[v8-dev] Fix deoptimizer for shared optimized code. (issue 10917162)

Mon, 10 Sep 2012 03:47:36 -0700 

Reviewers: Jakob,

Description:
Fix deoptimizer for shared optimized code.

The deoptimizer searched the stack for activations of the same function to
determine whether to trigger lazy deopting. Since we share optimized code we
actually need for activations of the same code (but different functions).

[email protected]
BUG=chromium:147475
TEST=mjsunit/regress/regress-crbug-147475


Please review this at https://chromiumcodereview.appspot.com/10917162/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/runtime.cc
  A + test/mjsunit/regress/regress-crbug-147475.js


Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index 48022b049c0790f18292984843e39aaa3872e9db..47eb9479a093031d15727f78a5b49f5b67290401 100644 
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -8046,11 +8046,13 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_NotifyDeoptimized) { 
     return isolate->heap()->undefined_value();
   }

-  // Find other optimized activations of the function.
+  // Find other optimized activations of the function or functions that
+  // share the same optimized code.
   bool has_other_activations = false;
   while (!it.done()) {
     JavaScriptFrame* frame = it.frame();
-    if (frame->is_optimized() && frame->function() == *function) {
+    JSFunction* other_function = JSFunction::cast(frame->function());
+ if (frame->is_optimized() && other_function->code() == function->code()) { 
       has_other_activations = true;
       break;
     }
Index: test/mjsunit/regress/regress-crbug-147475.js
diff --git a/test/mjsunit/regress/regress-crbug-138887.js b/test/mjsunit/regress/regress-crbug-147475.js 
similarity index 90%
copy from test/mjsunit/regress/regress-crbug-138887.js
copy to test/mjsunit/regress/regress-crbug-147475.js
index 8d8e1694b620aa36941f4b2e17a90f69f6a17cfa..180744c730f5c53b68df7fb4746809d54c42b35e 100644 
--- a/test/mjsunit/regress/regress-crbug-138887.js
+++ b/test/mjsunit/regress/regress-crbug-147475.js
@@ -40,9 +40,9 @@ function factory(worker) {

 var f1 = factory(worker1);
 var f2 = factory(f1);
-assertEquals(11, f2(1));  // Result: 1 + f1(0) == 1 + 10.
 assertEquals(11, f2(1));
 %OptimizeFunctionOnNextCall(f1);
-assertEquals(10, f1(0));  // Terminates immediately -> returns 10.
+assertEquals(10, f1(0));
 %OptimizeFunctionOnNextCall(f2);
-assertEquals(102, f2(1000));  // 1 + f1(999) == 1 + 1 + worker1(998) == 102
+assertEquals(102, f2(2));
+assertEquals(102, f2(2));


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to