From 2f36a518723d3ec9172af98f74a8aeccb99da726 Mon Sep 17 00:00:00 2001 From: "yangguo@chromium.org" Date: Wed, 23 Jan 2013 15:25:28 +0000 Subject: [PATCH] MIPS: Avoid handle dereference during graph optimization. Port r13475 (0076e1ee) Original commit message: With parallel recompilation enabled, objects made accessible by handles may have changed between graph construction and graph optimization. Therefore we must not assume that information on those objects remain the same between those two phases. To police this, we forbid handle dereferencing during graph optimization. Exceptions to this rule are: - Dereferencing the handle to obtain the raw location of the object. This is safe since parallel recompilation acquires RelocationLock - Some places that dereference the handle for a type check. These are checked to be safe on a case-by-case basis. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/12049037 Patch from Akos Palfi . git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/mips/lithium-codegen-mips.cc | 7 +++---- src/mips/lithium-mips.cc | 8 +++----- src/mips/lithium-mips.h | 2 ++ 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/mips/lithium-codegen-mips.cc b/src/mips/lithium-codegen-mips.cc index 054ca15..79f48d9 100644 --- a/src/mips/lithium-codegen-mips.cc +++ b/src/mips/lithium-codegen-mips.cc @@ -796,8 +796,7 @@ void LCodeGen::DeoptimizeIf(Condition cc, ASSERT(FLAG_deopt_every_n_times < 2); // Other values not supported on MIPS. - if (FLAG_deopt_every_n_times == 1 && - info_->shared_info()->opt_count() == id) { + if (FLAG_deopt_every_n_times == 1 && info_->opt_count() == id) { __ Jump(entry, RelocInfo::RUNTIME_ENTRY); return; } @@ -4208,8 +4207,8 @@ void LCodeGen::DoTransitionElementsKind(LTransitionElementsKind* instr) { Handle from_map = instr->original_map(); Handle to_map = instr->transitioned_map(); - ElementsKind from_kind = from_map->elements_kind(); - ElementsKind to_kind = to_map->elements_kind(); + ElementsKind from_kind = instr->from_kind(); + ElementsKind to_kind = instr->to_kind(); __ mov(ToRegister(instr->result()), object_reg); diff --git a/src/mips/lithium-mips.cc b/src/mips/lithium-mips.cc index 4d9603e..736890e 100644 --- a/src/mips/lithium-mips.cc +++ b/src/mips/lithium-mips.cc @@ -2005,9 +2005,7 @@ LInstruction* LChunkBuilder::DoStoreKeyedGeneric(HStoreKeyedGeneric* instr) { LInstruction* LChunkBuilder::DoTransitionElementsKind( HTransitionElementsKind* instr) { - ElementsKind from_kind = instr->original_map()->elements_kind(); - ElementsKind to_kind = instr->transitioned_map()->elements_kind(); - if (IsSimpleMapChangeTransition(from_kind, to_kind)) { + if (IsSimpleMapChangeTransition(instr->from_kind(), instr->to_kind())) { LOperand* object = UseRegister(instr->object()); LOperand* new_map_reg = TempRegister(); LTransitionElementsKind* result = @@ -2262,8 +2260,8 @@ LInstruction* LChunkBuilder::DoEnterInlined(HEnterInlined* instr) { instr->arguments_count(), instr->function(), undefined, - instr->call_kind(), - instr->inlining_kind()); + instr->inlining_kind(), + instr->undefined_receiver()); if (instr->arguments_var() != NULL) { inner->Bind(instr->arguments_var(), graph()->GetArgumentsObject()); } diff --git a/src/mips/lithium-mips.h b/src/mips/lithium-mips.h index fb24632..45754aa 100644 --- a/src/mips/lithium-mips.h +++ b/src/mips/lithium-mips.h @@ -2018,6 +2018,8 @@ class LTransitionElementsKind: public LTemplateInstruction<1, 1, 2> { Handle original_map() { return hydrogen()->original_map(); } Handle transitioned_map() { return hydrogen()->transitioned_map(); } + ElementsKind from_kind() { return hydrogen()->from_kind(); } + ElementsKind to_kind() { return hydrogen()->to_kind(); } }; -- 2.7.4