[es6] Properly handle the case when an inlined getter/setter/constructor does a tail call.

src/deoptimizer.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/deoptimizer.h"
 
 #include "src/accessors.h"
 #include "src/ast/prettyprinter.h"
 #include "src/codegen.h"
 #include "src/disasm.h"
@@ skipping 950 matching lines @@
       value = output_[frame_index - 1]->GetConstantPool();
     }
     output_frame->SetCallerConstantPool(output_offset, value);
     DebugPrintOutputSlot(value, frame_index, output_offset,
                          "caller's constant_pool\n");
   }
 
   // For the bottommost output frame the context can be gotten from the input
   // frame. For all subsequent output frames it can be gotten from the function
   // so long as we don't inline functions that need local contexts.
-  Register context_reg = JavaScriptFrame::context_register();
   output_offset -= kPointerSize;
 
   TranslatedFrame::iterator context_pos = value_iterator;
   int context_input_index = input_index;
   // When deoptimizing into a catch block, we need to take the context
   // from just above the top of the operand stack (we push the context
   // at the entry of the try block).
   if (goto_catch_handler) {
     for (unsigned i = 0; i < height + 1; ++i) {
       context_pos++;
       context_input_index++;
     }
   }
   // Read the context from the translations.
   Object* context = context_pos->GetRawValue();
   if (context == isolate_->heap()->undefined_value()) {
     // If the context was optimized away, just use the context from
     // the activation. This should only apply to Crankshaft code.
     CHECK(!compiled_code_->is_turbofanned());
     context = is_bottommost ? reinterpret_cast<Object*>(input_frame_context_)
                             : function->context();
   }
   value = reinterpret_cast<intptr_t>(context);
   output_frame->SetContext(value);
-  if (is_topmost) output_frame->SetRegister(context_reg.code(), value);
+  if (is_topmost) {
+    Register context_reg = JavaScriptFrame::context_register();
+    output_frame->SetRegister(context_reg.code(), value);
+  }
   WriteValueToOutput(context, context_input_index, frame_index, output_offset,
                      "context    ");
   if (context == isolate_->heap()->arguments_marker()) {
     Address output_address =
         reinterpret_cast<Address>(output_[frame_index]->GetTop()) +
         output_offset;
     values_to_materialize_.push_back({output_address, context_pos});
   }
   value_iterator++;
   input_index++;
@@ skipping 479 matching lines @@
            new_caller_frame_top);
   }
   caller_frame_top_ = new_caller_frame_top;
   caller_fp_ = adaptor_caller_fp;
   caller_pc_ = adaptor_caller_pc;
 }
 
 void Deoptimizer::DoComputeConstructStubFrame(TranslatedFrame* translated_frame,
                                               int frame_index) {
   TranslatedFrame::iterator value_iterator = translated_frame->begin();
+  bool is_topmost = (output_count_ - 1 == frame_index);

[Jarin, 2016/05/06 10:40:17]

As far as I understand, is_topmost is set only if this deopt is a lazy deopt
where the top of the stack was tail-call-optimized away. If you agree, could you
possibly add a comment to that effect and insert a CHECK that this is a lazy
deopt.

Edit: Actually, now I see that you have this comment at the end of this method -
could you bring it here? (Perhaps with the CHECK?)

[Igor Sheludko, 2016/05/06 11:56:05]

Done.

   int input_index = 0;
 
   Builtins* builtins = isolate_->builtins();
   Code* construct_stub = builtins->builtin(Builtins::kJSConstructStubGeneric);
   unsigned height = translated_frame->height();
   unsigned height_in_bytes = height * kPointerSize;
+
+  // If the construct frame appears to be topmost we should ensure that the
+  // value of result register is preserved during continuation execution.
+  // We do this here by "pushing" the result of the constructor function to the
+  // top of the reconstructed stack and then using the
+  // FullCodeGenerator::TOS_REG machinery.
+  if (is_topmost) {
+    height_in_bytes += kPointerSize;
+  }
+
   // Skip function.
   value_iterator++;
   input_index++;
   if (trace_scope_ != NULL) {
     PrintF(trace_scope_->file(),
            "  translating construct stub => height=%d\n", height_in_bytes);
   }
 
   unsigned fixed_frame_size = ConstructFrameConstants::kFixedFrameSize;
   unsigned output_frame_size = height_in_bytes + fixed_frame_size;
 
   // Allocate and store the output frame description.
   FrameDescription* output_frame =
       new (output_frame_size) FrameDescription(output_frame_size);
   output_frame->SetFrameType(StackFrame::CONSTRUCT);
 
-  // Construct stub can not be topmost or bottommost.
-  DCHECK(frame_index > 0 && frame_index < output_count_ - 1);
+  // Construct stub can not be topmost.
+  DCHECK(frame_index > 0 && frame_index < output_count_);
   DCHECK(output_[frame_index] == NULL);
   output_[frame_index] = output_frame;
 
   // The top address of the frame is computed from the previous frame's top and
   // this frame's size.
   intptr_t top_address;
   top_address = output_[frame_index - 1]->GetTop() - output_frame_size;
   output_frame->SetTop(top_address);
 
   // Compute the incoming parameter translation.
@@ skipping 14 matching lines @@
   intptr_t callers_pc = output_[frame_index - 1]->GetPc();
   output_frame->SetCallerPc(output_offset, callers_pc);
   DebugPrintOutputSlot(callers_pc, frame_index, output_offset, "caller's pc\n");
 
   // Read caller's FP from the previous frame, and set this frame's FP.
   output_offset -= kFPOnStackSize;
   intptr_t value = output_[frame_index - 1]->GetFp();
   output_frame->SetCallerFp(output_offset, value);
   intptr_t fp_value = top_address + output_offset;
   output_frame->SetFp(fp_value);
+  if (is_topmost) {
+    Register fp_reg = JavaScriptFrame::fp_register();
+    output_frame->SetRegister(fp_reg.code(), fp_value);
+  }
   DebugPrintOutputSlot(value, frame_index, output_offset, "caller's fp\n");
 
   if (FLAG_enable_embedded_constant_pool) {
     // Read the caller's constant pool from the previous frame.
     output_offset -= kPointerSize;
     value = output_[frame_index - 1]->GetConstantPool();
     output_frame->SetCallerConstantPool(output_offset, value);
     DebugPrintOutputSlot(value, frame_index, output_offset,
                          "caller's constant_pool\n");
   }
 
   // A marker value is used to mark the frame.
   output_offset -= kPointerSize;
   value = reinterpret_cast<intptr_t>(Smi::FromInt(StackFrame::CONSTRUCT));
   output_frame->SetFrameSlot(output_offset, value);
   DebugPrintOutputSlot(value, frame_index, output_offset,
                        "typed frame marker\n");
 
   // The context can be gotten from the previous frame.
   output_offset -= kPointerSize;
   value = output_[frame_index - 1]->GetContext();
   output_frame->SetFrameSlot(output_offset, value);
+  if (is_topmost) {
+    Register context_reg = JavaScriptFrame::context_register();
+    output_frame->SetRegister(context_reg.code(), value);
+  }
   DebugPrintOutputSlot(value, frame_index, output_offset, "context\n");
 
   // The allocation site.
   output_offset -= kPointerSize;
   value = reinterpret_cast<intptr_t>(isolate_->heap()->undefined_value());
   output_frame->SetFrameSlot(output_offset, value);
   DebugPrintOutputSlot(value, frame_index, output_offset, "allocation site\n");
 
   // Number of incoming arguments.
   output_offset -= kPointerSize;
   value = reinterpret_cast<intptr_t>(Smi::FromInt(height - 1));
   output_frame->SetFrameSlot(output_offset, value);
   DebugPrintOutputSlot(value, frame_index, output_offset, "argc ");
   if (trace_scope_ != nullptr) {
     PrintF(trace_scope_->file(), "(%d)\n", height - 1);
   }
 
   // The newly allocated object was passed as receiver in the artificial
   // constructor stub environment created by HEnvironment::CopyForInlining().
   output_offset -= kPointerSize;
   value = output_frame->GetFrameSlot(output_frame_size - kPointerSize);
   output_frame->SetFrameSlot(output_offset, value);
   DebugPrintOutputSlot(value, frame_index, output_offset,
                        "allocated receiver\n");
 
+  if (is_topmost) {
+    // Ensure the result is restored back when we return to the stub.
+    output_offset -= kPointerSize;
+    Register result_reg = FullCodeGenerator::result_register();
+    value = input_->GetRegister(result_reg.code());
+    output_frame->SetFrameSlot(output_offset, value);
+    DebugPrintOutputSlot(value, frame_index, output_offset,
+                         "constructor result\n");
+
+    output_frame->SetState(Smi::FromInt(FullCodeGenerator::TOS_REG));
+  } else {
+    output_frame->SetState(Smi::FromInt(FullCodeGenerator::NO_REGISTERS));

[Jarin, 2016/05/06 10:40:17]

This should not matter, no?

[Igor Sheludko, 2016/05/06 11:56:05]

Indeed. Removed.

