AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Deoptimization fix for HPushArgument.

Browse Source 
HPushArgument should never be used in a simulation environment
because the slot addresses for the arguments can be off (e.g.,
due to on-stack arguments object of an inlined caller).

R=mstarzinger@chromium.org
BUG=v8:3183
LOG=N

Review URL: https://codereview.chromium.org/178193026

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19675 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
jarin@chromium.org 2014-03-05 12:45:46 +00:00
parent 26e4f4cc1c
commit 7ac668f753
11 changed files with 139 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/a64/lithium-codegen-a64.cc
View File

@ -342,10 +342,6 @@ void LCodeGen::AddToTranslation(LEnvironment* environment,
}
} else if (op->IsDoubleStackSlot()) {
translation->StoreDoubleStackSlot(op->index());
} else if (op->IsArgument()) {
ASSERT(is_tagged);
int src_index = GetStackSlotCount() + op->index();
translation->StoreStackSlot(src_index);
} else if (op->IsRegister()) {
Register reg = ToRegister(op);
if (is_tagged) {

16
src/arm/lithium-codegen-arm.cc
View File

@ -427,7 +427,7 @@ Register LCodeGen::EmitLoadRegister(LOperand* op, Register scratch) {
__ Move(scratch, literal);
}
return scratch;
} else if (op->IsStackSlot() || op->IsArgument()) {
} else if (op->IsStackSlot()) {
__ ldr(scratch, ToMemOperand(op));
return scratch;
}
@ -463,7 +463,7 @@ DwVfpRegister LCodeGen::EmitLoadDoubleRegister(LOperand* op,
} else if (r.IsTagged()) {
Abort(kUnsupportedTaggedImmediate);
}
} else if (op->IsStackSlot() || op->IsArgument()) {
} else if (op->IsStackSlot()) {
// TODO(regis): Why is vldr not taking a MemOperand?
// __ vldr(dbl_scratch, ToMemOperand(op));
MemOperand mem_op = ToMemOperand(op);
@ -683,10 +683,6 @@ void LCodeGen::AddToTranslation(LEnvironment* environment,
}
} else if (op->IsDoubleStackSlot()) {
translation->StoreDoubleStackSlot(op->index());
} else if (op->IsArgument()) {
ASSERT(is_tagged);
int src_index = GetStackSlotCount() + op->index();
translation->StoreStackSlot(src_index);
} else if (op->IsRegister()) {
Register reg = ToRegister(op);
if (is_tagged) {
@ -1669,7 +1665,7 @@ void LCodeGen::DoBitI(LBitI* instr) {
Register result = ToRegister(instr->result());
Operand right(no_reg);
if (right_op->IsStackSlot() || right_op->IsArgument()) {
if (right_op->IsStackSlot()) {
right = Operand(EmitLoadRegister(right_op, ip));
} else {
ASSERT(right_op->IsRegister() || right_op->IsConstantOperand());
@ -1792,7 +1788,7 @@ void LCodeGen::DoSubI(LSubI* instr) {
bool can_overflow = instr->hydrogen()->CheckFlag(HValue::kCanOverflow);
SBit set_cond = can_overflow ? SetCC : LeaveCC;
if (right->IsStackSlot() || right->IsArgument()) {
if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, ip);
__ sub(ToRegister(result), ToRegister(left), Operand(right_reg), set_cond);
} else {
@ -1813,7 +1809,7 @@ void LCodeGen::DoRSubI(LRSubI* instr) {
bool can_overflow = instr->hydrogen()->CheckFlag(HValue::kCanOverflow);
SBit set_cond = can_overflow ? SetCC : LeaveCC;
if (right->IsStackSlot() || right->IsArgument()) {
if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, ip);
__ rsb(ToRegister(result), ToRegister(left), Operand(right_reg), set_cond);
} else {
@ -1986,7 +1982,7 @@ void LCodeGen::DoAddI(LAddI* instr) {
bool can_overflow = instr->hydrogen()->CheckFlag(HValue::kCanOverflow);
SBit set_cond = can_overflow ? SetCC : LeaveCC;
if (right->IsStackSlot() || right->IsArgument()) {
if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, ip);
__ add(ToRegister(result), ToRegister(left), Operand(right_reg), set_cond);
} else {

81
src/hydrogen.cc
View File

@ -3892,7 +3892,6 @@ void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
}
void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
HBasicBlock* true_block,
HBasicBlock* false_block) {
@ -3901,20 +3900,6 @@ void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
}
void HOptimizedGraphBuilder::VisitArgument(Expression* expr) {
CHECK_ALIVE(VisitForValue(expr));
Push(Add<HPushArgument>(Pop()));
}
void HOptimizedGraphBuilder::VisitArgumentList(
ZoneList<Expression*>* arguments) {
for (int i = 0; i < arguments->length(); i++) {
CHECK_ALIVE(VisitArgument(arguments->at(i)));
}
}
void HOptimizedGraphBuilder::VisitExpressions(
ZoneList<Expression*>* exprs) {
for (int i = 0; i < exprs->length(); ++i) {
@ -8055,6 +8040,10 @@ void HOptimizedGraphBuilder::VisitCall(Call* expr) {
return Bailout(kPossibleDirectCallToEval);
}
// The function is on the stack in the unoptimized code during
// evaluation of the arguments.
CHECK_ALIVE(VisitForValue(expr->expression()));
HValue* function = Top();
bool global_call = proxy != NULL && proxy->var()->IsUnallocated();
if (global_call) {
Variable* var = proxy->var();
@ -8069,8 +8058,6 @@ void HOptimizedGraphBuilder::VisitCall(Call* expr) {
Handle<GlobalObject> global(current_info()->global_object());
known_global_function = expr->ComputeGlobalTarget(global, &lookup);
}
CHECK_ALIVE(VisitForValue(expr->expression()));
HValue* function = Top();
if (known_global_function) {
Add<HCheckValue>(function, expr->target());
@ -8097,18 +8084,13 @@ void HOptimizedGraphBuilder::VisitCall(Call* expr) {
PushArgumentsFromEnvironment(argument_count);
call = BuildCallConstantFunction(expr->target(), argument_count);
} else {
Push(Add<HPushArgument>(graph()->GetConstantUndefined()));
CHECK_ALIVE(VisitArgumentList(expr->arguments()));
Push(graph()->GetConstantUndefined());
CHECK_ALIVE(VisitExpressions(expr->arguments()));
PushArgumentsFromEnvironment(argument_count);
call = New<HCallFunction>(function, argument_count);
Drop(argument_count);
}
} else if (expr->IsMonomorphic()) {
// The function is on the stack in the unoptimized code during
// evaluation of the arguments.
CHECK_ALIVE(VisitForValue(expr->expression()));
HValue* function = Top();
Add<HCheckValue>(function, expr->target());
Push(graph()->GetConstantUndefined());
@ -8134,13 +8116,10 @@ void HOptimizedGraphBuilder::VisitCall(Call* expr) {
function, expr->target(), argument_count));
} else {
CHECK_ALIVE(VisitForValue(expr->expression()));
HValue* function = Top();
HValue* receiver = graph()->GetConstantUndefined();
Push(Add<HPushArgument>(receiver));
CHECK_ALIVE(VisitArgumentList(expr->arguments()));
Push(graph()->GetConstantUndefined());
CHECK_ALIVE(VisitExpressions(expr->arguments()));
PushArgumentsFromEnvironment(argument_count);
call = New<HCallFunction>(function, argument_count);
Drop(argument_count);
}
}
@ -8580,13 +8559,13 @@ void HOptimizedGraphBuilder::VisitTypedArrayInitialize(
if (!is_zero_byte_offset) {
byte_offset_smi.Else();
{ // byte_offset is not Smi.
Push(Add<HPushArgument>(obj));
VisitArgument(arguments->at(kArrayIdArg));
Push(Add<HPushArgument>(buffer));
Push(Add<HPushArgument>(byte_offset));
Push(Add<HPushArgument>(byte_length));
Push(obj);
CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
Push(buffer);
Push(byte_offset);
Push(byte_length);
PushArgumentsFromEnvironment(kArgsLength);
Add<HCallRuntime>(expr->name(), expr->function(), kArgsLength);
Drop(kArgsLength);
}
}
byte_offset_smi.End();
@ -8633,13 +8612,12 @@ void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
(this->*generator)(expr);
} else {
ASSERT(function->intrinsic_type == Runtime::RUNTIME);
CHECK_ALIVE(VisitArgumentList(expr->arguments()));
Handle<String> name = expr->name();
int argument_count = expr->arguments()->length();
CHECK_ALIVE(VisitExpressions(expr->arguments()));
PushArgumentsFromEnvironment(argument_count);
HCallRuntime* call = New<HCallRuntime>(name, function,
argument_count);
Drop(argument_count);
return ast_context()->ReturnInstruction(call, expr->id());
}
}
@ -10504,9 +10482,9 @@ void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
// Fast support for SubString.
void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
ASSERT_EQ(3, call->arguments()->length());
CHECK_ALIVE(VisitArgumentList(call->arguments()));
CHECK_ALIVE(VisitExpressions(call->arguments()));
PushArgumentsFromEnvironment(call->arguments()->length());
HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
Drop(3);
return ast_context()->ReturnInstruction(result, call->id());
}
@ -10514,9 +10492,9 @@ void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
// Fast support for StringCompare.
void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
ASSERT_EQ(2, call->arguments()->length());
CHECK_ALIVE(VisitArgumentList(call->arguments()));
CHECK_ALIVE(VisitExpressions(call->arguments()));
PushArgumentsFromEnvironment(call->arguments()->length());
HCallStub* result = New<HCallStub>(CodeStub::StringCompare, 2);
Drop(2);
return ast_context()->ReturnInstruction(result, call->id());
}
@ -10524,9 +10502,9 @@ void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
// Support for direct calls from JavaScript to native RegExp code.
void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
ASSERT_EQ(4, call->arguments()->length());
CHECK_ALIVE(VisitArgumentList(call->arguments()));
CHECK_ALIVE(VisitExpressions(call->arguments()));
PushArgumentsFromEnvironment(call->arguments()->length());
HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
Drop(4);
return ast_context()->ReturnInstruction(result, call->id());
}
@ -10567,12 +10545,11 @@ void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
int arg_count = call->arguments()->length() - 1;
ASSERT(arg_count >= 1); // There's always at least a receiver.
for (int i = 0; i < arg_count; ++i) {
CHECK_ALIVE(VisitArgument(call->arguments()->at(i)));
}
CHECK_ALIVE(VisitForValue(call->arguments()->last()));
CHECK_ALIVE(VisitExpressions(call->arguments()));
// The function is the last argument
HValue* function = Pop();
// Push the arguments to the stack
PushArgumentsFromEnvironment(arg_count);
IfBuilder if_is_jsfunction(this);
if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
@ -10581,7 +10558,6 @@ void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
{
HInstruction* invoke_result =
Add<HInvokeFunction>(function, arg_count);
Drop(arg_count);
if (!ast_context()->IsEffect()) {
Push(invoke_result);
}
@ -10592,7 +10568,6 @@ void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
{
HInstruction* call_result =
Add<HCallFunction>(function, arg_count);
Drop(arg_count);
if (!ast_context()->IsEffect()) {
Push(call_result);
}

