Commit Graph

990 Commits

Author SHA1 Message Date
kmillikin@chromium.org
2662624988 Refactor inlined functions to avoid using subgraphs.
Function inlining no longer uses subgraphs.  We detect inlining in an
effect context and avoid materializing a return value earlier than we
did before.

Review URL: http://codereview.chromium.org/6635012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7080 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 15:42:23 +00:00
kmillikin@chromium.org
5c6b3ae6c6 Fix presubmit errors.
TBR=whesse

Review URL: http://codereview.chromium.org/6627049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7075 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 12:08:51 +00:00
kmillikin@chromium.org
c3172a6b7e Refactor polymorphic load and inline function graph construction.
Change the way we construct the graph for polymorphic loads to match that of
polymorphic stores.

Introduce a stack-allocated helper for saving and restoring all the
function-specific graph builder state that needs to change when we begin
translating an inlined function.  Make this class authoritative by moving
redundant state out of the builder and deferring to the current function's
state.

Ensure that we always print a tracing message when abandoning an inlining
attempt.

Review URL: http://codereview.chromium.org/6628012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7074 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-07 11:52:36 +00:00
fschneider@chromium.org
ff6190946c Reorganize code for range analysis and suppress unnecessary debug printing of unknown ranges.
Review URL: http://codereview.chromium.org/6611020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7060 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 12:09:54 +00:00
kmillikin@chromium.org
36f63b8476 Change the translation of polymorphic stores.
They do not use subgraphs or subgraph scopes.  Instead of computing a list
of single-block subgraphs and then adding all the edges afterward, build
both the blocks and edges directly.

Review URL: http://codereview.chromium.org/6615014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7058 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-04 10:07:43 +00:00
fschneider@chromium.org
db9e6dcd86 Mark HChange that convert to int32 with truncation with the appropiate flag.
Before we would compute the flag by iterating over all uses. The truncating 
flag is always determined at construction time since we already computed
the flag for all other instructions before inserting HChange instructions.

 
Review URL: http://codereview.chromium.org/6615012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7047 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-03 13:50:16 +00:00
kmillikin@chromium.org
84aceb526a Refactor translation of short-circuit logical operations to avoid subgraphs.
Do not use a subgraph or subgraph scope for the Hydrogen translation
of the short-circuit logical operations.

Review URL: http://codereview.chromium.org/6615010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7045 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-03 13:02:56 +00:00
kmillikin@chromium.org
d6a041b8f9 Remove some more uses of subgraphs and more cleanup of the graph builder.
Do not use subgraphs to implement the translation of simple branching
control flow, for the function body entry, or for labeled blocks.

Combine all the loop construction functions into a single one.

Resolve a possible problem with duplicate AST IDs used both for joined loop
break blocks, the normal loop exit, and for their common successor, by never
introducing the extra (successor) block and instead making the normal loop
exit a predecessor of the break join block.  There is a similar issue with
joined continue blocks.

Remove a (never needed) two-element zone list per each time we replace one
hydrogen value with another.

Review URL: http://codereview.chromium.org/6604002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-02 14:09:59 +00:00
kmillikin@chromium.org
043a876e93 Translate loops without using subgraphs.
Build all loop graphs without using class HSubgraph.  This also eliminates a
silly goto for the update expression of a for loop.

Support for peeling loops is removed because it's currently untested.

Review URL: http://codereview.chromium.org/6602031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-02 11:09:25 +00:00
kmillikin@chromium.org
6b1530ea6d Fix a stack height mismatch when deoptimizing.
When deoptimizing from the key subexpression of a keyed arguments access,
the unoptimized code expects to find the value of the receiver on the
expression stack.  The environment of the optimizing compiler did not
contain this value during evaluation of the key subexpression.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-03-01 09:32:45 +00:00
kmillikin@chromium.org
ee2659d4e6 Remove all functionality from class HSubgraph.
Move the member functions of HSubgraph to HGraphBuilder.

