bmeurer@chromium.org
c06d248248
Refactor fast path for empty constant strings in BinaryOp.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/143003005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18742 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 12:30:00 +00:00
mvstanton@chromium.org
1b3280c491
Revert "Add hydrogen support for ArrayPop, and remove the handwritten call stubs."
...
This reverts commit r18709, due to deopt fuzzer issue.
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/143983010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18731 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-22 10:41:23 +00:00
rossberg@chromium.org
0d906a8bdb
Zonify types in compiler frontend
...
Clean up some zone/isolate handling in AST and its visitors on the way.
(Based on https://codereview.chromium.org/103743004/ )
R=jkummerow@chromium.org , titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/102563004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18719 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 16:22:52 +00:00
verwaest@chromium.org
2d9a4eb355
Add hydrogen support for ArrayPop, and remove the handwritten call stubs.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/137783023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 12:42:24 +00:00
bmeurer@chromium.org
4bae658948
Fix invalid type assumption in GenerateNumberToString().
...
We don't have any type feedback in %_NumberToString(), so it's
a bug to assume Type::Number here.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/143893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 10:35:20 +00:00
mvstanton@chromium.org
04b1baa4c4
We no longer need to recover type cells from the oracle.
...
We only need the values within them. Function calls to Array from optimized code needed the cell in the past, but no longer.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/141893002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18682 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-20 09:48:05 +00:00
mvstanton@chromium.org
b2bea46245
Minor bugfix in building inlined Array: bad argument to JSArrayBuilder.
...
An HConstant pointing to a Cell rather than an AllocationSite
was passed. The argument wasn't used because of fortuitous
flags. An assert was added to protect the argument.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/141533003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 12:18:57 +00:00
mvstanton@chromium.org
155ef100e9
Fix logic error in assert in IsUndeclaredGlobal()
...
Recent changes in IC logic meant that CallStubs no longer use the Contextual bit. IsUndeclaredGlobal() needed to adjust for that.
In fact, now the CL has morphed to remove the notion of storing contextual state in the IC at all, it just becomes some extra ic state of the load ic. This took some adjustment in harmony code to use the global receiver for certain stores.
Now it's clearer that only LoadICs actually record any information about contextual or not.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/140943002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-17 11:08:24 +00:00
dslomov@chromium.org
5da41be7b8
Implement in-heap backing store for typed arrays.
...
This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.
R=mvstanton@chromium.org , verwaest@chromium.org
Review URL: https://codereview.chromium.org/101413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-16 17:08:45 +00:00
dslomov@chromium.org
34eeeb8953
Revert "Implement in-heap backing store for typed arrays."
...
This reverts commit r18649 for breaking Linux/nosnap and Win64 tests.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/140793003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-16 16:00:36 +00:00
dslomov@chromium.org
97040ce67b
Implement in-heap backing store for typed arrays.
...
This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.
R=mvstanton@chromium.org , verwaest@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=18646
Review URL: https://codereview.chromium.org/101413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-16 15:01:27 +00:00
dslomov@chromium.org
95f572389e
Revert "Implement in-heap backing store for typed arrays."
...
This reverts commit r18646 for breaking Win32 build.
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/132233012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-16 14:26:15 +00:00
dslomov@chromium.org
0c960c2e96
Implement in-heap backing store for typed arrays.
...
This adds a fixed array sub-type that will represent a backing store for
typed arrays allocated with TypedArray(length) construtor.
R=mvstanton@chromium.org , verwaest@chromium.org
Review URL: https://codereview.chromium.org/101413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-16 14:18:37 +00:00
jarin@chromium.org
19d832719e
This is a preview of a first step towards unification of the hydrogen
...
call machinery. The change replaces CallNamed, CallKeyed,
CallConstantFunction and CallKnownGlobal hydrogen instructions with two
new instructions with a more lower level semantics:
1. CallJSFunction for direct calls of JSFunction objects (no
argument adaptation)
2. CallWithDescriptor for calls of a given Code object according to
the supplied calling convention.
Details:
CallJSFunction should be straightforward, the main difference from the
existing InvokeFunction instruction is the absence of argument adaptor
handling. (As a next step, we will replace InvokeFunction with an
equivalent hydrogen code.)
For CallWithDescriptor, the calling conventions are represented by a
tweaked version of CallStubInterfaceDescriptor. In addition to the
parameter-register mapping, we also define parameter-representation
mapping there. The CallWithDescriptor instruction has variable number of
parameters now - this required some simple tweaks in Lithium, which
assumed fixed number of arguments in some places.