5
src/hydrogen.h
View File

@ -2214,11 +2214,6 @@ class HOptimizedGraphBuilder : public HGraphBuilder, public AstVisitor {
HBasicBlock* true_block,
HBasicBlock* false_block);
// Visit an argument subexpression and emit a push to the outgoing arguments.
void VisitArgument(Expression* expr);
void VisitArgumentList(ZoneList<Expression*>* arguments);
// Visit a list of expressions from left to right, each in a value context.
void VisitExpressions(ZoneList<Expression*>* exprs);

4
src/ia32/lithium-codegen-ia32.cc
View File

@ -952,10 +952,6 @@ void LCodeGen::AddToTranslation(LEnvironment* environment,
}
} else if (op->IsDoubleStackSlot()) {
translation->StoreDoubleStackSlot(op->index());
} else if (op->IsArgument()) {
ASSERT(is_tagged);
int src_index = GetStackSlotCount() + op->index();
translation->StoreStackSlot(src_index);
} else if (op->IsRegister()) {
Register reg = ToRegister(op);
if (is_tagged) {

1
src/lithium-allocator.h
View File

@ -47,7 +47,6 @@ class HValue;
class BitVector;
class StringStream;
class LArgument;
class LPlatformChunk;
class LOperand;
class LUnallocated;

