Commit 85517653 authored by mstarzinger's avatar mstarzinger Committed by Commit bot

[compiler] Sidestep optimizing of generator resumers.

This ensures our optimizing compilers as well as the interpreter are
never tasked with compiling the generator-resuming builtin methods. The
corresponding intrinsics for those methods are not supported and it is
not possible to provide a C++ reference implementation for them. We do
this by assigning builtin function ids to them that we can recognize
during the compiler dispatch.

Note that this also affects the interpreter, because methods having a
builtin function id assigned are not interpreted ({function_data} field
is overlapping). If this ever changes we can still do an early check in
the compiler dispatch (similar to the optimizing compilers) easily.

This applies to the following methods:
- Generator.prototype.next (calls Runtime_GeneratorNext).
- Generator.prototype.return (calls Runtime_GeneratorReturn).
- Generator.prototype.throw (calls Runtime_GeneratorThrow).

R=neis@chromium.org
BUG=v8:4681
LOG=n

Review URL: https://codereview.chromium.org/1779123003

Cr-Commit-Position: refs/heads/master@{#34675}
parent daea0e75
......@@ -89,6 +89,7 @@ namespace internal {
"The function_data field should be a BytecodeArray on interpreter entry") \
V(kGeneratedCodeIsTooLarge, "Generated code is too large") \
V(kGeneratorFailedToResume, "Generator failed to resume") \
V(kGeneratorResumeMethod, "Generator resume method is being called") \
V(kGenerator, "Generator") \
V(kGlobalFunctionsMustHaveInitialMap, \
"Global functions must have initial map") \
......
......@@ -2745,6 +2745,37 @@ bool Genesis::InstallNatives(GlobalContextType context_type) {
InstallBuiltinFunctionIds();
// Also install builtin function ids to some generator object methods. These
// three methods use the three resume operations (Runtime_GeneratorNext,
// Runtime_GeneratorReturn, Runtime_GeneratorThrow) respectively. Those
// operations are not supported by Crankshaft, TurboFan, nor Ignition.
{
Handle<JSObject> generator_object_prototype(JSObject::cast(
native_context()->generator_object_prototype_map()->prototype()));
{ // GeneratorObject.prototype.next
Handle<String> key = factory()->next_string();
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectNext);
}
{ // GeneratorObject.prototype.return
Handle<String> key = factory()->NewStringFromAsciiChecked("return");
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectReturn);
}
{ // GeneratorObject.prototype.throw
Handle<String> key = factory()->throw_string();
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectThrow);
}
}
// Create a map for accessor property descriptors (a variant of JSObject
// that predefines four properties get, set, configurable and enumerable).
{
......
......@@ -383,6 +383,14 @@ OptimizedCompileJob::Status OptimizedCompileJob::CreateGraph() {
return AbortOptimization(kFunctionBeingDebugged);
}
// Resuming a suspended frame is not supported by Crankshaft/TurboFan.
if (info()->shared_info()->HasBuiltinFunctionId() &&
(info()->shared_info()->builtin_function_id() == kGeneratorObjectNext ||
info()->shared_info()->builtin_function_id() == kGeneratorObjectReturn ||
info()->shared_info()->builtin_function_id() == kGeneratorObjectThrow)) {
return AbortOptimization(kGeneratorResumeMethod);
}
// Limit the number of times we try to optimize functions.
const int kMaxOptCount =
FLAG_deopt_every_n_times == 0 ? FLAG_max_opt_count : 1000;
......
......@@ -2568,22 +2568,12 @@ void AstGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
