Revision: 13477
Author: [email protected]
Date: Wed Jan 23 07:25:28 2013
Log: MIPS: Avoid handle dereference during graph optimization.
Port r13475 (0076e1ee)
Original commit message:
With parallel recompilation enabled, objects made accessible by handles may
have changed between graph construction and graph optimization. Therefore
we must not assume that information on those objects remain the same between
those two phases. To police this, we forbid handle dereferencing during
graph optimization.
Exceptions to this rule are:
- Dereferencing the handle to obtain the raw location of the object. This
is safe since parallel recompilation acquires RelocationLock
- Some places that dereference the handle for a type check. These are
checked
to be safe on a case-by-case basis.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/12049037
Patch from Akos Palfi <[email protected]>.
http://code.google.com/p/v8/source/detail?r=13477
Modified:
/branches/bleeding_edge/src/mips/lithium-codegen-mips.cc
/branches/bleeding_edge/src/mips/lithium-mips.cc
/branches/bleeding_edge/src/mips/lithium-mips.h
=======================================
--- /branches/bleeding_edge/src/mips/lithium-codegen-mips.cc Wed Jan 23
06:01:11 2013
+++ /branches/bleeding_edge/src/mips/lithium-codegen-mips.cc Wed Jan 23
07:25:28 2013
@@ -796,8 +796,7 @@
ASSERT(FLAG_deopt_every_n_times < 2); // Other values not supported on
MIPS.
- if (FLAG_deopt_every_n_times == 1 &&
- info_->shared_info()->opt_count() == id) {
+ if (FLAG_deopt_every_n_times == 1 && info_->opt_count() == id) {
__ Jump(entry, RelocInfo::RUNTIME_ENTRY);
return;
}
@@ -4208,8 +4207,8 @@
Handle<Map> from_map = instr->original_map();
Handle<Map> to_map = instr->transitioned_map();
- ElementsKind from_kind = from_map->elements_kind();
- ElementsKind to_kind = to_map->elements_kind();
+ ElementsKind from_kind = instr->from_kind();
+ ElementsKind to_kind = instr->to_kind();
__ mov(ToRegister(instr->result()), object_reg);
=======================================
--- /branches/bleeding_edge/src/mips/lithium-mips.cc Fri Jan 18 02:10:36
2013
+++ /branches/bleeding_edge/src/mips/lithium-mips.cc Wed Jan 23 07:25:28
2013
@@ -2005,9 +2005,7 @@
LInstruction* LChunkBuilder::DoTransitionElementsKind(
HTransitionElementsKind* instr) {
- ElementsKind from_kind = instr->original_map()->elements_kind();
- ElementsKind to_kind = instr->transitioned_map()->elements_kind();
- if (IsSimpleMapChangeTransition(from_kind, to_kind)) {
+ if (IsSimpleMapChangeTransition(instr->from_kind(), instr->to_kind())) {
LOperand* object = UseRegister(instr->object());
LOperand* new_map_reg = TempRegister();
LTransitionElementsKind* result =
@@ -2262,8 +2260,8 @@
instr->arguments_count(),
instr->function(),
undefined,
- instr->call_kind(),
- instr->inlining_kind());
+ instr->inlining_kind(),
+
instr->undefined_receiver());
if (instr->arguments_var() != NULL) {
inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
}
=======================================
--- /branches/bleeding_edge/src/mips/lithium-mips.h Wed Jan 23 06:01:11 2013
+++ /branches/bleeding_edge/src/mips/lithium-mips.h Wed Jan 23 07:25:28 2013
@@ -2018,6 +2018,8 @@
Handle<Map> original_map() { return hydrogen()->original_map(); }
Handle<Map> transitioned_map() { return hydrogen()->transitioned_map(); }
+ ElementsKind from_kind() { return hydrogen()->from_kind(); }
+ ElementsKind to_kind() { return hydrogen()->to_kind(); }
};
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
