AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
386cd83e6e
v8/test/mjsunit/regress/regress-718891.js
Ross McIlroy 11a211ff1b Reland: [TypeFeedbackVector] Store optimized code in the vector 
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246,chromium:718891
TBR=yangguo@chromium.org,ulan@chromium.org

Change-Id: I3bb9ec0cfff32e667cca0e1403f964f33a6958a6
Reviewed-on: https://chromium-review.googlesource.com/500134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45234}
2017-05-10 15:04:35 +00:00

59 lines
2.0 KiB
JavaScript
Raw Blame History

// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --expose-gc
function Data() {
}
Data.prototype = { x: 1 };
function CreateClosure() {
return function() { return new Data() }
}
// Create some function closures which don't have
// optimized code.
var compile_lazy_closure = CreateClosure();
var baseline_closure = CreateClosure();
baseline_closure();
// Run and optimize the code (do this in a seperate function
// so that the closure doesn't leak in a dead register).
(() => {
var optimized_closure = CreateClosure();
// Use .call to avoid the CallIC retaining the JSFunction in the
// feedback vector via a weak map, which would mean it wouldn't be
// collected in the minor gc below.
optimized_closure.call(undefined);
%OptimizeFunctionOnNextCall(optimized_closure);
optimized_closure.call(undefined);
})();
// Optimize a dummy function, just so it gets linked into the
// Contexts optimized_functions list head, which is in the old
// space, and the link from to the optimized_closure's JSFunction
// moves to the inline link in dummy's JSFunction in the new space,
// otherwise optimized_closure's JSFunction will be retained by the
// old->new remember set.
(() => {
var dummy = function() { return 1; };
%OptimizeFunctionOnNextCall(dummy);
dummy();
})();
// GC the optimized closure with a minor GC - the optimized
// code will remain in the feedback vector.
gc(true);
// Trigger deoptimization by changing the prototype of Data. This
// will mark the code for deopt, but since no live JSFunction has
// optimized code, we won't clear the feedback vector.
Data.prototype = { x: 2 };
// Call pre-existing functions, these will try to self-heal with the
// optimized code in the feedback vector op, but should bail-out
// since the code is marked for deoptimization.
compile_lazy_closure();
baseline_closure();
Reference in New Issue View Git Blame Copy Permalink