[v8-dev] [v8] r20911 committed - Fix deoptimization problem with inlined Array.push()...

Wed, 23 Apr 2014 06:21:14 -0700 

Revision: 20911
Author:   da...@chromium.org
Date:     Wed Apr 23 13:20:28 2014 UTC
Log:      Fix deoptimization problem with inlined Array.push()

R=ja...@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/247573008
http://code.google.com/p/v8/source/detail?r=20911

Added:
 /branches/bleeding_edge/test/mjsunit/array-push10.js
Modified:
 /branches/bleeding_edge/src/deoptimizer.cc
 /branches/bleeding_edge/src/hydrogen.cc

=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/array-push10.js Wed Apr 23 13:20:28 2014 UTC 
@@ -0,0 +1,15 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function __f_17(__v_9) {
+ var __v_10 = 0;
+ var count = 10000;
+ while (count-- != 0) {
+   __v_9.push(0);
+   if (++__v_10 >= 2) return __v_9;
+   __v_10 = {};
+ }
+}
+
+__v_14 = __f_17([]);
=======================================
--- /branches/bleeding_edge/src/deoptimizer.cc  Tue Apr 15 07:36:47 2014 UTC
+++ /branches/bleeding_edge/src/deoptimizer.cc  Wed Apr 23 13:20:28 2014 UTC
@@ -2632,13 +2632,11 @@
   // function into account so we have to avoid double counting them.
   unsigned result = fixed_size + fp_to_sp_delta_ -
       StandardFrameConstants::kFixedFrameSizeFromFp;
-#ifdef DEBUG
   if (compiled_code_->kind() == Code::OPTIMIZED_FUNCTION) {
     unsigned stack_slots = compiled_code_->stack_slots();
     unsigned outgoing_size = ComputeOutgoingArgumentSize();
- ASSERT(result == fixed_size + (stack_slots * kPointerSize) + outgoing_size); + CHECK(result == fixed_size + (stack_slots * kPointerSize) + outgoing_size); 
   }
-#endif
   return result;
 }

=======================================
--- /branches/bleeding_edge/src/hydrogen.cc     Wed Apr 23 07:07:54 2014 UTC
+++ /branches/bleeding_edge/src/hydrogen.cc     Wed Apr 23 13:20:28 2014 UTC
@@ -7811,6 +7811,7 @@

       HValue* value_to_push = Pop();
       HValue* array = Pop();
+      Drop(1);  // Drop function.

       HInstruction* new_size = NULL;
       HValue* length = NULL;
@@ -7832,7 +7833,6 @@
         Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
       }

-      Drop(1);  // Drop function.
       ast_context()->ReturnValue(new_size);
       return true;
     }

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to