Review URL: http://codereview.chromium.org/6573006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-28 08:52:00 +00:00
lrn@chromium.org
485f4ea0d9 Clear exceptions set during attempts to lazily optimize.
Resubmit of patch for issue 1145 with a few additions:
- Now also clears exceptions when calling Runtime_LazyRecompile.
- Sets function where parsing fails to not be optimizable.

BUG=v8:1145
TEST=test/mjsunit/regress/regress-1145.js

Review URL: http://codereview.chromium.org/6469050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-25 11:17:31 +00:00
fschneider@chromium.org
bdcf0ec270 Fix debug tracing of live ranges and remove unused code.
When printing the sub-parts of a live range, only print the use intervals
belonging to each part.

Add a flag to print all use positions (incl. environment uses)


Review URL: http://codereview.chromium.org/6566005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-23 15:25:04 +00:00
kmillikin@chromium.org
791c9e2c21 Remove most uses of HSubgraph as an argument.
In a lot of cases where we were passing a subgraph (a pair of basic blocks),
we actually only needed a basic block.

Review URL: http://codereview.chromium.org/6570006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-23 11:59:18 +00:00
fschneider@chromium.org
288b4fb8f4 HIR refactoring.
Review URL: http://codereview.chromium.org/6538080

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6910 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-23 11:19:50 +00:00
rossberg@chromium.org
3af35dc96f Optimize functions needing a local context.
Allocate the context in the prologue. Two issues had to be solved:
(1) deoptimization needs to handle functions with a local context,
(2) we need a safepoint in the prologue.
(Thanks to Kevin.)

Review URL: http://codereview.chromium.org/6534022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6903 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 16:56:57 +00:00
mikhail.naganov@gmail.com
56788625b6 Fix CPU profiling for Crankshaft.
The main issue was due to multiple recompilations of functions.  Now
code objects are grouped by function using SFI object address.
JSFunction objects are no longer tracked, instead we track SFI object
moves. To pick a correct code version, we now sample return addresses
instead of JSFunction addresses.

tools/{linux|mac|windows}-tickprocessor scripts differentiate
between code optimization states for the same function
(using * and ~ prefixes introduced earlier).

DevTools CPU profiler treats all variants of function code as
a single function.

ll_prof treats each optimized variant as a separate entry, because
it can disassemble each one of them.

tickprocessor.py not updated -- it is deprecated and will be removed.

BUG=v8/1087,b/3178160
TEST=all existing tests pass, including Chromium layout tests

Review URL: http://codereview.chromium.org/6551011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 16:31:24 +00:00
kmillikin@chromium.org
3c02d036a8 Partial refactoring of subgraphs.
Change the interface to the Hydrogen graph builder to appear like it
directly holds a current basic block and a current environment.
Remove some direct accesses to the current subgraph, and remove
subgraph accessors that simply forwarded to the exit block.

Review URL: http://codereview.chromium.org/6532088

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6887 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 10:32:16 +00:00
kmillikin@chromium.org
14e185b31b Change the translation of break/continue into Hydrogen.
Resolve break and continue when we see them, rather then deferring
them until later.

Review URL: http://codereview.chromium.org/6541060

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6878 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 08:40:10 +00:00
kmillikin@chromium.org
663da3df40 Fix presubmit failure.
TBR=ager@chromium.org

Review URL: http://codereview.chromium.org/6552001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6877 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 06:41:32 +00:00
kmillikin@chromium.org
c1386c3381 Shorten live ranges for arguments to runtime calls.
Before, the live ranges of the arguments extended to the call itself, and
they were pushed immediately before the call.  Now, they are spilled eagerly
as soon as their value is available and they are spilled to the right place.

The inlined runtime calls in the optimized backend are changed to work as in
all the other backends: they get their arguments untranslated and can choose
their own custom evaluation order.

Review URL: http://codereview.chromium.org/6526047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6876 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-22 06:25:01 +00:00
kmillikin@chromium.org
b02107284a Fix incorrect deoptimization for logical not in an effect context.
The baseline compiler does not materialize a value for expressions of
the form !expr in an effect context so the graph translation should
not produce such an environment, otherwise we risk targeting it by
deoptimization.

