsRegister()) {
- __ mov(cgen_->ToRegister(destination), source_operand);
+ Register dst = cgen_->ToRegister(destination);
+ if (cgen_->IsInteger32(constant_source)) {
+ __ mov(dst, Operand(cgen_->ToInteger32(constant_source)));
+ } else {
+ __ LoadObject(dst, cgen_->ToHandle(constant_source));
+ }
} else {
ASSERT(destination->IsStackSlot());
ASSERT(!in_cycle_); // Constant moves happen after all cycles are
gone.
- __ mov(kSavedValueRegister, source_operand);
+ if (cgen_->IsInteger32(constant_source)) {
+ __ mov(kSavedValueRegister,
+ Operand(cgen_->ToInteger32(constant_source)));
+ } else {
+ __ LoadObject(kSavedValueRegister,
+ cgen_->ToHandle(constant_source));
+ }
__ str(kSavedValueRegister, cgen_->ToMemOperand(destination));
}
=======================================
--- /branches/bleeding_edge/src/arm/macro-assembler-arm.h Tue Dec 6
04:11:08 2011
+++ /branches/bleeding_edge/src/arm/macro-assembler-arm.h Fri Dec 23
02:39:01 2011
@@ -168,6 +168,14 @@
void LoadHeapObject(Register dst, Handle<HeapObject> object);
+ void LoadObject(Register result, Handle<Object> object) {
+ if (object->IsHeapObject()) {
+ LoadHeapObject(result, Handle<HeapObject>::cast(object));
+ } else {
+ Move(result, object);
+ }
+ }
+
//
---------------------------------------------------------------------------
// GC Support
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Thu Dec 22
08:23:47 2011
+++ /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.cc Fri Dec 23
02:39:01 2011
@@ -354,18 +354,8 @@
}
-Immediate LCodeGen::ToImmediate(LOperand* op) {
- LConstantOperand* const_op = LConstantOperand::cast(op);
- Handle<Object> literal = chunk_->LookupLiteral(const_op);
- Representation r = chunk_->LookupLiteralRepresentation(const_op);
- if (r.IsInteger32()) {
- ASSERT(literal->IsNumber());
- return Immediate(static_cast<int32_t>(literal->Number()));
- } else if (r.IsDouble()) {
- Abort("unsupported double immediate");
- }
- ASSERT(r.IsTagged());
- return Immediate(literal);
+bool LCodeGen::IsInteger32(LConstantOperand* op) const {
+ return chunk_->LookupLiteralRepresentation(op).IsInteger32();
}
@@ -1167,7 +1157,7 @@
ASSERT(left->Equals(instr->result()));
if (right->IsConstantOperand()) {
- __ sub(ToOperand(left), ToImmediate(right));
+ __ sub(ToOperand(left), ToInteger32Immediate(right));
} else {
__ sub(ToRegister(left), ToOperand(right));
}
@@ -1306,7 +1296,7 @@
ASSERT(left->Equals(instr->result()));
if (right->IsConstantOperand()) {
- __ add(ToOperand(left), ToImmediate(right));
+ __ add(ToOperand(left), ToInteger32Immediate(right));
} else {
__ add(ToRegister(left), ToOperand(right));
}
@@ -1578,9 +1568,9 @@
__ j(parity_even, chunk_->GetAssemblyLabel(false_block));
} else {
if (right->IsConstantOperand()) {
- __ cmp(ToRegister(left), ToImmediate(right));
+ __ cmp(ToRegister(left), ToInteger32Immediate(right));
} else if (left->IsConstantOperand()) {
- __ cmp(ToOperand(right), ToImmediate(left));
+ __ cmp(ToOperand(right), ToInteger32Immediate(left));
// We transposed the operands. Reverse the condition.
cc = ReverseCondition(cc);
} else {
@@ -3261,7 +3251,7 @@
void LCodeGen::DoBoundsCheck(LBoundsCheck* instr) {
if (instr->index()->IsConstantOperand()) {
__ cmp(ToOperand(instr->length()),
- ToImmediate(LConstantOperand::cast(instr->index())));
+ Immediate(ToInteger32(LConstantOperand::cast(instr->index()))));
DeoptimizeIf(below_equal, instr->environment());
} else {
__ cmp(ToRegister(instr->index()), ToOperand(instr->length()));
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.h Tue Dec 6
04:11:08 2011
+++ /branches/bleeding_edge/src/ia32/lithium-codegen-ia32.h Fri Dec 23
02:39:01 2011
@@ -78,7 +78,13 @@
Operand ToOperand(LOperand* op) const;
Register ToRegister(LOperand* op) const;
XMMRegister ToDoubleRegister(LOperand* op) const;
- Immediate ToImmediate(LOperand* op);
+
+ bool IsInteger32(LConstantOperand* op) const;
+ Immediate ToInteger32Immediate(LOperand* op) const {
+ return Immediate(ToInteger32(LConstantOperand::cast(op)));
+ }
+
+ Handle<Object> ToHandle(LConstantOperand* op) const;
// The operand denoting the second word (the one with a higher address)
of
// a double stack slot.