return VisitCallJSRuntime(expr);
}
const Runtime::Function* function = expr->function();
// TODO(mstarzinger): This bailout is a gigantic hack, the owner is ashamed.
if (function->function_id == Runtime::kInlineGeneratorNext ||
function->function_id == Runtime::kInlineGeneratorReturn ||
function->function_id == Runtime::kInlineGeneratorThrow) {
ast_context()->ProduceValue(jsgraph()->TheHoleConstant());
return SetStackOverflow();
}
// Evaluate all arguments to the runtime call.
ZoneList<Expression*>* args = expr->arguments();
VisitForValues(args);
// Create node to perform the runtime call.
Runtime::FunctionId functionId = function->function_id;
Runtime::FunctionId functionId = expr->function()->function_id;
const Operator* call = javascript()->CallRuntime(functionId, args->length());
FrameStateBeforeAndAfter states(this, expr->CallId());
Node* value = ProcessArguments(call, args->length());
......
......@@ -6622,6 +6622,9 @@ class Script: public Struct {
enum BuiltinFunctionId {
kArrayCode,
kGeneratorObjectNext,
kGeneratorObjectReturn,
kGeneratorObjectThrow,
#define DECLARE_FUNCTION_ID(ignored1, ignore2, name) \
k##name,
FUNCTIONS_WITH_ID_LIST(DECLARE_FUNCTION_ID)
......
......@@ -203,26 +203,23 @@ RUNTIME_FUNCTION(Runtime_GeneratorGetSourcePosition) {
return isolate->heap()->undefined_value();
}
// Optimization for the following three functions is disabled in
// js/generator.js and compiler/ast-graph-builder.cc.
// Optimization for builtins calling any of the following three functions is
// disabled in js/generator.js and compiler.cc, hence they are unreachable.
RUNTIME_FUNCTION(Runtime_GeneratorNext) {
UNREACHABLE();
return nullptr;
}
RUNTIME_FUNCTION(Runtime_GeneratorReturn) {
UNREACHABLE();
return nullptr;
}
RUNTIME_FUNCTION(Runtime_GeneratorThrow) {
UNREACHABLE();
return nullptr;
}
} // namespace internal
} // namespace v8
......@@ -767,7 +767,6 @@
'debug-allscopes-on-debugger': [FAIL],
'debug-return-value': [FAIL],
'es6/debug-stepnext-for': [FAIL],
'es6/debug-stepin-generators': [FAIL],
'es6/debug-stepin-string-template': [FAIL],
'es6/debug-promises/stepin-constructor': [FAIL],
'harmony/debug-stepin-proxies': [FAIL],
......@@ -799,38 +798,18 @@
'regress/regress-crbug-424142': [SKIP],
# TODO(rmcilroy,4681): Requires support for generators.
'messages': [FAIL],
'es6/array-from': [FAIL],
'regress-3225': [FAIL],
'es6/classes-subclass-builtins': [FAIL],
'es6/computed-property-names-classes': [FAIL],
'es6/computed-property-names-object-literals-methods': [FAIL],
'es6/generators-poisoned-properties': [FAIL],
'es6/generators-runtime': [FAIL],
'es6/generators-parsing': [FAIL],
'es6/generators-iteration': [FAIL],
'es6/generators-states': [FAIL],
'es6/iteration-semantics': [FAIL],
'es6/generators-mirror': [FAIL],
'es6/object-literals-method': [FAIL],
'es6/object-literals-super': [FAIL],
'es6/generators-relocation': [FAIL],
'es6/spread-array': [FAIL],
'es6/generators-debug-liveedit': [FAIL],
'es6/spread-call': [FAIL],
'es6/typedarray-from': [FAIL],
'es6/typedarray': [FAIL],
'es6/regress/regress-2681': [FAIL],
'es6/regress/regress-2691': [FAIL],
'es6/regress/regress-3280': [FAIL],
'harmony/destructuring-assignment': [FAIL],
'harmony/function-sent': [FAIL],
'harmony/destructuring': [FAIL],
'harmony/regress/regress-4482': [FAIL],
'harmony/generators': [FAIL],
'harmony/iterator-close': [FAIL],
'harmony/reflect-construct': [FAIL],
'es6/promises': [FAIL],
# TODO(mythria, 4780): Related to type feedback for calls in interpreter.
'array-literal-feedback': [FAIL],
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment