From adeaedf547c594e7f1e1afcf6b351b42a12e2c83 Mon Sep 17 00:00:00 2001 From: "mvstanton@chromium.org" Date: Tue, 3 Jun 2014 07:45:40 +0000 Subject: [PATCH] When flag --nouse-osr is set, don't allow osr from hidden runtime calls. BUG=379770 R=yangguo@chromium.org LOG=N Review URL: https://codereview.chromium.org/310773003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/runtime.cc | 10 +++++++--- test/mjsunit/regress/regress-379770.js | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 test/mjsunit/regress/regress-379770.js diff --git a/src/runtime.cc b/src/runtime.cc index fa876b481e..ff45190f7c 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -8624,9 +8624,11 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) { // Start patching from the currently patched loop nesting level. int current_level = unoptimized->allow_osr_at_loop_nesting_level(); ASSERT(BackEdgeTable::Verify(isolate, unoptimized, current_level)); - for (int i = current_level + 1; i <= Code::kMaxLoopNestingMarker; i++) { - unoptimized->set_allow_osr_at_loop_nesting_level(i); - isolate->runtime_profiler()->AttemptOnStackReplacement(*function); + if (FLAG_use_osr) { + for (int i = current_level + 1; i <= Code::kMaxLoopNestingMarker; i++) { + unoptimized->set_allow_osr_at_loop_nesting_level(i); + isolate->runtime_profiler()->AttemptOnStackReplacement(*function); + } } } else if (type->IsOneByteEqualTo(STATIC_ASCII_VECTOR("concurrent")) && isolate->concurrent_recompilation_enabled()) { @@ -8727,6 +8729,8 @@ RUNTIME_FUNCTION(Runtime_CompileForOnStackReplacement) { // We're not prepared to handle a function with arguments object. ASSERT(!function->shared()->uses_arguments()); + RUNTIME_ASSERT(FLAG_use_osr); + // Passing the PC in the javascript frame from the caller directly is // not GC safe, so we walk the stack to get it. JavaScriptFrameIterator it(isolate); diff --git a/test/mjsunit/regress/regress-379770.js b/test/mjsunit/regress/regress-379770.js new file mode 100644 index 0000000000..a6653c2591 --- /dev/null +++ b/test/mjsunit/regress/regress-379770.js @@ -0,0 +1,26 @@ +// Copyright 2014 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// Flags: --allow-natives-syntax --nostress-opt +// Flags: --nouse-osr + +function foo(obj) { + var counter = 1; + for (var i = 0; i < obj.length; i++) { + %OptimizeFunctionOnNextCall(foo, "osr"); + } + counter += obj; + return counter; +} + +function bar() { + var a = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]; + for (var i = 0; i < 100; i++ ) { + foo(a); + } +} + +try { + bar(); +} catch (e) { +}