@@ -225,7 +231,7 @@
Register ToRegister(int index) const;
XMMRegister ToDoubleRegister(int index) const;
int ToInteger32(LConstantOperand* op) const;
- Handle<Object> ToHandle(LConstantOperand* op) const;
+
double ToDouble(LConstantOperand* op) const;
Operand BuildFastArrayOperand(LOperand* elements_pointer,
LOperand* key,
=======================================
--- /branches/bleeding_edge/src/ia32/lithium-gap-resolver-ia32.cc Fri Jul
8 02:08:12 2011
+++ /branches/bleeding_edge/src/ia32/lithium-gap-resolver-ia32.cc Fri Dec
23 02:39:01 2011
@@ -303,14 +303,24 @@
}
} else if (source->IsConstantOperand()) {
- ASSERT(destination->IsRegister() || destination->IsStackSlot());
- Immediate src = cgen_->ToImmediate(source);
+ LConstantOperand* constant_source = LConstantOperand::cast(source);
if (destination->IsRegister()) {
Register dst = cgen_->ToRegister(destination);
- __ Set(dst, src);
+ if (cgen_->IsInteger32(constant_source)) {
+ __ Set(dst, cgen_->ToInteger32Immediate(constant_source));
+ } else {
+ __ LoadObject(dst, cgen_->ToHandle(constant_source));
+ }
} else {
+ ASSERT(destination->IsStackSlot());
Operand dst = cgen_->ToOperand(destination);
- __ Set(dst, src);
+ if (cgen_->IsInteger32(constant_source)) {
+ __ Set(dst, cgen_->ToInteger32Immediate(constant_source));
+ } else {
+ Register tmp = EnsureTempRegister();
+ __ LoadObject(tmp, cgen_->ToHandle(constant_source));
+ __ mov(dst, tmp);
+ }
}
} else if (source->IsDoubleRegister()) {
=======================================
--- /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Wed Dec 14
04:46:32 2011
+++ /branches/bleeding_edge/src/ia32/macro-assembler-ia32.h Fri Dec 23
02:39:01 2011
@@ -240,6 +240,14 @@
void LoadHeapObject(Register result, Handle<HeapObject> object);
void PushHeapObject(Handle<HeapObject> object);
+ void LoadObject(Register result, Handle<Object> object) {
+ if (object->IsHeapObject()) {
+ LoadHeapObject(result, Handle<HeapObject>::cast(object));
+ } else {
+ Set(result, Immediate(object));
+ }
+ }
+
//
---------------------------------------------------------------------------
// JavaScript invokes
=======================================
--- /branches/bleeding_edge/src/x64/lithium-gap-resolver-x64.cc Fri Apr 15
06:06:41 2011
+++ /branches/bleeding_edge/src/x64/lithium-gap-resolver-x64.cc Fri Dec 23
02:39:01 2011
@@ -198,7 +198,7 @@
if (cgen_->IsInteger32Constant(constant_source)) {
__ movl(dst, Immediate(cgen_->ToInteger32(constant_source)));
} else {
- __ Move(dst, cgen_->ToHandle(constant_source));
+ __ LoadObject(dst, cgen_->ToHandle(constant_source));
}
} else {
ASSERT(destination->IsStackSlot());
@@ -207,7 +207,8 @@
// Allow top 32 bits of an untagged Integer32 to be arbitrary.
__ movl(dst, Immediate(cgen_->ToInteger32(constant_source)));
} else {
- __ Move(dst, cgen_->ToHandle(constant_source));
+ __ LoadObject(kScratchRegister, cgen_->ToHandle(constant_source));
+ __ movq(dst, kScratchRegister);
}
}
=======================================
--- /branches/bleeding_edge/src/x64/macro-assembler-x64.h Tue Dec 6
04:11:08 2011
+++ /branches/bleeding_edge/src/x64/macro-assembler-x64.h Fri Dec 23
02:39:01 2011
@@ -789,6 +789,14 @@
void LoadHeapObject(Register result, Handle<HeapObject> object);
void PushHeapObject(Handle<HeapObject> object);
+ void LoadObject(Register result, Handle<Object> object) {
+ if (object->IsHeapObject()) {
+ LoadHeapObject(result, Handle<HeapObject>::cast(object));
+ } else {
+ Move(result, object);
+ }
+ }
+
// Load a global cell into a register.
void LoadGlobalCell(Register dst, Handle<JSGlobalPropertyCell> cell);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
