Revision: 16150
Author: [email protected]
Date: Mon Aug 12 07:10:25 2013
Log: Fix regressions triggered by map invalidation during graph
creation.
BUG=
[email protected]
Review URL: https://codereview.chromium.org/22807003
http://code.google.com/p/v8/source/detail?r=16150
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-map-invalidation-1.js
/branches/bleeding_edge/test/mjsunit/regress/regress-map-invalidation-2.js
Modified:
/branches/bleeding_edge/src/assert-scope.h
/branches/bleeding_edge/src/compiler.cc
/branches/bleeding_edge/src/compiler.h
/branches/bleeding_edge/src/objects.cc
/branches/bleeding_edge/src/objects.h
=======================================
--- /dev/null
+++
/branches/bleeding_edge/test/mjsunit/regress/regress-map-invalidation-1.js
Mon Aug 12 07:10:25 2013
@@ -0,0 +1,48 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+var c = { x: 2, y: 1 };
+
+function h() {
+ %MigrateInstance(c);
+ return 2;
+}
+%NeverOptimizeFunction(h);
+
+function f() {
+ for (var i = 0; i < 100000; i++) {
+ var n = c.x + h();
+ assertEquals(4, n);
+ }
+ var o2 = [{ x: 2.5, y:1 }];
+ return o2;
+}
+
+f();
+
=======================================
--- /dev/null
+++
/branches/bleeding_edge/test/mjsunit/regress/regress-map-invalidation-2.js
Mon Aug 12 07:10:25 2013
@@ -0,0 +1,49 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+var c = { x: 2, y: 1 };
+
+function g() {
+ var outer = { foo: 1 };
+ function f() {
+ var n = outer.foo;
+ for (var i = 0; i < 100000; i++) {
+ n += c.x + outer.foo;
+ }
+ var o2 = [{ x: 1.5, y: 1 }];
+ return o2;
+ }
+ return f;
+}
+
+var fun = g();
+fun();
+assertOptimized(fun);
+fun();
+
=======================================
--- /branches/bleeding_edge/src/assert-scope.h Thu Jun 13 00:47:42 2013
+++ /branches/bleeding_edge/src/assert-scope.h Mon Aug 12 07:10:25 2013
@@ -41,6 +41,7 @@
HANDLE_ALLOCATION_ASSERT,
HANDLE_DEREFERENCE_ASSERT,
DEFERRED_HANDLE_DEREFERENCE_ASSERT,
+ CODE_DEPENDENCY_CHANGE_ASSERT,
LAST_PER_THREAD_ASSERT_TYPE
};
@@ -170,6 +171,14 @@
typedef PerThreadAssertScope<DEFERRED_HANDLE_DEREFERENCE_ASSERT, true>
AllowDeferredHandleDereference;
+// Scope to document where we do not expect deferred handles to be
dereferenced.
+typedef PerThreadAssertScope<CODE_DEPENDENCY_CHANGE_ASSERT, false>
+ DisallowCodeDependencyChange;
+
+// Scope to introduce an exception to DisallowDeferredHandleDereference.
+typedef PerThreadAssertScope<CODE_DEPENDENCY_CHANGE_ASSERT, true>
+ AllowCodeDependencyChange;
+
} } // namespace v8::internal
#endif // V8_ASSERT_SCOPE_H_
=======================================
--- /branches/bleeding_edge/src/compiler.cc Fri Aug 9 08:10:06 2013
+++ /branches/bleeding_edge/src/compiler.cc Mon Aug 12 07:10:25 2013
@@ -120,6 +120,7 @@
return;
}
mode_ = V8::UseCrankshaft() ? mode : NONOPT;
+ abort_due_to_dependency_ = false;
if (script_->type()->value() == Script::TYPE_NATIVE) {
MarkAsNative();
}
@@ -445,6 +446,12 @@
return AbortOptimization();
}
}
+
+ if (info()->HasAbortedDueToDependencyChange()) {
+ info_->set_bailout_reason(kBailedOutDueToDependencyChange);
+ info_->AbortOptimization();
+ return SetLastStatus(BAILED_OUT);
+ }
return SetLastStatus(SUCCEEDED);
}
@@ -454,6 +461,7 @@
DisallowHeapAllocation no_allocation;
DisallowHandleAllocation no_handles;
DisallowHandleDereference no_deref;
+ DisallowCodeDependencyChange no_dependency_change;
ASSERT(last_status() == SUCCEEDED);
Timer t(this, &time_taken_to_optimize_);
@@ -474,6 +482,8 @@
OptimizingCompiler::Status OptimizingCompiler::GenerateAndInstallCode() {
ASSERT(last_status() == SUCCEEDED);
+ ASSERT(!info()->HasAbortedDueToDependencyChange());
+ DisallowCodeDependencyChange no_dependency_change;
{ // Scope for timer.