BUG=v8:1167

Review URL: http://codereview.chromium.org/6537018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 13:05:49 +00:00
kmillikin@chromium.org
82cdd48b2f Fix a bug in deoptimization after logical expressions in an effect context.
When deoptimizing to after an expression of the form (expr0 || expr1)
or (expr0 && expr1) in an effect context, the unoptimized code could
incorrectly see the value of the expression.

Handle the short-circuit binary operators specially in effect contexts.
This fixes the issue and will generate better code when the left
subexpression is boolean-valued.

BUG=v8:1166

Review URL: http://codereview.chromium.org/6519046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-17 11:06:50 +00:00
danno@chromium.org
181bdc5f06 Fix syntax error, feel sheepish.
Review URL: http://codereview.chromium.org/6525052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 13:59:26 +00:00
danno@chromium.org
e8c012c99a Fix presubmit problem.
Review URL: http://codereview.chromium.org/6526048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 13:52:46 +00:00
danno@chromium.org
12b4e0efe7 Implement crankshaft support for pixel array stores.
Review URL: http://codereview.chromium.org/6528013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 13:31:12 +00:00
karlklose@chromium.org
7de60ef84d ARM: Implement GetCachedArrayIndex in the lithium code generator.
Add GetCachedArrayIndex to the Hydrogen instruction set and implement GetCachedArrayIndex in the lithium code generator. The x64 and ia32 code generators implementations abort in the chunk builder.

Review URL: http://codereview.chromium.org/6499014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-16 08:21:45 +00:00
rossberg@chromium.org
ae8c5defbc Enable compound assignment to context slots.
Review URL: http://codereview.chromium.org/6523025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 16:37:40 +00:00
kmillikin@chromium.org
f2e38c6276 Refactor construction of polymorphic loads, stores, and calls.
Rather than passing in a pair of unequal-length lists, pass the default
subgraph separately.  Construct the typecase from the top down rather than
the bottom up, so it doesn't need an intermediate zone list.

Also, change a basic block's 'last' instruction field to really be its last
instruction by correctly updating it when inserting and removing
instructions.

Review URL: http://codereview.chromium.org/6516016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6783 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-15 07:58:04 +00:00
fschneider@chromium.org
9bbb257b02 Small cleanup of unused code in hydrogen IR.
Review URL: http://codereview.chromium.org/6513008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-14 09:23:26 +00:00
fschneider@chromium.org
56f6cbbeae Revert r6748.
I'm seeing some crashes after this change which I need to investigate.

Review URL: http://codereview.chromium.org/6486033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6755 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 14:34:02 +00:00
antonm@chromium.org
e96c24bf03 Properly treat exceptions thrown while compiling.
BUG=v8:1132
TEST=test/mjsunit/regress/regress-1132.js

Review URL: http://codereview.chromium.org/6487021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 14:26:56 +00:00
kmillikin@chromium.org
3ef7ca6c28 Remove the uses of the arguments from all calls.
Before, Hydrogen call instructions had uses of the PushArgument instructions
for their arguments.  These operands were unneeded, bloated the IR, and
caused calls to be the only Hydrogen instructions with an unpredictable
number of operands.

Now, PushArgument is a pure side-effecting instruction that has no uses.

Review URL: http://codereview.chromium.org/6480030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 13:20:06 +00:00
fschneider@chromium.org
bbba0dbd61 Add a genuine unary minus instruction to Crankshaft.
This change introduces an instruction for negation instead
of generating a multiplication with -1.

The code for x64 and ARM is not included in this change.


Review URL: http://codereview.chromium.org/6461021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6748 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 12:56:30 +00:00
kmillikin@chromium.org
2e08148b06 Fix the semantics of delete on parameters.
Before, an attempt to delete a parameter in a function that used the
arguments object in any way would succeed with true and delete both
the parameter and the corresponding arguments object property.

Now, an attempt to delete such a parameter does not delete and
evaluates to false.

Parameters can be deleted, as before, from functions that use the
arguments object, by deleting the corresponding arguments object
property (this is a spec violation).

BUG=fixes v8:1136

Review URL: http://codereview.chromium.org/6484023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-11 11:57:11 +00:00
danno@chromium.org
1bd9f602be Implement crankshaft support for pixel array loads.
Review URL: http://codereview.chromium.org/6410112

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 12:02:36 +00:00
kmillikin@chromium.org
c0fd053982 Fix a representation change bug in the Hydrogen graph construction.
We could try to treat an HPhi as an HInstruction because the code did
not properly handle the case of a phi in a block with itself as one of
the predecessors.

BUG=v8:1134

Review URL: http://codereview.chromium.org/6471020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 10:28:59 +00:00
kmillikin@chromium.org
e88f25f6dc Insert a space to please our presubmit overlords.
Review URL: http://codereview.chromium.org/6480027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 09:16:33 +00:00
kmillikin@chromium.org
ebebcae4c2 Allow esi to be an allocatable register on IA32.
Make esi available to the register allocator rather than dedicating it
permanently to the context.

The context is still passed in register esi to JavaScript and to the runtime
as part of the calling convention.  Because some stubs might end up calling
JS or the runtime, it is also conservatively passed to stubs.

Roughly half the calls have been modified to use the context as an input
value in fixed register esi.  The other half are marked as calls or deferred
code so esi is spilled and can be explicitly set.

It is no longer necessary to restore the context to esi after a call that
might change it.

Review URL: http://codereview.chromium.org/6452001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-10 09:00:50 +00:00
kmillikin@chromium.org
991a1cae12 Fix an assertion failure in stack trace construction.
When constructing stack traces we interpret the deoptimization data for
optimized frames to find the receiver value.  This value could sometimes be
eliminated from the deoptimization data if we though it was unused.

BUG=v8:1118

Review URL: http://codereview.chromium.org/6465023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6694 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-09 11:45:50 +00:00
whesse@chromium.org
39c855bd48 Bailout from crankshaft if a global property is found in the prototype chain of the global object, not on the global object itself.
Review URL: http://codereview.chromium.org/6449002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6678 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 13:28:09 +00:00
vegorov@chromium.org
76cf30d9c8 Support %_IsConstructCall in the Crankshaft pipeline.
Provide special case for f.bind(obj).

Review URL: http://codereview.chromium.org/6368138

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6671 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-08 10:08:47 +00:00
kmillikin@chromium.org
97ccdd1e99 Introduce a hydrogen value for contexts, support context slot assignment.
Each context in the context chain has a corresponding hydrogen value.
The context values are used for global object lookup and context slot
lookup.  Add simple (non-compound) assignment to context slots.

Review URL: http://codereview.chromium.org/6390003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-03 13:10:28 +00:00
kmillikin@chromium.org
f1149734fc Partial fix for V8 issue 1079.
Record a safepoint with a deoptimization id for throw in optimized code.  We
don't seem to much care what the AST ID is because we will not be using it
for lazy deoptimization (throw doesn't return to the point of throw).  For
hygiene we use the actual ID of the throw expression.  Throw is no longer a
control-flow instruction, but it's followed by an unconditional abnormal
exit.  This is required to insert a simulate between the throw and the exit.

Make our optimized treatment of Function.prototype.apply act like a call and
have side effects.  This ensures that it will get a lazy deoptimization
environment.  Use that deoptimization ID in the safepoint for the call.

Deleting a property was also missing a deoptimization ID, though there was a
deoptimization environment assigned to the instruction.  Record the
environment and use the deoptimization ID at the safepoint.

Review URL: http://codereview.chromium.org/6250105

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-02-02 13:55:29 +00:00
fschneider@chromium.org
4e7ddab6dc Fix a bug in the placement of minus-zero checks and in GVN.
1. The placement of checks for negative zero has to be computed after
all conversion instructions have been inserted. I separated the code
into its own phase.

