dd6fa2d1c7
Loop used value lifetimes extension extends the lifetime of anything
used inside of a loop but defined outside of it, to make sure that it is
considered 'live' for the entire body of the loop (this is so that we
don't e.g. clobber their stack slots with stack slot reuse).
The implementation works on the principle that a) basic blocks are
topologically sorted by forward control flow, and b) loops are
irreducible. This means that basic blocks between a loop header and the
jump to that loop header are inside the loop, and nodes whose id
preceeds the loop header's id must be before the loop.
Generator resumes break this irreducibility by jumping into the middle
of loops. This is principally not a problem for the above lifetime
extension, it just means that the loop's used nodes will overapproximate
and include these generator nodes. However, there was an implicit
additional assumption that the node must be loadable by the loop end, to
extend its lifetime. This fails for the generator resume case, because
it's possible that the node didn't make it into any loop merge state,
e.g. because the resume would immediately deopt or return, e.g.
Start
/ \
/ GeneratorResume
| |
v |
.>Loop header |
| | |
| Branch |
| | | |
| | Suspend |
| | |
| | Resume <-'
| | |
| | Return
| v
`--JumpLoop
Here the Resume will get the accumulator from the generator and the
Return will use it, which will be seen as an out-of-loop use of the
generator, but the generator was never reachable from the "real" loop
body.
At the end of the day, since there are no actual uses of the generator
value in the loop body, the lifetime extension does no harm; all that
fails is a DCHECK that the values loop lifetime extension extends are
actually loadable. So, we can relax this DCHECK for this specific
generator edge case, by checking for whether the JumpLoop is reachable
from the generator resume.
Bug: v8:7700
Change-Id: Iec4db2aee5b8812de61c3afb9004c8be3982baa2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890975
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83144}
|
||
|---|---|---|
| .github | ||
| bazel | ||
| build_overrides | ||
| custom_deps | ||
| docs | ||
| gni | ||
| include | ||
| infra | ||
| samples | ||
| src | ||
| test | ||
| testing | ||
| third_party | ||
| tools | ||
| .bazelrc | ||
| .clang-format | ||
| .clang-tidy | ||
| .editorconfig | ||
| .flake8 | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .gn | ||
| .mailmap | ||
| .style.yapf | ||
| .vpython | ||
| .vpython3 | ||
| .ycm_extra_conf.py | ||
| AUTHORS | ||
| BUILD.bazel | ||
| BUILD.gn | ||
| CODE_OF_CONDUCT.md | ||
| codereview.settings | ||
| COMMON_OWNERS | ||
| DEPS | ||
| DIR_METADATA | ||
| ENG_REVIEW_OWNERS | ||
| INFRA_OWNERS | ||
| INTL_OWNERS | ||
| LICENSE | ||
| LICENSE.fdlibm | ||
| LICENSE.strongtalk | ||
| LICENSE.v8 | ||
| LOONG_OWNERS | ||
| MIPS_OWNERS | ||
| OWNERS | ||
| PPC_OWNERS | ||
| PRESUBMIT.py | ||
| README.md | ||
| RISCV_OWNERS | ||
| S390_OWNERS | ||
| WATCHLISTS | ||
| WORKSPACE | ||
V8 JavaScript Engine
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://v8.dev/docs
Getting the Code
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies.
To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote
configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Contributing
Please follow the instructions mentioned at v8.dev/docs/contribute.