6
src/lithium.cc
View File

@ -111,9 +111,6 @@ void LOperand::PrintTo(StringStream* stream) {
case DOUBLE_REGISTER:
stream->Add("[%s|R]", DoubleRegister::AllocationIndexToString(index()));
break;
case ARGUMENT:
stream->Add("[arg:%d]", index());
break;
}
}
@ -498,10 +495,9 @@ LEnvironment* LChunkBuilderBase::CreateEnvironment(
LOperand* op;
HValue* value = hydrogen_env->values()->at(i);
CHECK(!value->IsPushArgument()); // Do not deopt outgoing arguments
if (value->IsArgumentsObject() || value->IsCapturedObject()) {
op = LEnvironment::materialization_marker();
} else if (value->IsPushArgument()) {
op = new(zone()) LArgument(argument_index++);
} else {
op = UseAny(value);
}

17
src/lithium.h
View File

@ -52,8 +52,7 @@ class LOperand : public ZoneObject {
STACK_SLOT,
DOUBLE_STACK_SLOT,
REGISTER,
DOUBLE_REGISTER,
ARGUMENT
DOUBLE_REGISTER
};
LOperand() : value_(KindField::encode(INVALID)) { }
@ -63,7 +62,6 @@ class LOperand : public ZoneObject {
#define LITHIUM_OPERAND_PREDICATE(name, type) \
bool Is##name() const { return kind() == type; }
LITHIUM_OPERAND_LIST(LITHIUM_OPERAND_PREDICATE)
LITHIUM_OPERAND_PREDICATE(Argument, ARGUMENT)
LITHIUM_OPERAND_PREDICATE(Unallocated, UNALLOCATED)
LITHIUM_OPERAND_PREDICATE(Ignored, INVALID)
#undef LITHIUM_OPERAND_PREDICATE
@ -342,17 +340,6 @@ class LConstantOperand V8_FINAL : public LOperand {
};
class LArgument V8_FINAL : public LOperand {
public:
explicit LArgument(int index) : LOperand(ARGUMENT, index) { }
static LArgument* cast(LOperand* op) {
ASSERT(op->IsArgument());
return reinterpret_cast<LArgument*>(op);
}
};
class LStackSlot V8_FINAL : public LOperand {
public:
static LStackSlot* Create(int index, Zone* zone) {
@ -679,7 +666,7 @@ class ShallowIterator V8_FINAL BASE_EMBEDDED {
private:
bool ShouldSkip(LOperand* op) {
return op == NULL || op->IsConstantOperand() || op->IsArgument();
return op == NULL || op->IsConstantOperand();
}
// Skip until something interesting, beginning with and including current_.