The calling conventions used in the calls are initialized in the
CallDescriptors class (code-stubs.h, <arch>/code-stubs-<arch>.cc), and
they live in a new table in the Isolate class. I should say I am not
quite sure about Representation::Integer32() representation for some of
the params of ArgumentAdaptorCall - it is not clear to me wether the
params could not end up on the stack and thus confuse the GC.
The change also includes an earlier small change to argument adaptor
(https://codereview.chromium.org/98463007 ) that avoids passing a naked
pointer to the code entry as a parameter. I am sorry for packaging that
with an already biggish change.
Performance implications:
Locally, I see a small regression (.2% or so). It is hard to say where
exactly it comes from, but I do see inefficient call sequences to the
adaptor trampoline. For example:
;;; <@78,#24> constant-t
bf85aa515a mov edi,0x5a51aa85 ;; debug: position 29
;;; <@72,#53> load-named-field
8b7717 mov esi,[edi+0x17] ;; debug: position 195
;;; <@80,#51> constant-s
b902000000 mov ecx,0x2 ;; debug: position 195
;;; <@81,#51> gap
894df0 mov [ebp+0xf0],ecx
;;; <@82,#103> constant-i
bb01000000 mov ebx,0x1
;;; <@84,#102> constant-i
b902000000 mov ecx,0x2
;;; <@85,#102> gap
89d8 mov eax,ebx
89cb mov ebx,ecx
8b4df0 mov ecx,[ebp+0xf0]
;;; <@86,#58> call-with-descriptor
e8ef57fcff call ArgumentsAdaptorTrampoline (0x2d80e6e0) ;; code: BUILTIN
Note the silly handling of ecx; the hydrogen for this code is:
0 4 s27 Constant 1 range:1_1 <|@
0 3 t30 Constant 0x5bc1aa85 <JS Function xyz (SharedFunctionInfo 0x5bc1a919)> type:object <|@
0 1 t36 LoadNamedField t30.[in-object]@24 <|@
0 1 t38 Constant 0x2300e6a1 <Code> <|@
0 1 i102 Constant 2 range:2_2 <|@
0 1 i103 Constant 1 range:1_1 <|@
0 2 t41 CallWithDescriptor t38 t30 t36 s27 i103 i102 #2 changes[*] <|@
BUG=
R=verwaest@chromium.org , danno@chromium.org
Review URL: https://codereview.chromium.org/104663004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18626 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-15 17:00:35 +00:00
jkummerow@chromium.org
5298a078c6
Revert "Eliminatable CheckMaps replaced with if(true) or if(false)."
...
This reverts r18592 for breaking the GC stress bots.
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/137783011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-15 09:53:54 +00:00
ishell@chromium.org
6b389902e1
Revert "Polymorphic named calls optimized for the case of repetitive call targets." for now because it prevents better results for checkmap elimination.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/138453002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:37:09 +00:00
verwaest@chromium.org
72125bafcc
Remove HCallGlobal and merge uses with HCallNamed.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/134333007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:15:52 +00:00
ishell@chromium.org
952fbe475f
Eliminatable CheckMaps replaced with if(true) or if(false).
...
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/130613003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18592 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 16:06:40 +00:00
verwaest@chromium.org
1257ba358c
Remove CALL_AS_FUNCTION and CALL_AS_METHOD.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/136403005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 14:36:24 +00:00
verwaest@chromium.org
f2245a9cf9
Make the strict-mode calling convention for contextual calls the default one.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/131663003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-14 12:04:10 +00:00
hpayer@chromium.org
f01dc250dc
Handlify AllocationSite AddDependentCompilationInfo.
...
BUG=
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/136703002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-13 14:54:33 +00:00
mvstanton@chromium.org
854d085996
More efficient use of space in AllocationSite.
...
We can eliminate one word from the object by sharing the pretenuring decision and the found memento count.
R=bmeurer@chromium.org , hpayer@chromium.org
Review URL: https://codereview.chromium.org/132063004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-13 10:28:01 +00:00
ishell@chromium.org
5c65572dd2
"dead" and "osr" block flags added to trace output for unreachable and osr entry blocks respectively.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/135943004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18550 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-13 08:45:26 +00:00
jarin@chromium.org
c0f622a45b
Fix of Hydrogen environment building for function "apply" calls.
...
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/133773002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18548 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-11 13:59:04 +00:00
rossberg@chromium.org
cb28b7f837
Retry "Templatise type representation" after making clang happy
...
