• Jakob Linke's avatar
    Reland "[maglev] Deopt on overflow in >>>" · 178f2eeb
    Jakob Linke authored
    This is a reland of commit 24e60017
    
    The reland changes %ClearFunctionFeedback to clear *all* feedback
    slot kinds including binary/compare/for-in slots. In the tests we
    thus no longer have to resort to tricks to restore the function to
    it's initial state, instead simply call %ClearFunctionFeedback.
    
    Original change's description:
    > [maglev] Deopt on overflow in >>>
    >
    > Re-enable the int32 fast path for ShiftRightLogical, but account for
    > Maglev's missing signed/unsigned representation tracking by a)
    > removing rhs==0 as the identity value (a shift by 0 is still a
    > signed-unsigned conversion) and b) deoptimizing if the result cannot
    > be converted to a non-negative smi.
    >
    > Note this is not a deopt loop, since a non-smi result will change the
    > feedback to kSignedSmallInputs (from kSignedSmall).
    >
    > To fix this properly, we should track signed/unsigned representations
    > and convert the result to a heap number if it doesn't fit within smi
    > range.
    >
    > Bug: v8:7700
    > Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f
    > Fixed: v8:13251
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366
    > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
    > Commit-Queue: Jakob Linke <jgruber@chromium.org>
    > Cr-Commit-Position: refs/heads/main@{#83025}
    
    Bug: v8:7700
    Change-Id: I2f607a0fb863b80e8589c9c1e86ee31fbac48c25
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879491
    Auto-Submit: Jakob Linke <jgruber@chromium.org>
    Commit-Queue: Jakob Linke <jgruber@chromium.org>
    Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#83057}
    178f2eeb
js-function.cc 54.4 KB