• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2013 the V8 project authors. All rights reserved.
2// Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
3//
4// Redistribution and use in source and binary forms, with or without
5// modification, are permitted provided that the following conditions
6// are met:
7// 1.  Redistributions of source code must retain the above copyright
8//     notice, this list of conditions and the following disclaimer.
9// 2.  Redistributions in binary form must reproduce the above copyright
10//     notice, this list of conditions and the following disclaimer in the
11//     documentation and/or other materials provided with the distribution.
12//
13// THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY
14// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16// DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
17// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
20// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23
24description(
25"This tests that a constant folding on a node that has obviously mispredicted type doesn't send the compiler into an infinite loop."
26);
27
28// A function with an argument correctly predicted double.
29function foo(x) {
30    // Two variables holding constants such that the bytecode generation constant folder
31    // will not constant fold the division below, but the DFG constant folder will.
32    var a = 1;
33    var b = 4000;
34    // A division that is going to be predicted integer on the first compilation. The
35    // compilation will be triggered from the loop below so the slow case counter of the
36    // division will be 1, which is too low for the division to be predicted double.
37    // If we constant fold this division, we'll have a constant node that is predicted
38    // integer but that contains a double. The subsequent addition to x, which is
39    // predicted double, will lead the Fixup phase to inject an Int32ToDouble node on
40    // the constant-that-was-a-division; subsequent fases in the fixpoint will constant
41    // fold that Int32ToDouble. And hence we will have an infinite loop. The correct fix
42    // is to disable constant folding of mispredicted nodes; that allows the normal
43    // process of correcting predictions (OSR exit profiling, exiting to profiled code,
44    // and recompilation with exponential backoff) to take effect so that the next
45    // compilation does not make this same mistake.
46    var c = (a / b) + x;
47    // A pointless loop to force the first compilation to occur before the division got
48    // hot. If this loop was not here then the division would be known to produce doubles
49    // on the first compilation.
50    var d = 0;
51    for (var i = 0; i < 1000; ++i)
52        d++;
53    return c + d;
54}
55
56// Call foo() enough times to make totally sure that we optimize.
57for (var i = 0; i < 5; ++i)
58    shouldBe("foo(0.5)", "1000.50025");
59