Commit 85517653 authored by mstarzinger's avatar mstarzinger Committed by Commit bot

[compiler] Sidestep optimizing of generator resumers.

This ensures our optimizing compilers as well as the interpreter are
never tasked with compiling the generator-resuming builtin methods. The
corresponding intrinsics for those methods are not supported and it is
not possible to provide a C++ reference implementation for them. We do
this by assigning builtin function ids to them that we can recognize
during the compiler dispatch.

Note that this also affects the interpreter, because methods having a
builtin function id assigned are not interpreted ({function_data} field
is overlapping). If this ever changes we can still do an early check in
the compiler dispatch (similar to the optimizing compilers) easily.

This applies to the following methods:
- Generator.prototype.next (calls Runtime_GeneratorNext).
- Generator.prototype.return (calls Runtime_GeneratorReturn).
- Generator.prototype.throw (calls Runtime_GeneratorThrow).

R=neis@chromium.org
BUG=v8:4681
LOG=n

Review URL: https://codereview.chromium.org/1779123003

Cr-Commit-Position: refs/heads/master@{#34675}
parent daea0e75
...@@ -89,6 +89,7 @@ namespace internal { ...@@ -89,6 +89,7 @@ namespace internal {
"The function_data field should be a BytecodeArray on interpreter entry") \ "The function_data field should be a BytecodeArray on interpreter entry") \
V(kGeneratedCodeIsTooLarge, "Generated code is too large") \ V(kGeneratedCodeIsTooLarge, "Generated code is too large") \
V(kGeneratorFailedToResume, "Generator failed to resume") \ V(kGeneratorFailedToResume, "Generator failed to resume") \
V(kGeneratorResumeMethod, "Generator resume method is being called") \
V(kGenerator, "Generator") \ V(kGenerator, "Generator") \
V(kGlobalFunctionsMustHaveInitialMap, \ V(kGlobalFunctionsMustHaveInitialMap, \
"Global functions must have initial map") \ "Global functions must have initial map") \
......
...@@ -2745,6 +2745,37 @@ bool Genesis::InstallNatives(GlobalContextType context_type) { ...@@ -2745,6 +2745,37 @@ bool Genesis::InstallNatives(GlobalContextType context_type) {
InstallBuiltinFunctionIds(); InstallBuiltinFunctionIds();
// Also install builtin function ids to some generator object methods. These
// three methods use the three resume operations (Runtime_GeneratorNext,
// Runtime_GeneratorReturn, Runtime_GeneratorThrow) respectively. Those
// operations are not supported by Crankshaft, TurboFan, nor Ignition.
{
Handle<JSObject> generator_object_prototype(JSObject::cast(
native_context()->generator_object_prototype_map()->prototype()));
{ // GeneratorObject.prototype.next
Handle<String> key = factory()->next_string();
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectNext);
}
{ // GeneratorObject.prototype.return
Handle<String> key = factory()->NewStringFromAsciiChecked("return");
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectReturn);
}
{ // GeneratorObject.prototype.throw
Handle<String> key = factory()->throw_string();
Handle<JSFunction> function = Handle<JSFunction>::cast(
JSReceiver::GetProperty(generator_object_prototype, key)
.ToHandleChecked());
function->shared()->set_builtin_function_id(kGeneratorObjectThrow);
}
}
// Create a map for accessor property descriptors (a variant of JSObject // Create a map for accessor property descriptors (a variant of JSObject
