Updates:
Owner: [email protected]
Comment #5 on issue 1895 by [email protected]: Incorrect results with
Node.js program using UglifyJS
http://code.google.com/p/v8/issues/detail?id=1895
Incorrect behavior is caused by bug in GAP size calculation for safepoint.
We have code that looks like in function parenthesize:
@30 call-function ; has lazy bailout
@31 gap
@32 lazy-bailout
... ; some instructions with no safe-points
@60 instance-of-know-global ; has safe-point in deferred code
@61 gap
@62 lazy-bailout
Deferred code for instance-of-know-global is generated at the very end of
code-generation after gap at @61 so it's safepoint is not seen when @61 is
visited and the whole distance between @61 and @30 is recorded as gap code
size for last seen safepoint which is the one in @30 call-function. Which
causes us to patch code at incorrect offset when doing lazy-bailout.
This was fixed when Florian refactored lazy bailouts in r10006. We have to
port this refactoring to 3.6 branch.
Big performance difference between between ia32/x64 seems to be caused by
merge of arguments branch (at r8300). It seems there is a small piece of
code missing from full codegen on x64 there. I'll verify that.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