2. GVN need to take instruction flags into account when comparing
instructions for redundancy.

Review URL: http://codereview.chromium.org/6260035

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6534 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-31 12:36:54 +00:00
fschneider@chromium.org
d82332ebb7 Cleanup unused code from the type oracle.
Review URL: http://codereview.chromium.org/6135004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6514 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-27 14:04:07 +00:00
ager@chromium.org
dc61921bbf Fix reintroduction of global variables that have been deleted.
Deletion of global properties puts 'the hole' in the global property
cell and updates the property details in the property dictionary with
the information that the property has been deleted. When setting
global properties that have been deleted in generated code we just
store the new value in the global property cell. This does not update
the property details in the property dictionary. Therefore, it looks
like the property is not there eventhough it was just reintroduced.

Perform 'the hole' checks in generated code for global property stores
and bail out of ICs and optimized code if storing to a property cell
that contains 'the hole'.

Review URL: http://codereview.chromium.org/6306014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-27 08:35:39 +00:00
kmillikin@chromium.org
09e967b38f Use more detailed compilation info for inlined functions.
Construct the statically-known compilation info for inlined functions using
the target closure (which knows about its scope chain) and not from the
shared function info (which doesn't).

Review URL: http://codereview.chromium.org/6397004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-26 17:30:22 +00:00
kmillikin@chromium.org
97f09782fa Disable all code motion on the final optimization attempt.
Before, we disabled code motion for check instructions on the final
optimization attempt.  It is unsafe to prevent movement of check
instructions but to allow movement of instructions that assume the checks
were performed.

Review URL: http://codereview.chromium.org/6378012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6485 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-26 10:25:43 +00:00
vitalyr@chromium.org
76483f871b Support StringLength in hydrogen (similar to ArrayLength).
To avoid deopts a few extra changes were needed:

o Enable megamorphic state for special property loads on
  primitives. We used to flip between monomorphic stubs.
o Extract pure string (no string wrapper support) version of the
  string length stub.

Review URL: http://codereview.chromium.org/6334015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-25 15:51:10 +00:00
kmillikin@chromium.org
3d15b43393 Begin changing Hydrogen branch instructions.
Rename HBranch (the instruction that coerces an arbitrary HValue to
control flow) to HTest to free up the term Branch to refer to any
control instruction with two successors.

Change the virtual FirstSuccessor and SecondSuccessor functions on
control instructions to a pair of data members.

Review URL: http://codereview.chromium.org/6366002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6417 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:56:34 +00:00
fschneider@chromium.org
89e74000a0 Use typefeedback for bitwise operations.
Add a generic tagged version for all bitwise operation that
invoke the generic stub. This allows us to perform generic
bitwise operations (i.e. on non-integers) without deoptimizing.

Review URL: http://codereview.chromium.org/6366006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6416 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-20 12:47:22 +00:00
vitalyr@chromium.org
b4ff318e4b Support StringCharCodeAt in hydrogen/lithium.
This patch adds H- and L-variants of StringCharCodeAt and StringLength.

StringCharCodeAt is used to inline a constant function call of
String.prototype.charCodeAt and to implement the corresponding inline
runtime function. It does not yet use the recently introduced extra IC
state. (We can specialize on string encoding and avoid deopts because
of out of bounds accesses.)

StringLength needs more work because the stub version of it also
supports strings wrappers and it matters in some cases. (We have to
separate the string only case.)

Review URL: http://codereview.chromium.org/6243008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6408 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-19 20:05:22 +00:00
vitalyr@chromium.org
c919bb7d4a Disable aggressive optimizations on the last optimization attempt.
Only has effect on the loop invariant code motion and Check instructions
for now.

Review URL: http://codereview.chromium.org/6321007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6363 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-18 13:43:48 +00:00
antonm@chromium.org
fae90d4f32 Make closures optimizable by Crankshaft compiler.
Currently only closures which only read from the context are supported.