// that predefines four properties get, set, configurable and enumerable). // that predefines four properties get, set, configurable and enumerable).
{ {
......
...@@ -383,6 +383,14 @@ OptimizedCompileJob::Status OptimizedCompileJob::CreateGraph() { ...@@ -383,6 +383,14 @@ OptimizedCompileJob::Status OptimizedCompileJob::CreateGraph() {
return AbortOptimization(kFunctionBeingDebugged); return AbortOptimization(kFunctionBeingDebugged);
} }
// Resuming a suspended frame is not supported by Crankshaft/TurboFan.
if (info()->shared_info()->HasBuiltinFunctionId() &&
(info()->shared_info()->builtin_function_id() == kGeneratorObjectNext ||
info()->shared_info()->builtin_function_id() == kGeneratorObjectReturn ||
info()->shared_info()->builtin_function_id() == kGeneratorObjectThrow)) {
return AbortOptimization(kGeneratorResumeMethod);
}
// Limit the number of times we try to optimize functions. // Limit the number of times we try to optimize functions.
const int kMaxOptCount = const int kMaxOptCount =
FLAG_deopt_every_n_times == 0 ? FLAG_max_opt_count : 1000; FLAG_deopt_every_n_times == 0 ? FLAG_max_opt_count : 1000;
......
...@@ -2568,22 +2568,12 @@ void AstGraphBuilder::VisitCallRuntime(CallRuntime* expr) { ...@@ -2568,22 +2568,12 @@ void AstGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
return VisitCallJSRuntime(expr); return VisitCallJSRuntime(expr);
} }
const Runtime::Function* function = expr->function();
// TODO(mstarzinger): This bailout is a gigantic hack, the owner is ashamed.
if (function->function_id == Runtime::kInlineGeneratorNext ||
function->function_id == Runtime::kInlineGeneratorReturn ||
function->function_id == Runtime::kInlineGeneratorThrow) {
ast_context()->ProduceValue(jsgraph()->TheHoleConstant());
return SetStackOverflow();
}
// Evaluate all arguments to the runtime call. // Evaluate all arguments to the runtime call.
ZoneList<Expression*>* args = expr->arguments(); ZoneList<Expression*>* args = expr->arguments();
VisitForValues(args); VisitForValues(args);
// Create node to perform the runtime call. // Create node to perform the runtime call.
Runtime::FunctionId functionId = function->function_id; Runtime::FunctionId functionId = expr->function()->function_id;
const Operator* call = javascript()->CallRuntime(functionId, args->length()); const Operator* call = javascript()->CallRuntime(functionId, args->length());
FrameStateBeforeAndAfter states(this, expr->CallId()); FrameStateBeforeAndAfter states(this, expr->CallId());
Node* value = ProcessArguments(call, args->length()); Node* value = ProcessArguments(call, args->length());
......
...@@ -6622,6 +6622,9 @@ class Script: public Struct { ...@@ -6622,6 +6622,9 @@ class Script: public Struct {
enum BuiltinFunctionId { enum BuiltinFunctionId {
kArrayCode, kArrayCode,
kGeneratorObjectNext,
kGeneratorObjectReturn,
kGeneratorObjectThrow,
#define DECLARE_FUNCTION_ID(ignored1, ignore2, name) \ #define DECLARE_FUNCTION_ID(ignored1, ignore2, name) \
k##name, k##name,
FUNCTIONS_WITH_ID_LIST(DECLARE_FUNCTION_ID) FUNCTIONS_WITH_ID_LIST(DECLARE_FUNCTION_ID)
......
...@@ -203,26 +203,23 @@ RUNTIME_FUNCTION(Runtime_GeneratorGetSourcePosition) { ...@@ -203,26 +203,23 @@ RUNTIME_FUNCTION(Runtime_GeneratorGetSourcePosition) {
return isolate->heap()->undefined_value(); return isolate->heap()->undefined_value();
} }
// Optimization for builtins calling any of the following three functions is
// Optimization for the following three functions is disabled in // disabled in js/generator.js and compiler.cc, hence they are unreachable.
// js/generator.js and compiler/ast-graph-builder.cc.
RUNTIME_FUNCTION(Runtime_GeneratorNext) { RUNTIME_FUNCTION(Runtime_GeneratorNext) {
UNREACHABLE(); UNREACHABLE();
return nullptr; return nullptr;
} }
RUNTIME_FUNCTION(Runtime_GeneratorReturn) { RUNTIME_FUNCTION(Runtime_GeneratorReturn) {
UNREACHABLE(); UNREACHABLE();
return nullptr; return nullptr;
} }
RUNTIME_FUNCTION(Runtime_GeneratorThrow) { RUNTIME_FUNCTION(Runtime_GeneratorThrow) {
UNREACHABLE(); UNREACHABLE();
return nullptr; return nullptr;
} }
} // namespace internal } // namespace internal
} // namespace v8 } // namespace v8
...@@ -767,7 +767,6 @@ ...@@ -767,7 +767,6 @@
'debug-allscopes-on-debugger': [FAIL], 'debug-allscopes-on-debugger': [FAIL],
'debug-return-value': [FAIL], 'debug-return-value': [FAIL],
'es6/debug-stepnext-for': [FAIL], 'es6/debug-stepnext-for': [FAIL],
'es6/debug-stepin-generators': [FAIL],
'es6/debug-stepin-string-template': [FAIL], 'es6/debug-stepin-string-template': [FAIL],
'es6/debug-promises/stepin-constructor': [FAIL], 'es6/debug-promises/stepin-constructor': [FAIL],
'harmony/debug-stepin-proxies': [FAIL], 'harmony/debug-stepin-proxies': [FAIL],
...@@ -799,38 +798,18 @@ ...@@ -799,38 +798,18 @@
'regress/regress-crbug-424142': [SKIP], 'regress/regress-crbug-424142': [SKIP],
# TODO(rmcilroy,4681): Requires support for generators. # TODO(rmcilroy,4681): Requires support for generators.
'messages': [FAIL],
'es6/array-from': [FAIL],
'regress-3225': [FAIL],
'es6/classes-subclass-builtins': [FAIL], 'es6/classes-subclass-builtins': [FAIL],
'es6/computed-property-names-classes': [FAIL],
'es6/computed-property-names-object-literals-methods': [FAIL],
'es6/generators-poisoned-properties': [FAIL],
'es6/generators-runtime': [FAIL], 'es6/generators-runtime': [FAIL],
'es6/generators-parsing': [FAIL], 'es6/generators-parsing': [FAIL],
'es6/generators-iteration': [FAIL], 'es6/generators-iteration': [FAIL],
'es6/generators-states': [FAIL], 'es6/generators-states': [FAIL],
'es6/iteration-semantics': [FAIL],
'es6/generators-mirror': [FAIL],
'es6/object-literals-method': [FAIL],
'es6/object-literals-super': [FAIL],
'es6/generators-relocation': [FAIL], 'es6/generators-relocation': [FAIL],
'es6/spread-array': [FAIL],
'es6/generators-debug-liveedit': [FAIL], 'es6/generators-debug-liveedit': [FAIL],
'es6/spread-call': [FAIL], 'es6/spread-call': [FAIL],
'es6/typedarray-from': [FAIL],
'es6/typedarray': [FAIL],
'es6/regress/regress-2681': [FAIL],
'es6/regress/regress-2691': [FAIL], 'es6/regress/regress-2691': [FAIL],
'es6/regress/regress-3280': [FAIL],
'harmony/destructuring-assignment': [FAIL], 'harmony/destructuring-assignment': [FAIL],
'harmony/function-sent': [FAIL],
'harmony/destructuring': [FAIL],
'harmony/regress/regress-4482': [FAIL], 'harmony/regress/regress-4482': [FAIL],
'harmony/generators': [FAIL],
'harmony/iterator-close': [FAIL],
'harmony/reflect-construct': [FAIL], 'harmony/reflect-construct': [FAIL],
'es6/promises': [FAIL],
# TODO(mythria, 4780): Related to type feedback for calls in interpreter. # TODO(mythria, 4780): Related to type feedback for calls in interpreter.
'array-literal-feedback': [FAIL], 'array-literal-feedback': [FAIL],
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment