src/compiler/js-native-context-specialization.cc - Issue 2890363002: Fix deoptmization of inlined TF InstanceOf to call ToBoolean

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/compiler/js-native-context-specialization.cc

Issue 2890363002: Fix deoptmization of inlined TF InstanceOf to call ToBoolean (Closed)

Patch Set: Review feedback Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: src/compiler/js-native-context-specialization.cc

diff --git a/src/compiler/js-native-context-specialization.cc b/src/compiler/js-native-context-specialization.cc

index 73db511256be08708d6c70feebc2610c56e57861..43e19ab1fca0d9b9050aad6a5beff83db8a72439 100644

--- a/src/compiler/js-native-context-specialization.cc

+++ b/src/compiler/js-native-context-specialization.cc

@@ -175,6 +175,7 @@ Reduction JSNativeContextSpecialization::ReduceJSInstanceOf(Node* node) {

Node* constructor = NodeProperties::GetValueInput(node, 1);

Node* context = NodeProperties::GetContextInput(node);

Node* effect = NodeProperties::GetEffectInput(node);

+ Node* frame_state = NodeProperties::GetFrameStateInput(node);

Node* control = NodeProperties::GetControlInput(node);

// Check if the right hand side is a known {receiver}.

@@ -244,11 +245,22 @@ Reduction JSNativeContextSpecialization::ReduceJSInstanceOf(Node* node) {

effect = BuildCheckMaps(constructor, effect, control,

access_info.receiver_maps());

+ // Create a nested frame state inside the current method's most-recent frame

+ // state that will ensure that deopts that happen after this point will not

+ // fallback to the last Checkpoint--which would completely re-execute the

+ // instanceof logic--but rather create an activation of a version of the

+ // ToBoolean stub that finishes the remaining work of instanceof and returns

+ // to the caller without duplicating side-effects upon a lazy deopt.

+ Node* continuation_frame_state = CreateStubBuiltinContinuationFrameState(

+ jsgraph(), Builtins::kToBooleanLazyDeoptContinuation, context, nullptr,

+ 0, frame_state, ContinuationFrameStateMode::LAZY);

// Call the @@hasInstance handler.

Node* target = jsgraph()->Constant(constant);

node->InsertInput(graph()->zone(), 0, target);

node->ReplaceInput(1, constructor);

node->ReplaceInput(2, object);

+ node->ReplaceInput(4, continuation_frame_state);

node->ReplaceInput(5, effect);

NodeProperties::ChangeOp(

node, javascript()->Call(3, CallFrequency(), VectorSlotPair(),

« no previous file with comments | « src/compiler/frame-states.cc ('k') | src/deoptimizer.cc » ('j') | no next file with comments »