[turbofan] Fix loading of JSFunction from activation in case of adapter frame.

R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1026023004 Cr-Commit-Position: refs/heads/master@{#27454}

[turbofan] Fix loading of JSFunction from activation in case of adapter frame.
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1026023004 Cr-Commit-Position: refs/heads/master@{#27454}
ebc51674 · titzer · Commit bot · 918ec32d · ebc51674 · ebc51674
Commit ebc51674 authored Mar 25, 2015 by titzer Committed by Commit bot Mar 25, 2015
10 changed files
--- a/src/compiler/arm/code-generator-arm.cc
+++ b/src/compiler/arm/code-generator-arm.cc
@@ -872,6 +872,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ ldr(r1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/arm64/code-generator-arm64.cc
+++ b/src/compiler/arm64/code-generator-arm64.cc
@@ -1001,6 +1001,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ ldr(x1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/ia32/code-generator-ia32.cc
+++ b/src/compiler/ia32/code-generator-ia32.cc
@@ -1091,6 +1091,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ mov(edi, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/linkage-impl.h
+++ b/src/compiler/linkage-impl.h
@@ -57,12 +57,10 @@ class LinkageHelper {

    // The target for JS function calls is the JSFunction object.
    MachineType target_type = kMachAnyTagged;
-    // Unoptimized code doesn't preserve the JSCallFunctionReg, so expect the
-    // closure on the stack.
-    LinkageLocation target_loc =
-        is_osr ? stackloc(Linkage::kJSFunctionCallClosureParamIndex -
-                          js_parameter_count)
-               : regloc(LinkageTraits::JSCallFunctionReg());
+    // TODO(titzer): When entering into an OSR function from unoptimized code,
+    // the JSFunction is not in a register, but it is on the stack in an
+    // unaddressable spill slot. We hack this in the OSR prologue. Fix.
+    LinkageLocation target_loc = regloc(LinkageTraits::JSCallFunctionReg());
    return new (zone) CallDescriptor(     // --
        CallDescriptor::kCallJSFunction,  // kind
        target_type,                      // target MachineType

--- a/src/compiler/mips/code-generator-mips.cc
+++ b/src/compiler/mips/code-generator-mips.cc
@@ -984,6 +984,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/mips64/code-generator-mips64.cc
+++ b/src/compiler/mips64/code-generator-mips64.cc
@@ -1050,6 +1050,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ lw(a1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/ppc/code-generator-ppc.cc
+++ b/src/compiler/ppc/code-generator-ppc.cc
@@ -1221,6 +1221,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ lwa(r4, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/src/compiler/x64/code-generator-x64.cc
+++ b/src/compiler/x64/code-generator-x64.cc
@@ -1265,6 +1265,8 @@ void CodeGenerator::AssemblePrologue() {
    // remaining stack slots.
    if (FLAG_code_comments) __ RecordComment("-- OSR entrypoint --");
    osr_pc_offset_ = __ pc_offset();
+    // TODO(titzer): cannot address target function == local #-1
+    __ movq(rdi, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
    stack_slots -= frame()->GetOsrStackSlotCount();
  }

--- a/test/mjsunit/compiler/osr-literals-adapted.js
+++ b/test/mjsunit/compiler/osr-literals-adapted.js
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --use-osr --turbo-osr
+
+function mod() {
+  function f0() {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f1(a) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f2(a,b) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f3(a,b,c) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f4(a,b,c,d) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function bar() {
+    assertEquals(3, f0().blah);
+    assertEquals(3, f1().blah);
+    assertEquals(3, f2().blah);
+    assertEquals(3, f3().blah);
+    assertEquals(3, f4().blah);
+  }
+  bar();
+}
+
+
+mod();
+mod();
+mod();
--- a/test/mjsunit/compiler/osr-literals.js
+++ b/test/mjsunit/compiler/osr-literals.js
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --use-osr --turbo-osr
+
+function mod() {
+  function f0() {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f1(a) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f2(a,b) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f3(a,b,c) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function f4(a,b,c,d) {
+    for (var i = 0; i < 3; i = i + 1 | 0) {
+      %OptimizeOsr();
+    }
+    return {blah: i};
+  }
+
+  function bar() {
+    assertEquals(3, f0().blah);
+    assertEquals(3, f1(1).blah);
+    assertEquals(3, f2(1,2).blah);
+    assertEquals(3, f3(1,2,3).blah);
+    assertEquals(3, f4(1,2,3,4).blah);
+  }
+  bar();
+}
+
+
+mod();
+mod();
+mod();