Timer timer(this, &time_taken_to_codegen_);
ASSERT(chunk_ != NULL);
@@ -815,6 +825,7 @@
// was flushed. By setting the code object last we avoid this.
Handle<SharedFunctionInfo> shared = info->shared_info();
Handle<Code> code = info->code();
+ CHECK(code->kind() == Code::FUNCTION);
Handle<JSFunction> function = info->closure();
Handle<ScopeInfo> scope_info =
ScopeInfo::Create(info->scope(), info->zone());
@@ -1059,7 +1070,7 @@
// the unoptimized code.
OptimizingCompiler::Status status = optimizing_compiler->last_status();
if (info->HasAbortedDueToDependencyChange()) {
- info->set_bailout_reason(kBailedOutDueToDependentMap);
+ info->set_bailout_reason(kBailedOutDueToDependencyChange);
status = optimizing_compiler->AbortOptimization();
} else if (status != OptimizingCompiler::SUCCEEDED) {
info->set_bailout_reason(kFailedBailedOutLastTime);
=======================================
--- /branches/bleeding_edge/src/compiler.h Fri Aug 9 01:24:29 2013
+++ /branches/bleeding_edge/src/compiler.h Mon Aug 12 07:10:25 2013
@@ -298,11 +298,13 @@
}
void AbortDueToDependencyChange() {
- mode_ = DEPENDENCY_CHANGE_ABORT;
+ ASSERT(!isolate()->optimizing_compiler_thread()->IsOptimizerThread());
+ abort_due_to_dependency_ = true;
}
bool HasAbortedDueToDependencyChange() {
- return mode_ == DEPENDENCY_CHANGE_ABORT;
+ ASSERT(!isolate()->optimizing_compiler_thread()->IsOptimizerThread());
+ return abort_due_to_dependency_;
}
protected:
@@ -326,8 +328,7 @@
BASE,
OPTIMIZE,
NONOPT,
- STUB,
- DEPENDENCY_CHANGE_ABORT
+ STUB
};
void Initialize(Isolate* isolate, Mode mode, Zone* zone);
@@ -401,6 +402,9 @@
Mode mode_;
BailoutId osr_ast_id_;
+ // Flag whether compilation needs to be aborted due to dependency change.
+ bool abort_due_to_dependency_;
+
// The zone from which the compilation pipeline working on this
// CompilationInfo allocates.
Zone* zone_;
=======================================
--- /branches/bleeding_edge/src/objects.cc Wed Aug 7 04:24:14 2013
+++ /branches/bleeding_edge/src/objects.cc Mon Aug 12 07:10:25 2013
@@ -11354,6 +11354,7 @@
void DependentCode::DeoptimizeDependentCodeGroup(
Isolate* isolate,
DependentCode::DependencyGroup group) {
+ ASSERT(AllowCodeDependencyChange::IsAllowed());
DisallowHeapAllocation no_allocation_scope;
DependentCode::GroupStartIndexes starts(this);
int start = starts.at(group);
=======================================
--- /branches/bleeding_edge/src/objects.h Fri Aug 9 01:22:46 2013
+++ /branches/bleeding_edge/src/objects.h Mon Aug 12 07:10:25 2013
@@ -1076,7 +1076,7 @@
"bad value context for arguments object
value") \
V(kBadValueContextForArgumentsValue,
\
"bad value context for arguments
value") \
- V(kBailedOutDueToDependentMap, "bailed out due to dependent
map") \
+ V(kBailedOutDueToDependencyChange, "bailed out due to dependency
change") \
V(kBailoutWasNotPrepared, "bailout was not
prepared") \
V(kBinaryStubGenerateFloatingPointCode,
\
"BinaryStub_GenerateFloatingPointCode")
\
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
