[turbofan] Make context deoptmizable

Escape analysis will eliminate the context, if possible. Materialization must then ensure that the materialized object has the right map, and that the context register is set accordingly. R=jarin@chromium.org BUG=569530,v8:4586 LOG=n Review URL: https://codereview.chromium.org/1572293002 Cr-Commit-Position: refs/heads/master@{#33201}

[turbofan] Make context deoptmizable
Escape analysis will eliminate the context, if possible. Materialization must then ensure that the materialized object has the right map, and that the context register is set accordingly. R=jarin@chromium.org BUG=569530,v8:4586 LOG=n Review URL: https://codereview.chromium.org/1572293002 Cr-Commit-Position: refs/heads/master@{#33201}
b5a34b3d · sigurds · Commit bot · e5492724 · b5a34b3d · b5a34b3d
Commit b5a34b3d authored Jan 11, 2016 by sigurds Committed by Commit bot Jan 11, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 2 deletions

deoptimizer.cc src/deoptimizer.cc +11 -2

runtime-compiler.cc src/runtime/runtime-compiler.cc +5 -0

No files found.
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -947,8 +947,6 @@ void Deoptimizer::DoComputeJSFrame(int frame_index) {
  input_offset -= kPointerSize;
  // Read the context from the translations.
  Object* context = value_iterator->GetRawValue();
-  // The context should not be a placeholder for a materialized object.
-  CHECK(context != isolate_->heap()->arguments_marker());
  if (context == isolate_->heap()->undefined_value()) {
    // If the context was optimized away, just use the context from
    // the activation. This should only apply to Crankshaft code.
@@ -963,6 +961,12 @@ void Deoptimizer::DoComputeJSFrame(int frame_index) {
  if (is_topmost) output_frame->SetRegister(context_reg.code(), value);
  WriteValueToOutput(context, input_index, frame_index, output_offset,
                     "context    ");
+  if (context == isolate_->heap()->arguments_marker()) {
+    Address output_address =
+        reinterpret_cast<Address>(output_[frame_index]->GetTop()) +
+        output_offset;
+    values_to_materialize_.push_back({output_address, value_iterator});
+  }
  value_iterator++;
  input_index++;

@@ -3492,6 +3496,10 @@ Handle<Object> TranslatedState::MaterializeAt(int frame_index,
          CHECK(lengthObject->ToInt32(&length));
          Handle<FixedArray> object =
              isolate_->factory()->NewFixedArray(length);
+          // We need to set the map, because the fixed array we are
+          // materializing could be a context or an arguments object,
+          // in which case we must retain that information.
+          object->set_map(*map);
          slot->value_ = object;
          for (int i = 0; i < length; ++i) {
            Handle<Object> value = MaterializeAt(frame_index, value_index);
@@ -3500,6 +3508,7 @@ Handle<Object> TranslatedState::MaterializeAt(int frame_index,
          return object;
        }
        case FIXED_DOUBLE_ARRAY_TYPE: {
+          DCHECK_EQ(*map, isolate_->heap()->fixed_double_array_map());
          Handle<Object> lengthObject = MaterializeAt(frame_index, value_index);
          int32_t length = 0;
          CHECK(lengthObject->ToInt32(&length));

--- a/src/runtime/runtime-compiler.cc
+++ b/src/runtime/runtime-compiler.cc
@@ -151,6 +151,11 @@ RUNTIME_FUNCTION(Runtime_NotifyDeoptimized) {
  RUNTIME_ASSERT(frame->function()->IsJSFunction());
  DCHECK(frame->function() == *function);

+  // Ensure the context register is updated for materialized objects.
+  JavaScriptFrameIterator top_it(isolate);
+  JavaScriptFrame* top_frame = top_it.frame();
+  isolate->set_context(Context::cast(top_frame->context()));
+
  if (type == Deoptimizer::LAZY) {
    return isolate->heap()->undefined_value();
  }