• Georg Schmid's avatar
    Reland "Make LoadElimination aware of const fields (Part 2; stores)" · 85f257f4
    Georg Schmid authored
    This is a reland of e588ff10
    
    The only change over the original CL is found in JSCreateLowering::AllocateFastLiteral. We now guard against boilerplate values for unboxed double fields that *look* like legitimate initial values, but should really be kHoleNanInt64 instead.
    
    The underlying problem certainly existed before, but an invariant added to LoadElimination in this CL caused a Chromium layout test to fail. The change in this reland is therefore a workaround, the root cause remains to be fixed. Specifically, we find that a pointer to the undefined value oddball is sometimes reinterpreted as a double and assigned as a boilerplate value. @jarin suspects that this stems from in-place map updates.
    
    Original change's description:
    > Make LoadElimination aware of const fields (Part 2; stores)
    >
    > Adds const information to store field accesses and uses it in load elimination
    >
    > Change-Id: I00765c854c95c955dabd78557463267b95f75eef
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611543
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
    > Commit-Queue: Georg Schmid <gsps@google.com>
    > Cr-Commit-Position: refs/heads/master@{#61796}
    
    Change-Id: Ie388754890024a3ca7d10c9d4d7391442655b426
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630676Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
    Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
    Commit-Queue: Georg Schmid <gsps@google.com>
    Cr-Commit-Position: refs/heads/master@{#61838}
    85f257f4
js-heap-broker.h 29.1 KB