Commit 2f36a518 authored by yangguo@chromium.org's avatar yangguo@chromium.org

MIPS: Avoid handle dereference during graph optimization.

Port r13475 (0076e1ee)

Original commit message:
With parallel recompilation enabled, objects made accessible by handles may
have changed between graph construction and graph optimization. Therefore
we must not assume that information on those objects remain the same between
those two phases. To police this, we forbid handle dereferencing during
graph optimization.
Exceptions to this rule are:
 - Dereferencing the handle to obtain the raw location of the object. This
   is safe since parallel recompilation acquires RelocationLock
 - Some places that dereference the handle for a type check. These are checked
   to be safe on a case-by-case basis.

BUG=
TEST=

Review URL: https://chromiumcodereview.appspot.com/12049037
Patch from Akos Palfi <palfia@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 3fcbb8f1
...@@ -796,8 +796,7 @@ void LCodeGen::DeoptimizeIf(Condition cc, ...@@ -796,8 +796,7 @@ void LCodeGen::DeoptimizeIf(Condition cc,
ASSERT(FLAG_deopt_every_n_times < 2); // Other values not supported on MIPS. ASSERT(FLAG_deopt_every_n_times < 2); // Other values not supported on MIPS.
if (FLAG_deopt_every_n_times == 1 && if (FLAG_deopt_every_n_times == 1 && info_->opt_count() == id) {
info_->shared_info()->opt_count() == id) {
__ Jump(entry, RelocInfo::RUNTIME_ENTRY); __ Jump(entry, RelocInfo::RUNTIME_ENTRY);
return; return;
} }
...@@ -4208,8 +4207,8 @@ void LCodeGen::DoTransitionElementsKind(LTransitionElementsKind* instr) { ...@@ -4208,8 +4207,8 @@ void LCodeGen::DoTransitionElementsKind(LTransitionElementsKind* instr) {
Handle<Map> from_map = instr->original_map(); Handle<Map> from_map = instr->original_map();
Handle<Map> to_map = instr->transitioned_map(); Handle<Map> to_map = instr->transitioned_map();
ElementsKind from_kind = from_map->elements_kind(); ElementsKind from_kind = instr->from_kind();
ElementsKind to_kind = to_map->elements_kind(); ElementsKind to_kind = instr->to_kind();
__ mov(ToRegister(instr->result()), object_reg); __ mov(ToRegister(instr->result()), object_reg);
......
...@@ -2005,9 +2005,7 @@ LInstruction* LChunkBuilder::DoStoreKeyedGeneric(HStoreKeyedGeneric* instr) { ...@@ -2005,9 +2005,7 @@ LInstruction* LChunkBuilder::DoStoreKeyedGeneric(HStoreKeyedGeneric* instr) {
LInstruction* LChunkBuilder::DoTransitionElementsKind( LInstruction* LChunkBuilder::DoTransitionElementsKind(
HTransitionElementsKind* instr) { HTransitionElementsKind* instr) {
ElementsKind from_kind = instr->original_map()->elements_kind(); if (IsSimpleMapChangeTransition(instr->from_kind(), instr->to_kind())) {
ElementsKind to_kind = instr->transitioned_map()->elements_kind();
if (IsSimpleMapChangeTransition(from_kind, to_kind)) {
LOperand* object = UseRegister(instr->object()); LOperand* object = UseRegister(instr->object());
LOperand* new_map_reg = TempRegister(); LOperand* new_map_reg = TempRegister();
LTransitionElementsKind* result = LTransitionElementsKind* result =
...@@ -2262,8 +2260,8 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { ...@@ -2262,8 +2260,8 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) {
instr->arguments_count(), instr->arguments_count(),
instr->function(), instr->function(),
undefined, undefined,
instr->call_kind(), instr->inlining_kind(),
instr->inlining_kind()); instr->undefined_receiver());
if (instr->arguments_var() != NULL) { if (instr->arguments_var() != NULL) {
inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject());
} }
......
...@@ -2018,6 +2018,8 @@ class LTransitionElementsKind: public LTemplateInstruction<1, 1, 2> { ...@@ -2018,6 +2018,8 @@ class LTransitionElementsKind: public LTemplateInstruction<1, 1, 2> {
Handle<Map> original_map() { return hydrogen()->original_map(); } Handle<Map> original_map() { return hydrogen()->original_map(); }
Handle<Map> transitioned_map() { return hydrogen()->transitioned_map(); } Handle<Map> transitioned_map() { return hydrogen()->transitioned_map(); }
ElementsKind from_kind() { return hydrogen()->from_kind(); }
ElementsKind to_kind() { return hydrogen()->to_kind(); }
}; };
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment