Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(183)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/compiler/js-inlining.cc

Issue 1425883004: [turbofan] Fix missing bailout point before calls. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Update unittests. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/compiler/js-generic-lowering.cc ('k') | src/compiler/js-typed-lowering.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/compiler/js-inlining.cc
diff --git a/src/compiler/js-inlining.cc b/src/compiler/js-inlining.cc
index 749ff89bc153abac6716086a4616e32a1503cf93..e5fba87646ecdca0e9f18560ec916ffd0d324252 100644
--- a/src/compiler/js-inlining.cc
+++ b/src/compiler/js-inlining.cc
@@ -56,7 +56,12 @@ class JSCallFunctionAccessor {
return value_inputs - 2;
}
- Node* frame_state() { return NodeProperties::GetFrameStateInput(call_, 0); }
+ Node* frame_state_before() {
+ return NodeProperties::GetFrameStateInput(call_, 1);
+ }
+ Node* frame_state_after() {
+ return NodeProperties::GetFrameStateInput(call_, 0);
+ }
private:
Node* call_;
@@ -237,9 +242,9 @@ Node* JSInliner::CreateArgumentsAdaptorFrameState(
jsgraph_->common()->StateValues(static_cast<int>(params.size()));
Node* params_node = jsgraph_->graph()->NewNode(
op_param, static_cast<int>(params.size()), &params.front());
- return jsgraph_->graph()->NewNode(op, params_node, node0, node0,
- jsgraph_->UndefinedConstant(),
- call->jsfunction(), call->frame_state());
+ return jsgraph_->graph()->NewNode(
+ op, params_node, node0, node0, jsgraph_->UndefinedConstant(),
+ call->jsfunction(), call->frame_state_after());
}
@@ -295,7 +300,7 @@ Reduction JSInliner::ReduceJSCallFunction(Node* node,
// TODO(turbofan): TranslatedState::GetAdaptedArguments() currently relies on
// not inlining recursive functions. We might want to relax that at some
// point.
- for (Node* frame_state = call.frame_state();
+ for (Node* frame_state = call.frame_state_after();
frame_state->opcode() == IrOpcode::kFrameState;
frame_state = frame_state->InputAt(kFrameStateOuterStateInput)) {
FrameStateInfo const& info = OpParameter<FrameStateInfo>(frame_state);
@@ -409,29 +414,33 @@ Reduction JSInliner::ReduceJSCallFunction(Node* node,
Node* start = visitor.GetCopy(graph.start());
Node* end = visitor.GetCopy(graph.end());
- Node* frame_state = call.frame_state();
-
- // Insert argument adaptor frame if required. The callees formal parameter
- // count (i.e. value outputs of start node minus target, receiver & context)
- // have to match the number of arguments passed to the call.
- DCHECK_EQ(static_cast<int>(parameter_count),
- start->op()->ValueOutputCount() - 3);
- if (call.formal_arguments() != parameter_count) {
- frame_state = CreateArgumentsAdaptorFrameState(&call, info.shared_info());
- }
+ Node* frame_state = call.frame_state_after();
// Insert a JSConvertReceiver node for sloppy callees. Note that the context
- // passed into this node has to be the callees context (loaded above).
+ // passed into this node has to be the callees context (loaded above). Note
+ // that the frame state passed to the JSConvertReceiver must be the frame
+ // state _before_ the call; it is not necessary to fiddle with the receiver
+ // in that frame state tho, as the conversion of the receiver can be repeated
+ // any number of times, it's not observable.
if (is_sloppy(info.language_mode()) && !function->shared()->native()) {
const CallFunctionParameters& p = CallFunctionParametersOf(node->op());
Node* effect = NodeProperties::GetEffectInput(node);
Node* convert = jsgraph_->graph()->NewNode(
jsgraph_->javascript()->ConvertReceiver(p.convert_mode()),
- call.receiver(), context, frame_state, effect, start);
+ call.receiver(), context, call.frame_state_before(), effect, start);
NodeProperties::ReplaceValueInput(node, convert, 1);
NodeProperties::ReplaceEffectInput(node, convert);
}
+ // Insert argument adaptor frame if required. The callees formal parameter
+ // count (i.e. value outputs of start node minus target, receiver & context)
+ // have to match the number of arguments passed to the call.
+ DCHECK_EQ(static_cast<int>(parameter_count),
+ start->op()->ValueOutputCount() - 3);
+ if (call.formal_arguments() != parameter_count) {
+ frame_state = CreateArgumentsAdaptorFrameState(&call, info.shared_info());
+ }
+
return InlineCall(node, context, frame_state, start, end);
}
« no previous file with comments | « src/compiler/js-generic-lowering.cc ('k') | src/compiler/js-typed-lowering.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698