19
src/mips/lithium-codegen-mips.cc
View File

@ -401,7 +401,7 @@ Register LCodeGen::EmitLoadRegister(LOperand* op, Register scratch) {
__ li(scratch, literal);
}
return scratch;
} else if (op->IsStackSlot() || op->IsArgument()) {
} else if (op->IsStackSlot()) {
__ lw(scratch, ToMemOperand(op));
return scratch;
}
@ -437,7 +437,7 @@ DoubleRegister LCodeGen::EmitLoadDoubleRegister(LOperand* op,
} else if (r.IsTagged()) {
Abort(kUnsupportedTaggedImmediate);
}
} else if (op->IsStackSlot() || op->IsArgument()) {
} else if (op->IsStackSlot()) {
MemOperand mem_op = ToMemOperand(op);
__ ldc1(dbl_scratch, mem_op);
return dbl_scratch;
@ -655,10 +655,6 @@ void LCodeGen::AddToTranslation(LEnvironment* environment,
}
} else if (op->IsDoubleStackSlot()) {
translation->StoreDoubleStackSlot(op->index());
} else if (op->IsArgument()) {
ASSERT(is_tagged);
int src_index = GetStackSlotCount() + op->index();
translation->StoreStackSlot(src_index);
} else if (op->IsRegister()) {
Register reg = ToRegister(op);
if (is_tagged) {
@ -1467,7 +1463,7 @@ void LCodeGen::DoBitI(LBitI* instr) {
Register result = ToRegister(instr->result());
Operand right(no_reg);
if (right_op->IsStackSlot() || right_op->IsArgument()) {
if (right_op->IsStackSlot()) {
right = Operand(EmitLoadRegister(right_op, at));
} else {
ASSERT(right_op->IsRegister() || right_op->IsConstantOperand());
@ -1589,7 +1585,7 @@ void LCodeGen::DoSubI(LSubI* instr) {
bool can_overflow = instr->hydrogen()->CheckFlag(HValue::kCanOverflow);
if (!can_overflow) {
if (right->IsStackSlot() || right->IsArgument()) {
if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, at);
__ Subu(ToRegister(result), ToRegister(left), Operand(right_reg));
} else {
@ -1599,9 +1595,7 @@ void LCodeGen::DoSubI(LSubI* instr) {
} else { // can_overflow.
Register overflow = scratch0();
Register scratch = scratch1();
if (right->IsStackSlot() ||
right->IsArgument() ||
right->IsConstantOperand()) {
if (right->IsStackSlot() || right->IsConstantOperand()) {
Register right_reg = EmitLoadRegister(right, scratch);
__ SubuAndCheckForOverflow(ToRegister(result),
ToRegister(left),
@ -1781,7 +1775,7 @@ void LCodeGen::DoAddI(LAddI* instr) {
bool can_overflow = instr->hydrogen()->CheckFlag(HValue::kCanOverflow);
if (!can_overflow) {
if (right->IsStackSlot() || right->IsArgument()) {
if (right->IsStackSlot()) {
Register right_reg = EmitLoadRegister(right, at);
__ Addu(ToRegister(result), ToRegister(left), Operand(right_reg));
} else {
@ -1792,7 +1786,6 @@ void LCodeGen::DoAddI(LAddI* instr) {
Register overflow = scratch0();
Register scratch = scratch1();
if (right->IsStackSlot() ||
right->IsArgument() ||
right->IsConstantOperand()) {
Register right_reg = EmitLoadRegister(right, scratch);
__ AdduAndCheckForOverflow(ToRegister(result),

4
src/x64/lithium-codegen-x64.cc
View File

@ -571,10 +571,6 @@ void LCodeGen::AddToTranslation(LEnvironment* environment,
}
} else if (op->IsDoubleStackSlot()) {
translation->StoreDoubleStackSlot(op->index());
} else if (op->IsArgument()) {
ASSERT(is_tagged);
int src_index = GetStackSlotCount() + op->index();
translation->StoreStackSlot(src_index);
} else if (op->IsRegister()) {
Register reg = ToRegister(op);
if (is_tagged) {

96
test/mjsunit/regress/regress-3183.js Normal file
View File

@ -0,0 +1,96 @@
// Copyright 2014 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --allow-natives-syntax
(function DeoptimizeArgCallFunctionGeneric() {
var a = [];
function f1(method, array, elem, deopt) {
assertEquals('push', method);
}
function f2() { }
function bar(x, deopt, f) {
f('push', a, [x], deopt + 0);
}
function foo() { return bar(arguments[0], arguments[1], arguments[2]); }
function baz(f, deopt) { return foo("x", deopt, f); }
baz(f1, 0);
baz(f2, 0);
%OptimizeFunctionOnNextCall(baz);
baz(f1, "deopt");
})();
(function DeoptimizeArgGlobalFunctionGeneric() {
var a = [];
var f1;
f1 = function(method, array, elem, deopt) {
assertEquals('push', method);
}
function bar(x, deopt, f) {
f1('push', a, [x], deopt + 0);
}
function foo() { return bar(arguments[0], arguments[1]); }
function baz(deopt) { return foo("x", deopt); }
baz(0);
baz(0);
%OptimizeFunctionOnNextCall(baz);
baz("deopt");
})();
(function DeoptimizeArgCallFunctionRuntime() {
var a = [];
var f1;
f1 = function(method, array, elem, deopt) {
assertEquals('push', method);
}
function bar(x, deopt) {
%_CallFunction(null, 'push', [x][0], ((deopt + 0), 1), f1);
}
function foo() { return bar(arguments[0], arguments[1]); }
function baz(deopt) { return foo(0, deopt); }
baz(0);
baz(0);
%OptimizeFunctionOnNextCall(baz);
baz("deopt");
})();