[v8-dev] Merged r12473 into 3.12 branch. (issue 10911278)

Thu, 13 Sep 2012 04:11:56 -0700 

Reviewers: Jakob,

Description:
Merged r12473 into 3.12 branch.

Fix deoptimizer for shared optimized code.

[email protected]
BUG=chromium:147475
TEST=mjsunit/regress/regress-crbug-147475


Please review this at https://codereview.chromium.org/10911278/

SVN Base: https://v8.googlecode.com/svn/branches/3.12

Affected files:
  M src/runtime.cc
  M src/version.cc
  A + test/mjsunit/regress/regress-crbug-147475.js


Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index 2aaa249752df8b733e283df603a731497cbb807d..7fbed92d1932342b21c796c728aaaf8aeedce7d4 100644 
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -8385,11 +8385,13 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_NotifyDeoptimized) { 
     return isolate->heap()->undefined_value();
   }

-  // Find other optimized activations of the function.
+  // Find other optimized activations of the function or functions that
+  // share the same optimized code.
   bool has_other_activations = false;
   while (!it.done()) {
     JavaScriptFrame* frame = it.frame();
-    if (frame->is_optimized() && frame->function() == *function) {
+    JSFunction* other_function = JSFunction::cast(frame->function());
+ if (frame->is_optimized() && other_function->code() == function->code()) { 
       has_other_activations = true;
       break;
     }
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index 67eb19d8e045833ae94d49741165d80b130e60df..304d62c12990464c5ae69dd30caa06975333c082 100644 
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     12
 #define BUILD_NUMBER      19
-#define PATCH_LEVEL       8
+#define PATCH_LEVEL       9
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: test/mjsunit/regress/regress-crbug-147475.js
diff --git a/test/mjsunit/regress/regress-crbug-138887.js b/test/mjsunit/regress/regress-crbug-147475.js 
similarity index 90%
copy from test/mjsunit/regress/regress-crbug-138887.js
copy to test/mjsunit/regress/regress-crbug-147475.js
index 8d8e1694b620aa36941f4b2e17a90f69f6a17cfa..180744c730f5c53b68df7fb4746809d54c42b35e 100644 
--- a/test/mjsunit/regress/regress-crbug-138887.js
+++ b/test/mjsunit/regress/regress-crbug-147475.js
@@ -40,9 +40,9 @@ function factory(worker) {

 var f1 = factory(worker1);
 var f2 = factory(f1);
-assertEquals(11, f2(1));  // Result: 1 + f1(0) == 1 + 10.
 assertEquals(11, f2(1));
 %OptimizeFunctionOnNextCall(f1);
-assertEquals(10, f1(0));  // Terminates immediately -> returns 10.
+assertEquals(10, f1(0));
 %OptimizeFunctionOnNextCall(f2);
-assertEquals(102, f2(1000));  // 1 + f1(999) == 1 + 1 + worker1(998) == 102
+assertEquals(102, f2(2));
+assertEquals(102, f2(2));


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to