Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(692)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 50243004: Fix bug with guarded fields and deserialization. (Closed)

Created:
7 years, 1 month ago by fschneider
Modified:
7 years, 1 month ago
CC:
reviews_dartlang.org, vm-dev_dartlang.org
Visibility:
Public.

Description

Fix bug with guarded fields and deserialization. Since deserialization does not involve the normal object construction procedure, any values written there won't be reflected in the guarded field type. This results in incorrect optimized code because deoptimization of dependent code objects in not triggered. This CL adds tracking of field types and guarded list length when creating objects via deserialization. R=iposva@google.com Committed: https://code.google.com/p/dart/source/detail?r=29741

Patch Set 1 #

Total comments: 1

Patch Set 2 : improved test to cover Instance::SetField #

Total comments: 8

Patch Set 3 : #

Patch Set 4 : #

Total comments: 22
Unified diffs Side-by-side diffs Delta from patch set Stats (+227 lines, -50 lines) Patch
M runtime/vm/code_generator.cc View 2 chunks +1 line, -33 lines 0 comments Download
M runtime/vm/object.h View 1 2 4 chunks +18 lines, -7 lines 0 comments Download
M runtime/vm/object.cc View 1 2 4 chunks +74 lines, -8 lines 4 comments Download
M runtime/vm/parser.cc View 1 chunk +1 line, -2 lines 0 comments Download
M runtime/vm/raw_object.h View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M runtime/vm/snapshot.h View 1 chunk +2 lines, -0 lines 0 comments Download
M runtime/vm/snapshot.cc View 1 2 3 2 chunks +14 lines, -0 lines 8 comments Download
A tests/language/vm/optimized_guarded_field_isolates_test.dart View 1 chunk +70 lines, -0 lines 4 comments Download
M tests/language/vm/optimized_guarded_field_test.dart View 1 2 chunks +44 lines, -0 lines 6 comments Download
M tests/standalone/standalone.status View 1 chunk +2 lines, -0 lines 0 comments Download

Messages

Total messages: 7 (0 generated)
Florian Schneider
https://codereview.chromium.org/50243004/diff/1/tests/standalone/standalone.status File tests/standalone/standalone.status (right): https://codereview.chromium.org/50243004/diff/1/tests/standalone/standalone.status#newcode12 tests/standalone/standalone.status:12: issue14236_test: Pass, Fail, Crash # Issue 14516 I added ...
7 years, 1 month ago (2013-10-30 14:02:22 UTC) #1
srdjan
DBC https://codereview.chromium.org/50243004/diff/90001/runtime/vm/object.cc File runtime/vm/object.cc (right): https://codereview.chromium.org/50243004/diff/90001/runtime/vm/object.cc#newcode1746 runtime/vm/object.cc:1746: intptr_t length = raw_ptr()->instance_size_in_words_; const https://codereview.chromium.org/50243004/diff/90001/runtime/vm/object.h File runtime/vm/object.h ...
7 years, 1 month ago (2013-10-30 16:19:16 UTC) #2
Florian Schneider
https://codereview.chromium.org/50243004/diff/90001/runtime/vm/object.cc File runtime/vm/object.cc (right): https://codereview.chromium.org/50243004/diff/90001/runtime/vm/object.cc#newcode1746 runtime/vm/object.cc:1746: intptr_t length = raw_ptr()->instance_size_in_words_; On 2013/10/30 16:19:17, srdjan wrote: ...
7 years, 1 month ago (2013-10-31 20:36:19 UTC) #3
Florian Schneider
This is blocking https://codereview.chromium.org/27307005/ from landing since it fixes a crasher revealed by the additional ...
7 years, 1 month ago (2013-10-31 20:38:42 UTC) #4
Ivan Posva
LGTM after addressing comments. -Ivan https://codereview.chromium.org/50243004/diff/280001/runtime/vm/object.cc File runtime/vm/object.cc (right): https://codereview.chromium.org/50243004/diff/280001/runtime/vm/object.cc#newcode1747 runtime/vm/object.cc:1747: array = Array::New(length); This ...
7 years, 1 month ago (2013-11-01 04:50:04 UTC) #5
fschneider
Committed patchset #4 manually as r29741.
7 years, 1 month ago (2013-11-01 10:39:24 UTC) #6
Florian Schneider
7 years, 1 month ago (2013-11-01 10:39:26 UTC) #7
Message was sent while issue was closed. 
https://codereview.chromium.org/50243004/diff/280001/runtime/vm/object.cc
File runtime/vm/object.cc (right):

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/object.cc#new...
runtime/vm/object.cc:1747: array = Array::New(length);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> This array should be allocated in old space. It will survive as long as this
> class exists and classes are allocated in old space.

Done.

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/object.cc#new...
runtime/vm/object.cc:1756: array.SetAt(f.Offset() / kWordSize, f);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> f.Offset() >> kWordSizeLog2

Done.

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/snapshot.cc
File runtime/vm/snapshot.cc (right):

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/snapshot.cc#n...
runtime/vm/snapshot.cc:799: cls_ = isolate()->class_table()->At(result_cid);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> You want to look this up only once and not for every field in the object, but
I
> also understand that you cannot share the handle in that case. Would be OK to
> add a TODO and investigate this with Siva after having addressed the crash
fix.

Done. Added TODO.

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/snapshot.cc#n...
runtime/vm/snapshot.cc:800: array_ = cls_.OffsetToFieldMap();
On 2013/11/01 04:50:05, Ivan Posva wrote:
> ditto

Done.

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/snapshot.cc#n...
runtime/vm/snapshot.cc:801: field_ ^= array_.At(offset / kWordSize);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> offset >> kWordSizeLog2

Done.

https://codereview.chromium.org/50243004/diff/280001/runtime/vm/snapshot.cc#n...
runtime/vm/snapshot.cc:808: }
On 2013/11/01 04:50:05, Ivan Posva wrote:
> We also wanted to assert that when deserializing other snapshots these values
> were correct. At least add a TODO.

Added TODO. I'll think about how to assert this for the other kinds.

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
File tests/language/vm/optimized_guarded_field_isolates_test.dart (right):

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
tests/language/vm/optimized_guarded_field_isolates_test.dart:33: for (var i = 0;
i < 200; i++) test_b(b);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> {
>   test_b(b);
> }

Done.

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
File tests/language/vm/optimized_guarded_field_test.dart (right):

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
tests/language/vm/optimized_guarded_field_test.dart:39: if (identical(s, null))
throw "FAIL";
On 2013/11/01 04:50:05, Ivan Posva wrote:
> Why not just s == null?

I can't have an IC call here: it will introduce a CheckClass and defeat cid
propagation. Instead cid-propagation will illegally optimize the
identical-comparison away.

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
tests/language/vm/optimized_guarded_field_test.dart:49: for (var i=0; i<20; i++)
check_stacktrace(e);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> ditto

Done.

https://codereview.chromium.org/50243004/diff/280001/tests/language/vm/optimi...
tests/language/vm/optimized_guarded_field_test.dart:73: for (var i = 0; i < 20;
i++) test_deopt(42, 1);
On 2013/11/01 04:50:05, Ivan Posva wrote:
> ditto

Done.

Powered by Google App Engine
This is Rietveld 408576698