+  }
+
   CHECK_EQ(0u, output_offset);
 
   intptr_t pc = reinterpret_cast<intptr_t>(
       construct_stub->instruction_start() +
       isolate_->heap()->construct_stub_deopt_pc_offset()->value());
   output_frame->SetPc(pc);
   if (FLAG_enable_embedded_constant_pool) {
     intptr_t constant_pool_value =
         reinterpret_cast<intptr_t>(construct_stub->constant_pool());
     output_frame->SetConstantPool(constant_pool_value);
+    if (is_topmost) {
+      Register constant_pool_reg =
+          JavaScriptFrame::constant_pool_pointer_register();
+      output_frame->SetRegister(constant_pool_reg.code(), fp_value);
+    }
+  }
+
+  // Set the continuation for the topmost frame.
+  if (is_topmost) {
+    // The construct frame could become topmost only if we inlined a constructor
+    // call which does a tail call (otherwise the tail callee's frame would be
+    // the topmost one). So it could only be the LAZY case.
+    CHECK_EQ(LAZY, bailout_type_);
+    Builtins* builtins = isolate_->builtins();
+    Code* continuation = builtins->builtin(Builtins::kNotifyLazyDeoptimized);
+    output_frame->SetContinuation(
+        reinterpret_cast<intptr_t>(continuation->entry()));
   }
 }
 
 void Deoptimizer::DoComputeAccessorStubFrame(TranslatedFrame* translated_frame,
                                              int frame_index,
                                              bool is_setter_stub_frame) {
   TranslatedFrame::iterator value_iterator = translated_frame->begin();
+  bool is_topmost = (output_count_ - 1 == frame_index);
   int input_index = 0;
 
   // Skip accessor.
   value_iterator++;
   input_index++;
   // The receiver (and the implicit return value, if any) are expected in
   // registers by the LoadIC/StoreIC, so they don't belong to the output stack
   // frame. This means that we have to use a height of 0.
   unsigned height = 0;
   unsigned height_in_bytes = height * kPointerSize;
+
+  // If the accessor frame appears to be topmost we should ensure that the
+  // value of result register is preserved during continuation execution.
+  // We do this here by "pushing" the result of the accessor function to the
+  // top of the reconstructed stack and then using the
+  // FullCodeGenerator::TOS_REG machinery.
+  // We don't need to restore the result in case of a setter call because we
+  // have to return the stored value but not the result of the setter function.
+  bool should_preserve_result = is_topmost && !is_setter_stub_frame;
+  if (should_preserve_result) {
+    height_in_bytes += kPointerSize;
+  }
+
   const char* kind = is_setter_stub_frame ? "setter" : "getter";
   if (trace_scope_ != NULL) {
     PrintF(trace_scope_->file(),
            "  translating %s stub => height=%u\n", kind, height_in_bytes);
   }
 
   // We need 1 stack entry for the return address and enough entries for the
   // StackFrame::INTERNAL (FP, frame type, context, code object and constant
   // pool (if enabled)- see MacroAssembler::EnterFrame).
   // For a setter stub frame we need one additional entry for the implicit
   // return value, see StoreStubCompiler::CompileStoreViaSetter.
   unsigned fixed_frame_entries =
       (StandardFrameConstants::kFixedFrameSize / kPointerSize) + 1 +
       (is_setter_stub_frame ? 1 : 0);
   unsigned fixed_frame_size = fixed_frame_entries * kPointerSize;
   unsigned output_frame_size = height_in_bytes + fixed_frame_size;
 
   // Allocate and store the output frame description.
   FrameDescription* output_frame =
       new (output_frame_size) FrameDescription(output_frame_size);
   output_frame->SetFrameType(StackFrame::INTERNAL);
 
-  // A frame for an accessor stub can not be the topmost or bottommost one.
-  CHECK(frame_index > 0 && frame_index < output_count_ - 1);
+  // A frame for an accessor stub can not be bottommost.
+  CHECK(frame_index > 0 && frame_index < output_count_);
   CHECK_NULL(output_[frame_index]);
   output_[frame_index] = output_frame;
 
   // The top address of the frame is computed from the previous frame's top and
   // this frame's size.
   intptr_t top_address = output_[frame_index - 1]->GetTop() - output_frame_size;
   output_frame->SetTop(top_address);
 
   unsigned output_offset = output_frame_size;
 
   // Read caller's PC from the previous frame.
   output_offset -= kPCOnStackSize;
   intptr_t callers_pc = output_[frame_index - 1]->GetPc();
   output_frame->SetCallerPc(output_offset, callers_pc);
   DebugPrintOutputSlot(callers_pc, frame_index, output_offset, "caller's pc\n");
 
