[v8-dev] Merged r15808, r15811 into 3.19 branch. (issue 20288002)

[ulan]

Reviewers: Toon Verwaest,

Description:
Merged r15808, r15811 into 3.19 branch.
ARM: Ensure space for lazy deoptimization before calling IC.

MIPS: Ensure space for lazy deoptimization before calling IC.

BUG=247688
R=verwa...@chromium.org

Please review this at https://chromiumcodereview.appspot.com/20288002/

SVN Base: https://v8.googlecode.com/svn/branches/3.19

Affected files:
  M src/arm/lithium-codegen-arm.cc
  M src/mips/lithium-codegen-mips.cc
  M src/version.cc
  A + test/mjsunit/regress/regress-247688.js


Index: src/arm/lithium-codegen-arm.cc
diff --git a/src/arm/lithium-codegen-arm.cc b/src/arm/lithium-codegen-arm.cc
index  
b7c733cb259a0c589cb94a19a608570c99fdd598..b8900ddd48500cf6b090b9c17e2b766ce64731d3  
100644
--- a/src/arm/lithium-codegen-arm.cc
+++ b/src/arm/lithium-codegen-arm.cc
@@ -279,6 +279,7 @@ bool LCodeGen::GenerateBody() {
     instr->CompileToNative(this);
   }
   EnsureSpaceForLazyDeopt();
+  last_lazy_deopt_pc_ = masm()->pc_offset();
   return !is_aborted();
 }

@@ -727,6 +728,7 @@ void LCodeGen::CallCodeGeneric(Handle<Code> code,
                                LInstruction* instr,
                                SafepointMode safepoint_mode,
                                TargetAddressStorageMode storage_mode) {
+  EnsureSpaceForLazyDeopt();
   ASSERT(instr != NULL);
   // Block literal pool emission to ensure nop indicating no inlined smi  
code
   // is in the correct position.
@@ -5661,12 +5663,12 @@ void LCodeGen::EnsureSpaceForLazyDeopt() {
       padding_size -= Assembler::kInstrSize;
     }
   }
-  last_lazy_deopt_pc_ = masm()->pc_offset();
 }


 void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
   EnsureSpaceForLazyDeopt();
+  last_lazy_deopt_pc_ = masm()->pc_offset();
   ASSERT(instr->HasEnvironment());
   LEnvironment* env = instr->environment();
   RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -5751,6 +5753,7 @@ void LCodeGen::DoStackCheck(LStackCheck* instr) {
     PredictableCodeSizeScope predictable(masm_, 2 * Assembler::kInstrSize);
     CallCode(stub.GetCode(isolate()), RelocInfo::CODE_TARGET, instr);
     EnsureSpaceForLazyDeopt();
+    last_lazy_deopt_pc_ = masm()->pc_offset();
     __ bind(&done);
     RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
     safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
@@ -5763,6 +5766,7 @@ void LCodeGen::DoStackCheck(LStackCheck* instr) {
     __ cmp(sp, Operand(ip));
     __ b(lo, deferred_stack_check->entry());
     EnsureSpaceForLazyDeopt();
+    last_lazy_deopt_pc_ = masm()->pc_offset();
     __ bind(instr->done_label());
     deferred_stack_check->SetExit(instr->done_label());
     RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
Index: src/mips/lithium-codegen-mips.cc
diff --git a/src/mips/lithium-codegen-mips.cc  
b/src/mips/lithium-codegen-mips.cc
index  
86eca5769899ca91aa79c77f21484d854e637079..a6c88ad4e208afd1b1ed709de168c17abdb901ed  
100644
--- a/src/mips/lithium-codegen-mips.cc
+++ b/src/mips/lithium-codegen-mips.cc
@@ -271,6 +271,7 @@ bool LCodeGen::GenerateBody() {
     instr->CompileToNative(this);
   }
   EnsureSpaceForLazyDeopt();
+  last_lazy_deopt_pc_ = masm()->pc_offset();
   return !is_aborted();
 }

@@ -5636,12 +5637,12 @@ void LCodeGen::EnsureSpaceForLazyDeopt() {
       padding_size -= Assembler::kInstrSize;
     }
   }
-  last_lazy_deopt_pc_ = masm()->pc_offset();
 }


 void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
   EnsureSpaceForLazyDeopt();
+  last_lazy_deopt_pc_ = masm()->pc_offset();
   ASSERT(instr->HasEnvironment());
   LEnvironment* env = instr->environment();
   RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -5724,6 +5725,7 @@ void LCodeGen::DoStackCheck(LStackCheck* instr) {
     StackCheckStub stub;
     CallCode(stub.GetCode(isolate()), RelocInfo::CODE_TARGET, instr);
     EnsureSpaceForLazyDeopt();
+    last_lazy_deopt_pc_ = masm()->pc_offset();
     __ bind(&done);
     RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
     safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
@@ -5735,6 +5737,7 @@ void LCodeGen::DoStackCheck(LStackCheck* instr) {
     __ LoadRoot(at, Heap::kStackLimitRootIndex);
     __ Branch(deferred_stack_check->entry(), lo, sp, Operand(at));
     EnsureSpaceForLazyDeopt();
+    last_lazy_deopt_pc_ = masm()->pc_offset();
     __ bind(instr->done_label());
     deferred_stack_check->SetExit(instr->done_label());
     RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index  
1bce40ba74d6a7800033690740a831cdde94e678..a064c36855d5ba514185a486dacc0bf92ea90586  
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     19
 #define BUILD_NUMBER      18
-#define PATCH_LEVEL       17
+#define PATCH_LEVEL       18
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: test/mjsunit/regress/regress-247688.js
diff --git a/test/mjsunit/regress/regress-2499.js  
b/test/mjsunit/regress/regress-247688.js
similarity index 73%
copy from test/mjsunit/regress/regress-2499.js
copy to test/mjsunit/regress/regress-247688.js
index  
52aad874db6fcdc89f5ee1ae4db45304e64b0e77..80e2884c705ef230e96a93ede8e5815175b01363  
100644
--- a/test/mjsunit/regress/regress-2499.js
+++ b/test/mjsunit/regress/regress-247688.js
@@ -27,14 +27,54 @@

 // Flags: --allow-natives-syntax

-function foo(word, nBits) {
-  return (word[1] >>> nBits) | (word[0] << (32 - nBits));
-}
+var a = {};
+a.x = 1
+a.y = 1.5
+
+var b = {}
+b.x = 1.5;
+b.y = 1;
+
+var c = {}
+c.x = 1.5;
+
+var d = {}
+d.x = 1.5;
+
+var e = {}
+e.x = 1.5;
+
+var f = {}
+f.x = 1.5;

-word = [0x1001, 0];
+var g = {}
+g.x = 1.5;
+
+var h = {}
+h.x = 1.5;
+
+var i = {}
+i.x = 1.5;
+
+var o = {}
+var p = {y : 10, z : 1}
+o.__proto__ = p;
+delete p.z
+
+function foo(v, w) {
+  // Make load via IC in optimized code. Its target will get overwritten by
+  // lazy deopt patch for the stack check.
+  v.y;
+  // Make store with transition to make this code dependent on the map.
+  w.y = 1;
+  return b.y;
+}

-var expected = foo(word, 1);
-foo(word, 1);
+foo(o, c);
+foo(o, d);
+foo(o, e);
 %OptimizeFunctionOnNextCall(foo);
-var optimized = foo(word, 1);
-assertEquals(expected, optimized)
+foo(b, f);
+foo(b, g);
+foo(b, h);
+foo(a, i);


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.