Review URL: http://codereview.chromium.org/5753005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-17 08:11:03 +00:00
vitalyr@chromium.org
ac9b035a45 Expose receiver check type in call type feedback.
This a preparatory step to support fast function calls on primitive
values. Not really used yet in hydrogen.

Review URL: http://codereview.chromium.org/6263001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-13 14:16:08 +00:00
vitalyr@chromium.org
9e204dd5df Simplify CheckPrototypeMaps.
This instruction only depends on the prototype and the holder and can
completely ignore the receiver and its map.

This change also fixes a small bug on arm where a cell was loaded
instead of the prototype from new space.

Review URL: http://codereview.chromium.org/6094020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6290 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-13 00:34:08 +00:00
fschneider@chromium.org
b85538bc16 Introduce two more template parameter for Lithium instructions for input and temp operands.
Each LInstruction is now a subclass of LTemplateInstruction<R, I, T>

where R is number of outputs, I number of inputs and T number of temps.

This change only actually uses the parameter I for input operands. 
Since the parameter T for temps is 0, it incurs no extra cost. 

A separate change will introduce using the temps parameter.

Review URL: http://codereview.chromium.org/6215002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-11 15:47:34 +00:00
kmillikin@chromium.org
32254e5324 Change the hydrogen timing data to include zone allocation.
Review URL: http://codereview.chromium.org/6190002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-10 14:16:47 +00:00
fschneider@chromium.org
bfecc95694 Revert r6194: Clean up code for type feedback a bit.
This causes a big performance regression. I'll investigate.

Review URL: http://codereview.chromium.org/6172001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6217 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-07 10:36:27 +00:00
fschneider@chromium.org
35533bee36 Clean up code for type feedback a bit.
Remove unused functions and parameters and remove the parts of the
code that mention the old GenericBinaryOpStub. It is not used together
with Crankshaft and replaced with TypeRecordingBinaryOpStub.


Review URL: http://codereview.chromium.org/6075012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-06 10:10:26 +00:00
kmillikin@chromium.org
9a096e643a Fix an bug in deoptimization after polymorphic calls in effect contexts.
For polymorphic calls (also loads and stores) we construct a type switch
graph that has a basic block merging all the variants.  There is an
environment simulation before the goto at the end of all the predecessor
blocks.  This simulation is used to define the environment on entry to the
successor block, and captures the return value of the call.  In effect
contexts, this value should not be present in the environment.

The fix is to use the AST context to decide whether to have this value in
the join node's environment at all.

BUG=1014

Review URL: http://codereview.chromium.org/6065014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-06 07:38:19 +00:00
sgjesse@chromium.org
7311e10fdb Optimize instanceof further
If the instance of is performed against what is beliwed to be a constant global function inline the instance of check and have the call to the instanceof stub in deferred code. The inlined check will be patched by the instanceof stub when called from deferred code. This is indicated by the lithium instruction LInstanceOfKnownGlobal.

To help the patching the delta from the return address to the patch site is placed just below the return address in the edi slot of the pushad/popad ares. This is safe because the edi register (which is pushed last) is a temporary for the lithium instruction.

As the instanceof stub can call other JavaScript an additional marking for saving all double registers have been added.

Also tweaked the instanceof stub to produce true/false objects instead of 0/1 for the case with deferred code.
Review URL: http://codereview.chromium.org/5990005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6173 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-05 11:17:37 +00:00
kmillikin@chromium.org
c1fd8bcf60 Fix a bug in deoptimization environments.
The function HEnvironment::SetExpressionStackAt did not update the
environment's history.  This function is used to patch the bailout
environment for count operations and global function calls.

Reorganize class HEnvironment to make it fit V8's style a bit better
and to try to add some sanity to which C++ functions are intended to
be inlined.

Remove the flag --trace-environment which merely duplicated data in
the hydrogen.cfg file except without enough context to be useful.

BUG=1004

Review URL: http://codereview.chromium.org/5992011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-01-03 16:57:46 +00:00
fschneider@chromium.org
0a128e5ae7 Optimize array-length and fast element loads.
1. Separating out the instance-type check from the array-length operation.