   // Read caller's FP from the previous frame, and set this frame's FP.
   output_offset -= kFPOnStackSize;
   intptr_t value = output_[frame_index - 1]->GetFp();
   output_frame->SetCallerFp(output_offset, value);
   intptr_t fp_value = top_address + output_offset;
   output_frame->SetFp(fp_value);
+  if (is_topmost) {
+    Register fp_reg = JavaScriptFrame::fp_register();
+    output_frame->SetRegister(fp_reg.code(), fp_value);
+  }
   DebugPrintOutputSlot(value, frame_index, output_offset, "caller's fp\n");
 
   if (FLAG_enable_embedded_constant_pool) {
     // Read the caller's constant pool from the previous frame.
     output_offset -= kPointerSize;
     value = output_[frame_index - 1]->GetConstantPool();
     output_frame->SetCallerConstantPool(output_offset, value);
     DebugPrintOutputSlot(value, frame_index, output_offset,
                          "caller's constant_pool\n");
   }
@@ skipping 14 matching lines @@
       Builtins::kLoadIC_Getter_ForDeopt;
   Code* accessor_stub = isolate_->builtins()->builtin(name);
   value = reinterpret_cast<intptr_t>(accessor_stub);
   output_frame->SetFrameSlot(output_offset, value);
   DebugPrintOutputSlot(value, frame_index, output_offset, "code object\n");
 
   // The context can be gotten from the previous frame.
   output_offset -= kPointerSize;
   value = output_[frame_index - 1]->GetContext();
   output_frame->SetFrameSlot(output_offset, value);
+  if (is_topmost) {
+    Register context_reg = JavaScriptFrame::context_register();
+    output_frame->SetRegister(context_reg.code(), value);
+  }
   DebugPrintOutputSlot(value, frame_index, output_offset, "context\n");
 
   // Skip receiver.
   value_iterator++;
   input_index++;
 
   if (is_setter_stub_frame) {
     // The implicit return value was part of the artificial setter stub
     // environment.
     output_offset -= kPointerSize;
     WriteTranslatedValueToOutput(&value_iterator, &input_index, frame_index,
                                  output_offset);
   }
 
+  if (should_preserve_result) {
+    // Ensure the result is restored back when we return to the stub.
+    output_offset -= kPointerSize;
+    Register result_reg = FullCodeGenerator::result_register();
+    value = input_->GetRegister(result_reg.code());
+    output_frame->SetFrameSlot(output_offset, value);
+    DebugPrintOutputSlot(value, frame_index, output_offset,
+                         "accessor result\n");
+
+    output_frame->SetState(Smi::FromInt(FullCodeGenerator::TOS_REG));
+  } else {
+    output_frame->SetState(Smi::FromInt(FullCodeGenerator::NO_REGISTERS));
+  }
+
   CHECK_EQ(0u, output_offset);
 
   Smi* offset = is_setter_stub_frame ?
       isolate_->heap()->setter_stub_deopt_pc_offset() :
       isolate_->heap()->getter_stub_deopt_pc_offset();
   intptr_t pc = reinterpret_cast<intptr_t>(
       accessor_stub->instruction_start() + offset->value());
   output_frame->SetPc(pc);
   if (FLAG_enable_embedded_constant_pool) {
     intptr_t constant_pool_value =
         reinterpret_cast<intptr_t>(accessor_stub->constant_pool());
     output_frame->SetConstantPool(constant_pool_value);
+    if (is_topmost) {
+      Register constant_pool_reg =
+          JavaScriptFrame::constant_pool_pointer_register();
+      output_frame->SetRegister(constant_pool_reg.code(), fp_value);
+    }
+  }
+
+  // Set the continuation for the topmost frame.
+  if (is_topmost) {
+    // The accessor frame could become topmost only if we inlined an accessor
+    // call which does a tail call (otherwise the tail callee's frame would be
+    // the topmost one). So it could only be the LAZY case.
+    CHECK_EQ(LAZY, bailout_type_);
+    Builtins* builtins = isolate_->builtins();
+    Code* continuation = builtins->builtin(Builtins::kNotifyLazyDeoptimized);
+    output_frame->SetContinuation(
+        reinterpret_cast<intptr_t>(continuation->entry()));
   }
 }
 
 void Deoptimizer::DoComputeCompiledStubFrame(TranslatedFrame* translated_frame,
                                              int frame_index) {
   //
   //               FROM                                  TO
   //    |          ....           |          |          ....           |
   //    +-------------------------+          +-------------------------+
   //    | JSFunction continuation |          | JSFunction continuation |
@@ skipping 2067 matching lines @@
       CHECK(value_info->IsMaterializedObject());
 
       value_info->value_ =
           Handle<Object>(previously_materialized_objects->get(i), isolate_);
     }
   }
 }
 
 }  // namespace internal
 }  // namespace v8