Revision: 20447
Author: [email protected]
Date: Wed Apr 2 17:08:24 2014 UTC
Log: Merged r20087, r20137, r20155, r20158, r20197 into 3.24 branch.
Fix polymorphic keyed loads for SLOPPY_ARGUMENTS_ELEMENTS
Fix polymorphic hydrogen handling of SLOPPY_ARGUMENTS_ELEMENTS
Ensure that lazy deopt sequence does not override calls.
Visit return statement of inlined function in value context.
Correctly convert micro-sign to its upper case.
BUG=chromium:350867,chromium:354391,354433,354357,355485
LOG=N
[email protected]
Review URL: https://codereview.chromium.org/222003005
http://code.google.com/p/v8/source/detail?r=20447
Added:
/branches/3.24/test/mjsunit/regress/regress-354357.js
/branches/3.24/test/mjsunit/regress/regress-354433.js
/branches/3.24/test/mjsunit/regress/regress-355485.js
/branches/3.24/test/mjsunit/regress/regress-crbug-350867.js
/branches/3.24/test/mjsunit/regress/regress-crbug-354391.js
Modified:
/branches/3.24/src/arm/lithium-codegen-arm.cc
/branches/3.24/src/hydrogen.cc
/branches/3.24/src/ia32/lithium-codegen-ia32.cc
/branches/3.24/src/ic.cc
/branches/3.24/src/mips/lithium-codegen-mips.cc
/branches/3.24/src/runtime.cc
/branches/3.24/src/stub-cache.cc
/branches/3.24/src/version.cc
/branches/3.24/src/x64/lithium-codegen-x64.cc
=======================================
--- /dev/null
+++ /branches/3.24/test/mjsunit/regress/regress-354357.js Wed Apr 2
17:08:24 2014 UTC
@@ -0,0 +1,38 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --always-opt
+
+var v = {};
+function inlined() {
+ return !(v.bar++);
+}
+function outer() {
+ inlined();
+};
+
+outer();
=======================================
--- /dev/null
+++ /branches/3.24/test/mjsunit/regress/regress-354433.js Wed Apr 2
17:08:24 2014 UTC
@@ -0,0 +1,54 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+var __v_0 = {};
+var __v_5 = {};
+function __f_2() {
+ this.__defineGetter__('str', function() { return __f_2(this); });
+ this.str = "1";
+ this.toString = function() {
+ return this.str;
+ };
+};
+
+__v_5 = new __f_2();
+__v_0 = new __f_2();
+
+function __f_5(fun,a,b) {
+ __v_5.str = a;
+ __v_0.str = b;
+ fun(__v_5, __v_0);
+}
+
+function __f_8(a,b) { return a%b };
+
+__f_5(__f_8, 1 << 30, 1);
+__f_5(__f_8, 1, 1 << 30);
+%OptimizeFunctionOnNextCall(__f_8);
+__f_5(__f_8, 1, 1 << 30);
=======================================
--- /dev/null
+++ /branches/3.24/test/mjsunit/regress/regress-355485.js Wed Apr 2
17:08:24 2014 UTC
@@ -0,0 +1,5 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+assertEquals("\u039c", "\u00b5".toUpperCase());
=======================================
--- /dev/null
+++ /branches/3.24/test/mjsunit/regress/regress-crbug-350867.js Wed Apr 2
17:08:24 2014 UTC
@@ -0,0 +1,15 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function f1(a, i) {
+ return a[i];
+}
+function f2(a, b, c, index) {
+ return f1(arguments, index);
+}
+
+f2(2, 3, 4, "foo");
+f2(2, 3, 4, "foo");
+assertEquals(11, f1([11, 22, 33], 0));
+assertEquals(22, f2(22, 33, 44, 0));
=======================================
--- /dev/null
+++ /branches/3.24/test/mjsunit/regress/regress-crbug-354391.js Wed Apr 2
17:08:24 2014 UTC
@@ -0,0 +1,21 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function load(a, i) {
+ return a[i];
+}
+
+function f2(a, b, c, d, index) {
+ return load(arguments, index);
+}
+
+f2(1, 2, 3, 4, "foo");
+f2(1, 2, 3, 4, "foo");
+load([11, 22, 33], 0);
+assertEquals(11, f2(11, 22, 33, 44, 0));
+
+%OptimizeFunctionOnNextCall(load);
+assertEquals(11, f2(11, 22, 33, 44, 0));
=======================================
--- /branches/3.24/src/arm/lithium-codegen-arm.cc Wed Mar 26 10:32:37 2014
UTC
+++ /branches/3.24/src/arm/lithium-codegen-arm.cc Wed Apr 2 17:08:24 2014
UTC
@@ -270,6 +270,9 @@
void LCodeGen::GenerateBodyInstructionPre(LInstruction* instr) {
+ if (instr->IsCall()) {
+ EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ }
if (!instr->IsLazyBailout() && !instr->IsGap()) {
safepoints_.BumpLastLazySafepointIndex();
}
@@ -5548,7 +5551,7 @@
void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ last_lazy_deopt_pc_ = masm()->pc_offset();
ASSERT(instr->HasEnvironment());
LEnvironment* env = instr->environment();
RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -5622,10 +5625,7 @@
CallCode(isolate()->builtins()->StackCheck(),
RelocInfo::CODE_TARGET,
instr);
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
__ bind(&done);
- RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
- safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
} else {
ASSERT(instr->hydrogen()->is_backwards_branch());
// Perform stack overflow check if this goto needs it before jumping.