2. I also changed the bounds-check on keyed loads to use the length property
for JS arrays (like we do for array stores).

The new pattern should use less registers and allow more checks to be eliminated.

Review URL: http://codereview.chromium.org/5961016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-30 19:30:42 +00:00
vitalyr@chromium.org
c5916f552f Support load function prototype in hydrogen/lithium.
Review URL: http://codereview.chromium.org/6009005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6112 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-22 15:43:32 +00:00
kmillikin@chromium.org
7171df741a Fix for issue 1007.
The Hydrogen environment only tracks values for stack-allocated variables.
It is a precondition of HEnvironment::Lookup(variable) that variable is
stack-allocated.  The check was missing at one call site.

Review URL: http://codereview.chromium.org/6034004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-21 11:21:04 +00:00
whesse@chromium.org
5656d64ece Add untagged double versions of Math.sin and Math.cos. Merge classes TranscendentalCacheStub and TranscendentalCacheSSE2Stub.
Review URL: http://codereview.chromium.org/5996002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-20 13:52:14 +00:00
fschneider@chromium.org
7cc61e6973 Fix GVN for polymorphic loads.
They must not be hoisted above the compare-map-and-branch.

Review URL: http://codereview.chromium.org/5971003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6082 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-20 13:18:47 +00:00
fschneider@chromium.org
6cc0310a72 Mark map-transition stores as map-changing instructions.
This prevents code motion from hoisting map-checks across such stores
which may result in unnecessary deoptimizations.

In the following example program we would move a map-check from the inner loop out before the outer loop which is not desirable:

function f() {
  var o = {};
  var j = 0;
  o.a = 1;
  do {
    o.b = 6;  // Map transition
    for (var i=0; i<10; i++) {
       o.a = o.b + i;
    }
  } while(++j < 1) {}
}

for (var i = 0; i < 1000000; i++) f();


Review URL: http://codereview.chromium.org/5991001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-17 13:44:19 +00:00
vitalyr@chromium.org
2ba48c0a45 Support loading constant functions in hydrogen.
Review URL: http://codereview.chromium.org/5878004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 22:30:53 +00:00
fschneider@chromium.org
73737fcdb6 Fix bugs in the range analysis for integers.
The overflow conditions were not correctly detected for 
certain add, sub and mul instructions.

I replaced the previous code by using 64-bit arithmetic
to correctly identify overflows for *, + and -.

Review URL: http://codereview.chromium.org/5860009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6055 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 18:01:36 +00:00
kmillikin@chromium.org
4f231f59b4 Fix an issue discovered in regress-969.
When running with 10 stress runs we get polymorphic stores.  This revealed
an incorrect bailout ID for the state following a polymorphic store.  The ID
should be the internal ID of the assignment side-effect, not the ID of the
end of the expression.

Review URL: http://codereview.chromium.org/5885003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 14:18:41 +00:00
kmillikin@chromium.org
4a6ef3ee28 Fix issue 977, occasional failure of the DeltaBlue benchmark.
Before, when we deoptimized after a branch we jumped to before the branch
was taken in the unoptimized code with a token value that indicated when
edge to take.  There was a lot of machinery to track this value through the
short-circuit logical operations and logical negation, and to handle it
properly at inline function return sites.  There was also machinery to
prevent incorrectly seeing this environment with the extra value never
actually materialized in the unoptimized code.

Instead, now we deoptimize directly to one of the targets of the branch.
Much but not yet all of the extra machinery has been removed or simplified.
The cost is that branching control structures (the looping statements, if
statements, conditional expressions, and the short-circuit binary logical
operations) need extra AST IDs to identify the branch targets.

Review URL: http://codereview.chromium.org/5908001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-16 13:13:36 +00:00
vitalyr@chromium.org
7a3fd2aa52 Deoptimize non-smi switch cases if they are reached.
This way if the type oracle says an unreachable clause has a non-smi
type, we can still emit optimized code instead of doing an early
bailout.

This change depends of Florian's r5970.

