VectorICs: recreate feedback vector if scoping changes on recompile.

author mvstanton <mvstanton@chromium.org>

Tue, 14 Apr 2015 12:31:33 +0000 (05:31 -0700)

committer Commit bot <commit-bot@chromium.org>

Tue, 14 Apr 2015 12:31:31 +0000 (12:31 +0000)
author mvstanton <mvstanton@chromium.org>
Tue, 14 Apr 2015 12:31:33 +0000 (05:31 -0700)
committer Commit bot <commit-bot@chromium.org>
Tue, 14 Apr 2015 12:31:31 +0000 (12:31 +0000)
diff --git a/src/compiler.cc b/src/compiler.cc

index 00a2282..f2a3a32 100644 (file)
--- a/src/compiler.cc
+++ b/src/compiler.cc
@@ -251,7 +251,8 @@ bool CompilationInfo::ShouldSelfOptimize() {
  
  
  void CompilationInfo::EnsureFeedbackVector() {
-  if (feedback_vector_.is_null()) {
+  if (feedback_vector_.is_null() ||
+      feedback_vector_->SpecDiffersFrom(function()->feedback_vector_spec())) {
      feedback_vector_ = isolate()->factory()->NewTypeFeedbackVector(
          function()->feedback_vector_spec());
    }
diff --git a/src/type-feedback-vector.cc b/src/type-feedback-vector.cc

index 1455063..efefbff 100644 (file)
--- a/src/type-feedback-vector.cc
+++ b/src/type-feedback-vector.cc
@@ -137,6 +137,22 @@ Handle<TypeFeedbackVector> TypeFeedbackVector::Copy(
  }
  
  
+bool TypeFeedbackVector::SpecDiffersFrom(
+    const ZoneFeedbackVectorSpec* other_spec) const {
+  if (other_spec->slots() != Slots() || other_spec->ic_slots() != ICSlots()) {
+    return true;
+  }
+
+  int ic_slots = ICSlots();
+  for (int i = 0; i < ic_slots; i++) {
+    if (GetKind(FeedbackVectorICSlot(i)) != other_spec->GetKind(i)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+
  // This logic is copied from
  // StaticMarkingVisitor<StaticVisitor>::VisitCodeTarget.
  static bool ClearLogic(Heap* heap) {
diff --git a/src/type-feedback-vector.h b/src/type-feedback-vector.h

index 9ba5ef4..2040a0a 100644 (file)
--- a/src/type-feedback-vector.h
+++ b/src/type-feedback-vector.h
@@ -134,6 +134,8 @@ class TypeFeedbackVector : public FixedArray {
  
    inline int ic_metadata_length() const;
  
+  bool SpecDiffersFrom(const ZoneFeedbackVectorSpec* other_spec) const;
+
    int Slots() const {
      if (length() == 0) return 0;
      return Max(
diff --git a/test/mjsunit/regress/regress-476488.js b/test/mjsunit/regress/regress-476488.js

new file mode 100644 (file)

index 0000000..2db6819
--- /dev/null
+++ b/test/mjsunit/regress/regress-476488.js
@@ -0,0 +1,15 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --always-opt --expose-gc
+
+function __f_0(message, a) {
+  eval(), message;
+  (function blue() {
+    'use strict';
+    eval(), eval(), message;
+    gc();
+  })();
+}
+__f_0();
author	mvstanton <mvstanton@chromium.org>
	Tue, 14 Apr 2015 12:31:33 +0000 (05:31 -0700)
committer	Commit bot <commit-bot@chromium.org>
	Tue, 14 Apr 2015 12:31:31 +0000 (12:31 +0000)
src/compiler.cc		patch \| blob \| history
src/type-feedback-vector.cc		patch \| blob \| history
src/type-feedback-vector.h		patch \| blob \| history
test/mjsunit/regress/regress-476488.js	[new file with mode: 0644]	patch \| blob