[deoptimizer] Set FP correctly for Builtin Continuation Frames

This CL ensures that the frame pointer register is set to the innermost frame for builtin continuations. To make this work, this CL contains a temporary fix for NotifyDeoptimized, which needs to skip these frames in order to obtain a valid JavaScript context. Bug: v8:7584, v8:7639 Change-Id: I8ea318e5441950fdf45d909e1f3ee649daf38dca Reviewed-on: https://chromium-review.googlesource.com/1001899Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52479}

[deoptimizer] Set FP correctly for Builtin Continuation Frames
This CL ensures that the frame pointer register is set to the innermost frame for builtin continuations. To make this work, this CL contains a temporary fix for NotifyDeoptimized, which needs to skip these frames in order to obtain a valid JavaScript context. Bug: v8:7584, v8:7639 Change-Id: I8ea318e5441950fdf45d909e1f3ee649daf38dca Reviewed-on: https://chromium-review.googlesource.com/1001899Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52479}
7e0aae9b · Sigurd Schneider · Commit Bot · 4fdafecf · 7e0aae9b · 7e0aae9b
Commit 7e0aae9b authored Apr 09, 2018 by Sigurd Schneider Committed by Commit Bot Apr 09, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

deoptimizer.cc src/deoptimizer.cc +2 -2

runtime-compiler.cc src/runtime/runtime-compiler.cc +8 -0

No files found.
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -1674,7 +1674,7 @@ void Deoptimizer::DoComputeBuiltinContinuation(
    value = output_[frame_index - 1]->GetFp();
  }
  output_frame->SetCallerFp(output_frame_offset, value);
-  intptr_t fp_value = top_address + output_frame_offset;
+  const intptr_t fp_value = top_address + output_frame_offset;
  output_frame->SetFp(fp_value);
  DebugPrintOutputSlot(value, frame_index, output_frame_offset,
                       "caller's fp\n");
@@ -1796,7 +1796,7 @@ void Deoptimizer::DoComputeBuiltinContinuation(
  // Ensure the frame pointer register points to the callee's frame. The builtin
  // will build its own frame once we continue to it.
  Register fp_reg = JavaScriptFrame::fp_register();
-  output_frame->SetRegister(fp_reg.code(), output_[frame_index - 1]->GetFp());
+  output_frame->SetRegister(fp_reg.code(), fp_value);

  Code* continue_to_builtin = isolate()->builtins()->builtin(
      TrampolineForBuiltinContinuation(mode, must_handle_result));

--- a/src/runtime/runtime-compiler.cc
+++ b/src/runtime/runtime-compiler.cc
@@ -166,6 +166,14 @@ RUNTIME_FUNCTION(Runtime_NotifyDeoptimized) {
  // Ensure the context register is updated for materialized objects.
  JavaScriptFrameIterator top_it(isolate);
  JavaScriptFrame* top_frame = top_it.frame();
+  // TODO(7639): We currently don't have a valid context in
+  // JavaScriptBuiltinContinuationFrames; skip them and use the
+  // parent's context instead.
+  if (top_frame->is_java_script_builtin_continuation() ||
+      top_frame->is_java_script_builtin_with_catch_continuation()) {
+    top_it.Advance();
+    top_frame = top_it.frame();
+  }
  isolate->set_context(Context::cast(top_frame->context()));

  // Invalidate the underlying optimized code on non-lazy deopts.