=======================================
--- /branches/3.24/src/hydrogen.cc Wed Apr 2 15:32:54 2014 UTC
+++ /branches/3.24/src/hydrogen.cc Wed Apr 2 17:08:24 2014 UTC
@@ -4304,7 +4304,12 @@
TestContext* test = TestContext::cast(context);
VisitForControl(stmt->expression(), test->if_true(),
test->if_false());
} else if (context->IsEffect()) {
- CHECK_ALIVE(VisitForEffect(stmt->expression()));
+ // Visit in value context and ignore the result. This is needed to
keep
+ // environment in sync with full-codegen since some visitors (e.g.
+ // VisitCountOperation) use the operand stack differently depending
on
+ // context.
+ CHECK_ALIVE(VisitForValue(stmt->expression()));
+ Pop();
Goto(function_return(), state);
} else {
ASSERT(context->IsValue());
@@ -6360,6 +6365,13 @@
elements_kind != GetInitialFastElementsKind()) {
possible_transitioned_maps.Add(map);
}
+ if (elements_kind == NON_STRICT_ARGUMENTS_ELEMENTS) {
+ HInstruction* result =
+ is_store ? BuildStoreKeyedGeneric(object, key, val)
+ : BuildLoadKeyedGeneric(object, key);
+ *has_side_effects = result->HasObservableSideEffects();
+ return AddInstruction(result);
+ }
}
// Get transition target for each map (NULL == no transition).
for (int i = 0; i < maps->length(); ++i) {
=======================================
--- /branches/3.24/src/ia32/lithium-codegen-ia32.cc Wed Mar 26 10:32:37
2014 UTC
+++ /branches/3.24/src/ia32/lithium-codegen-ia32.cc Wed Apr 2 17:08:24
2014 UTC
@@ -390,6 +390,9 @@
void LCodeGen::GenerateBodyInstructionPre(LInstruction* instr) {
+ if (instr->IsCall()) {
+ EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ }
if (!instr->IsLazyBailout() && !instr->IsGap()) {
safepoints_.BumpLastLazySafepointIndex();
}
@@ -6072,7 +6075,7 @@
void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ last_lazy_deopt_pc_ = masm()->pc_offset();
ASSERT(instr->HasEnvironment());
LEnvironment* env = instr->environment();
RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -6148,10 +6151,7 @@
CallCode(isolate()->builtins()->StackCheck(),
RelocInfo::CODE_TARGET,
instr);
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
__ bind(&done);
- RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
- safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
} else {
ASSERT(instr->hydrogen()->is_backwards_branch());
// Perform stack overflow check if this goto needs it before jumping.
=======================================
--- /branches/3.24/src/ic.cc Mon Mar 17 10:45:33 2014 UTC
+++ /branches/3.24/src/ic.cc Wed Apr 2 17:08:24 2014 UTC
@@ -1092,7 +1092,6 @@
if (*stub == *generic_stub()) {
TRACE_GENERIC_IC(isolate(), "KeyedLoadIC", "set generic");
}
- ASSERT(!stub.is_null());
set_target(*stub);
TRACE_IC("LoadIC", key);
}
=======================================
--- /branches/3.24/src/mips/lithium-codegen-mips.cc Wed Mar 26 10:32:37
2014 UTC
+++ /branches/3.24/src/mips/lithium-codegen-mips.cc Wed Apr 2 17:08:24
2014 UTC
@@ -260,6 +260,9 @@
void LCodeGen::GenerateBodyInstructionPre(LInstruction* instr) {
+ if (instr->IsCall()) {
+ EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ }
if (!instr->IsLazyBailout() && !instr->IsGap()) {
safepoints_.BumpLastLazySafepointIndex();
}
@@ -5545,7 +5548,7 @@
void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ last_lazy_deopt_pc_ = masm()->pc_offset();
ASSERT(instr->HasEnvironment());
LEnvironment* env = instr->environment();
RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -5617,10 +5620,7 @@
CallCode(isolate()->builtins()->StackCheck(),
RelocInfo::CODE_TARGET,
instr);
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
__ bind(&done);
- RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
- safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
} else {
ASSERT(instr->hydrogen()->is_backwards_branch());
// Perform stack overflow check if this goto needs it before jumping.
=======================================
--- /branches/3.24/src/runtime.cc Wed Mar 26 10:32:37 2014 UTC
+++ /branches/3.24/src/runtime.cc Wed Apr 2 17:08:24 2014 UTC
@@ -6283,6 +6283,15 @@
// Create a number object from the value.
return isolate->heap()->NumberFromDouble(value);
}
+
+
+static inline bool ToUpperOverflows(uc32 character) {
+ // y with umlauts and the micro sign are the only characters that stop
+ // fitting into one-byte when converting to uppercase.
+ static const uc32 yuml_code = 0xff;
+ static const uc32 micro_code = 0xb5;
+ return (character == yuml_code || character == micro_code);
+}
template <class Converter>
@@ -6323,10 +6332,7 @@
unibrow::uchar chars[Converter::kMaxWidth];
// We can assume that the string is not empty
uc32 current = stream.GetNext();
- // y with umlauts is the only character that stops fitting into one-byte
- // when converting to uppercase.
- static const uc32 yuml_code = 0xff;
- bool ignore_yuml = result->IsSeqTwoByteString() || Converter::kIsToLower;
+ bool ignore_overflow = Converter::kIsToLower ||
result->IsSeqTwoByteString();
for (int i = 0; i < length;) {
bool has_next = stream.HasMore();
uc32 next = has_next ? stream.GetNext() : 0;
@@ -6335,14 +6341,15 @@
// The case conversion of this character is the character itself.
result->Set(i, current);
i++;
- } else if (char_length == 1 && (ignore_yuml || current != yuml_code)) {
+ } else if (char_length == 1 &&
+ (ignore_overflow || !ToUpperOverflows(current))) {
// Common case: converting the letter resulted in one character.
ASSERT(static_cast<uc32>(chars[0]) != current);
result->Set(i, chars[0]);
has_changed_character = true;
i++;
} else if (length == input_string_length) {
- bool found_yuml = (current == yuml_code);
+ bool overflows = ToUpperOverflows(current);
// We've assumed that the result would be as long as the
// input but here is a character that converts to several
// characters. No matter, we calculate the exact length
@@ -6362,7 +6369,7 @@
int current_length = i + char_length + next_length;
while (stream.HasMore()) {
current = stream.GetNext();
- found_yuml |= (current == yuml_code);
+ overflows |= ToUpperOverflows(current);
// NOTE: we use 0 as the next character here because, while
// the next character may affect what a character converts to,
// it does not in any case affect the length of what it convert
@@ -6376,9 +6383,9 @@
}
}
// Try again with the real length. Return signed if we need
- // to allocate a two-byte string for y-umlaut to uppercase.
- return (found_yuml && !ignore_yuml) ? Smi::FromInt(-current_length)
- : Smi::FromInt(current_length);
+ // to allocate a two-byte string for to uppercase.
+ return (overflows && !ignore_overflow) ?
Smi::FromInt(-current_length)
+ :
Smi::FromInt(current_length);
} else {
for (int j = 0; j < char_length; j++) {
result->Set(i, chars[j]);
=======================================
--- /branches/3.24/src/stub-cache.cc Fri Feb 7 09:11:16 2014 UTC
+++ /branches/3.24/src/stub-cache.cc Wed Apr 2 17:08:24 2014 UTC
@@ -1265,6 +1265,8 @@
cached_stub =
KeyedLoadFastElementStub(is_js_array,
elements_kind).GetCode(isolate());
+ } else if (elements_kind == NON_STRICT_ARGUMENTS_ELEMENTS) {
+ cached_stub =
isolate()->builtins()->KeyedLoadIC_NonStrictArguments();
} else {
ASSERT(elements_kind == DICTIONARY_ELEMENTS);
cached_stub = KeyedLoadDictionaryElementStub().GetCode(isolate());
=======================================
--- /branches/3.24/src/version.cc Wed Apr 2 15:32:54 2014 UTC
+++ /branches/3.24/src/version.cc Wed Apr 2 17:08:24 2014 UTC
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 24
#define BUILD_NUMBER 35
-#define PATCH_LEVEL 23
+#define PATCH_LEVEL 24
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
=======================================
--- /branches/3.24/src/x64/lithium-codegen-x64.cc Wed Mar 26 10:32:37 2014
UTC
+++ /branches/3.24/src/x64/lithium-codegen-x64.cc Wed Apr 2 17:08:24 2014
UTC
@@ -274,6 +274,9 @@
void LCodeGen::GenerateBodyInstructionPre(LInstruction* instr) {
+ if (instr->IsCall()) {
+ EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ }
if (!instr->IsLazyBailout() && !instr->IsGap()) {
safepoints_.BumpLastLazySafepointIndex();
}
@@ -5365,7 +5368,7 @@
void LCodeGen::DoLazyBailout(LLazyBailout* instr) {
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
+ last_lazy_deopt_pc_ = masm()->pc_offset();
ASSERT(instr->HasEnvironment());
LEnvironment* env = instr->environment();
RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
@@ -5437,10 +5440,7 @@
CallCode(isolate()->builtins()->StackCheck(),
RelocInfo::CODE_TARGET,
instr);
- EnsureSpaceForLazyDeopt(Deoptimizer::patch_size());
__ bind(&done);
- RegisterEnvironmentForDeoptimization(env, Safepoint::kLazyDeopt);
- safepoints_.RecordLazyDeoptimizationIndex(env->deoptimization_index());
} else {
ASSERT(instr->hydrogen()->is_backwards_branch());
// Perform stack overflow check if this goto needs it before jumping.
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