Review URL: http://codereview.chromium.org/5812005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6037 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 17:11:11 +00:00
fschneider@chromium.org
c03c71a937 Emit a load of the elements array only before the first store.
This avoid emitting the load for empty and constant array literals.

Review URL: http://codereview.chromium.org/5697006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6034 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 16:12:55 +00:00
erik.corry@gmail.com
2996dca6aa Support %_IsObject in Crankshaft.
Review URL: http://codereview.chromium.org/5806001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6027 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 12:32:19 +00:00
kmillikin@chromium.org
eb7b4e347e Fix issue 979.
The issue is caused when deoptimizing to an internal AST ID in a
postfix increment or decrement operation on variable.  This could
happen for a global variable.  In that case, the optimized code was
not properly simulating an extra stack slot in the unoptimized code to
hold the original value.

Review URL: http://codereview.chromium.org/5871002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6025 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-15 11:47:05 +00:00
vitalyr@chromium.org
57e072298f Merge math function ids and custom call generator ids.
Two old id types are replaced by builtin function ids. We can use
these in the code generators to emit custom code for the selected
functions.

Review URL: http://codereview.chromium.org/5767002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6013 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 18:53:48 +00:00
whesse@chromium.org
c23c244add Reapply change 5989, adding untagged double calls to Math.pow, with problem in generated code for TranscendentalCacheSSE2Stub (unguarded SSE 4.1 code) fixed.
Review URL: http://codereview.chromium.org/5726008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-14 13:21:29 +00:00
whesse@chromium.org
fdf44a4bc7 Revert change 5989, which causes failures in some benchmarks.
Review URL: http://codereview.chromium.org/5804003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 16:34:59 +00:00
kmillikin@chromium.org
49f4c39d6d Deoptimize to the proper target after assignment side effects.
This fixes V8 issue 989.

Before, assignments used the AST ID of the assignment expression to
mark the side effect of the store, which became a target for
deoptimization bailout for code after the assignment.  In effect
contexts this environment included the value of the assignment, which
was unexpected by the unoptimized code.

Now we introduce a new assignment ID for AST node types that include
an assignment (Assignment, CountOperation, and ForInStatement) and use
it for the side effect of the store.

Review URL: http://codereview.chromium.org/5682010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 16:29:47 +00:00
whesse@chromium.org
1a008f28d5 Allow optimizing compiler to compute Math.log using untagged doubles.
Review URL: http://codereview.chromium.org/5741003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5989 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-13 14:37:19 +00:00
kmillikin@chromium.org
a695d0731e Change the HGraphBuilder to dispatch on the context.
Before, expressions didn't take advantage of knowing their context in
the AST.  Now, we use the context to decide what to do with a value at
the end of visiting an expression.

Review URL: http://codereview.chromium.org/5620007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5954 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-09 12:49:53 +00:00
whesse@chromium.org
3ef0c5dd21 Allow the optimizing code generator to call Math.pow with untagged doubles.
Review URL: http://codereview.chromium.org/5640004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5949 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-08 14:32:40 +00:00
kmillikin@chromium.org
e0d3f6afdf Be more careful about exiting inlined functions in a test context.
When falling off the end of a function inlined in a test context, we cannot
constant fold the test of undefined away. The graph builder assumes that
control flow always reaches both branches of a test.

Instead, explicitly test and branch on "undefined". Introduce a pair of
empty blocks to hold the necessary LeaveInlined instructions.

Review URL: http://codereview.chromium.org/5566005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 12:07:40 +00:00
vegorov@chromium.org
199f1e7977 Fix Win64 compilation.
Review URL: http://codereview.chromium.org/5597007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 11:53:19 +00:00
kasperl@chromium.org
90b3370374 Update V8 to version 3.0 (re-land r5920).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 11:31:57 +00:00
kasperl@chromium.org
51b494d096 Revert r5920. Will re-land shortly.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 11:01:02 +00:00
kasperl@chromium.org
e5860bd6a8 Update V8 to version 3.0.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-12-07 09:11:56 +00:00