Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(590)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-create-lowering.cc

Issue 1978453002: [turbofan] Properly initialize mutable heap numbers in literals. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@5.1
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/compiler/js-create-lowering.h ('k') | test/mjsunit/regress/regress-crbug-610228.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/js-create-lowering.h" 5 #include "src/compiler/js-create-lowering.h"
6 6
7 #include "src/allocation-site-scopes.h" 7 #include "src/allocation-site-scopes.h"
8 #include "src/code-factory.h" 8 #include "src/code-factory.h"
9 #include "src/compilation-dependencies.h" 9 #include "src/compilation-dependencies.h"
10 #include "src/compiler/access-builder.h" 10 #include "src/compiler/access-builder.h"
(...skipping 887 matching lines...) Expand 10 before | Expand all | Expand 10 after
898 isolate()); 898 isolate());
899 if (boilerplate_value->IsJSObject()) { 899 if (boilerplate_value->IsJSObject()) {
900 Handle<JSObject> boilerplate_object = 900 Handle<JSObject> boilerplate_object =
901 Handle<JSObject>::cast(boilerplate_value); 901 Handle<JSObject>::cast(boilerplate_value);
902 Handle<AllocationSite> current_site = site_context->EnterNewScope(); 902 Handle<AllocationSite> current_site = site_context->EnterNewScope();
903 value = effect = AllocateFastLiteral(effect, control, 903 value = effect = AllocateFastLiteral(effect, control,
904 boilerplate_object, site_context); 904 boilerplate_object, site_context);
905 site_context->ExitScope(current_site, boilerplate_object); 905 site_context->ExitScope(current_site, boilerplate_object);
906 } else if (property_details.representation().IsDouble()) { 906 } else if (property_details.representation().IsDouble()) {
907 // Allocate a mutable HeapNumber box and store the value into it. 907 // Allocate a mutable HeapNumber box and store the value into it.
908 value = effect = AllocateMutableHeapNumber( 908 Callable callable = CodeFactory::AllocateMutableHeapNumber(isolate());
909 Handle<HeapNumber>::cast(boilerplate_value)->value(), 909 CallDescriptor* desc = Linkage::GetStubCallDescriptor(
910 isolate(), jsgraph()->zone(), callable.descriptor(), 0,
911 CallDescriptor::kNoFlags, Operator::kNoThrow);
912 value = effect = graph()->NewNode(
913 common()->Call(desc), jsgraph()->HeapConstant(callable.code()),
914 jsgraph()->NoContextConstant(), effect, control);
915 effect = graph()->NewNode(
916 simplified()->StoreField(AccessBuilder::ForHeapNumberValue()),
917 value, jsgraph()->Constant(
918 Handle<HeapNumber>::cast(boilerplate_value)->value()),
910 effect, control); 919 effect, control);
911 } else if (property_details.representation().IsSmi()) { 920 } else if (property_details.representation().IsSmi()) {
912 // Ensure that value is stored as smi. 921 // Ensure that value is stored as smi.
913 value = boilerplate_value->IsUninitialized() 922 value = boilerplate_value->IsUninitialized()
914 ? jsgraph()->ZeroConstant() 923 ? jsgraph()->ZeroConstant()
915 : jsgraph()->Constant(boilerplate_value); 924 : jsgraph()->Constant(boilerplate_value);
916 } else { 925 } else {
917 value = jsgraph()->Constant(boilerplate_value); 926 value = jsgraph()->Constant(boilerplate_value);
918 } 927 }
919 } 928 }
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
1021 ElementAccess const access = 1030 ElementAccess const access =
1022 (elements_map->instance_type() == FIXED_DOUBLE_ARRAY_TYPE) 1031 (elements_map->instance_type() == FIXED_DOUBLE_ARRAY_TYPE)
1023 ? AccessBuilder::ForFixedDoubleArrayElement() 1032 ? AccessBuilder::ForFixedDoubleArrayElement()
1024 : AccessBuilder::ForFixedArrayElement(); 1033 : AccessBuilder::ForFixedArrayElement();
1025 for (int i = 0; i < elements_length; ++i) { 1034 for (int i = 0; i < elements_length; ++i) {
1026 builder.Store(access, jsgraph()->Constant(i), elements_values[i]); 1035 builder.Store(access, jsgraph()->Constant(i), elements_values[i]);
1027 } 1036 }
1028 return builder.Finish(); 1037 return builder.Finish();
1029 } 1038 }
1030 1039
1031 Node* JSCreateLowering::AllocateMutableHeapNumber(double value, Node* effect,
1032 Node* control) {
1033 // TODO(turbofan): Support inline allocation of MutableHeapNumber
1034 // (requires proper alignment on Allocate, and Begin/FinishRegion).
1035 Callable callable = CodeFactory::AllocateMutableHeapNumber(isolate());
1036 CallDescriptor* desc = Linkage::GetStubCallDescriptor(
1037 isolate(), jsgraph()->zone(), callable.descriptor(), 0,
1038 CallDescriptor::kNoFlags, Operator::kNoThrow);
1039 Node* result = effect = graph()->NewNode(
1040 common()->Call(desc), jsgraph()->HeapConstant(callable.code()),
1041 jsgraph()->NoContextConstant(), effect, control);
1042 effect = graph()->NewNode(
1043 simplified()->StoreField(AccessBuilder::ForHeapNumberValue()), result,
1044 jsgraph()->Constant(value), effect, control);
1045 return result;
1046 }
1047
1048 MaybeHandle<LiteralsArray> JSCreateLowering::GetSpecializationLiterals( 1040 MaybeHandle<LiteralsArray> JSCreateLowering::GetSpecializationLiterals(
1049 Node* node) { 1041 Node* node) {
1050 Node* const closure = NodeProperties::GetValueInput(node, 0); 1042 Node* const closure = NodeProperties::GetValueInput(node, 0);
1051 switch (closure->opcode()) { 1043 switch (closure->opcode()) {
1052 case IrOpcode::kHeapConstant: { 1044 case IrOpcode::kHeapConstant: {
1053 Handle<HeapObject> object = OpParameter<Handle<HeapObject>>(closure); 1045 Handle<HeapObject> object = OpParameter<Handle<HeapObject>>(closure);
1054 return handle(Handle<JSFunction>::cast(object)->literals()); 1046 return handle(Handle<JSFunction>::cast(object)->literals());
1055 } 1047 }
1056 case IrOpcode::kParameter: { 1048 case IrOpcode::kParameter: {
1057 int const index = ParameterIndexOf(closure->op()); 1049 int const index = ParameterIndexOf(closure->op());
(...skipping 29 matching lines...) Expand all
1087 return jsgraph()->simplified(); 1079 return jsgraph()->simplified();
1088 } 1080 }
1089 1081
1090 MachineOperatorBuilder* JSCreateLowering::machine() const { 1082 MachineOperatorBuilder* JSCreateLowering::machine() const {
1091 return jsgraph()->machine(); 1083 return jsgraph()->machine();
1092 } 1084 }
1093 1085
1094 } // namespace compiler 1086 } // namespace compiler
1095 } // namespace internal 1087 } // namespace internal
1096 } // namespace v8 1088 } // namespace v8
OLDNEW
« no previous file with comments | « src/compiler/js-create-lowering.h ('k') | test/mjsunit/regress/regress-crbug-610228.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698