The only thing different now is line types.h:208/236, which had a static_cast<Type*> before.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/133683002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18533 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 12:19:01 +00:00
hpayer@chromium.org
4ef951cf43
Allocation site pretenuring.
...
Pretenuring decisions are made based on allocation site lifetime statistics.
BUG=
R=mstarzinger@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/96783002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-10 12:11:54 +00:00
machenbach@chromium.org
8ffcd2a281
[Sheriff] Revert "Templatise type representation" and "Fix Mac warnings".
...
This reverts commit r18521 and r18522 for breaking mac and win builders.
BUG=
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/132493002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18524 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 19:52:15 +00:00
rossberg@chromium.org
1c33a2d840
Templatise type representation
...
This is to support both heap- and zone-allocated types in the future (the latter not yet implemented).
Also, handlify the type API some more.
R=titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/107933005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 17:12:48 +00:00
jkummerow@chromium.org
839297487f
Skip back edge creation for "do ... while(false)" loops
...
Drive-by fix: Fix disassembling "prefetch" instruction on ia32
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/131733002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 15:20:25 +00:00
mvstanton@chromium.org
380aa6dc8d
Array constructor can be simplified by loading context from JSFunction.
...
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/128683002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 15:07:23 +00:00
mvstanton@chromium.org
7baadbfac1
FunctionLiteral has work to do in the typing phase.
...
In crankshaft, we searched un-optimized code for a SharedFunctionInfo
that matches the FunctionLiteral we are processing. Ideally, this
work should be done in the typing phase.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/104883006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-09 09:00:19 +00:00
ishell@chromium.org
b2616f415b
Polymorphic named calls optimized for the case of repetitive call targets.
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/118483003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 16:59:42 +00:00
verwaest@chromium.org
4615e9edac
Reland v8:18458 "Load the global proxy from the context of the target function."
...
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/104013008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 10:46:39 +00:00
rossberg@chromium.org
2879f2104c
Revert "Load the global proxy from the context of the target function."
...
This reverts commit https://code.google.com/p/v8/source/detail?r=18458 , since it exhibits a bug that breaks some tests.
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/93863006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 09:55:25 +00:00
verwaest@chromium.org
5b40c38679
Load the global proxy from the context of the target function.
...
BUG=
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/111613003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 08:21:17 +00:00
bmeurer@chromium.org
ad4231c495
Reland "Allocation site support for monomorphic StringAdds in BinaryOps".
...
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/106313003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-02 15:31:27 +00:00
bmeurer@chromium.org
4d88b0b4be
Revert "Fix compilation with C++11." and "Allocation site support for monomorphic StringAdds in BinaryOps.".
...
This reverts commit r18431 and r18432 for breaking
the Linux nosnapshot build.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/122463004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-02 10:38:45 +00:00
bmeurer@chromium.org
a91499fec7
Allocation site support for monomorphic StringAdds in BinaryOps.
...
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/106453003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-02 09:17:52 +00:00
bmeurer@chromium.org
a53dcc9da1
Make it possible to assert that certain instance types are compatible wrt HAllocate.
...
Turns clear_next_map_word_ into a flag and adds a new method
CompatibleInstanceTypes(). This is used in BuildUncheckedStringAdd()
to ASSERT that there's no difference wrt. HAllocate in using
CONS_STRING_TYPE vs CONS_ASCII_STRING_TYPE.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/110443003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18428 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-02 06:26:44 +00:00
jkummerow@chromium.org
3c76ecd732
Fix switch statements with non-Smi integer labels and no type feedback
...
BUG=chromium:329709
LOG=Y
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/98643010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-19 14:25:58 +00:00
ishell@chromium.org
e3752b63c0
HStoreKeyed for Smis optimized for x64 + related redundant moves of elements removed
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/108503004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 18:05:10 +00:00
ishell@chromium.org
8c159ed4ec
HStoreNamedField for Smis optimized for x64
...
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/108413003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 17:53:50 +00:00
danno@chromium.org
8683920e3f
Improve ==/=== comparison in Hydrogen for monomorphic maps
...
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/108083004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 17:18:23 +00:00
jkummerow@chromium.org
59c334ebf4
Hydrogen: Re-use regular comparisons infrastructure for switch statements
...
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/111573003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18348 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 11:58:58 +00:00
verwaest@chromium.org
fb7218dc3d
Enable optimization of functions with generic switches.
...
R=jkummerow@chromium.org , titzer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/110123002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18347 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 11:44:38 +00:00
svenpanne@chromium.org
84aa5263f3
Remove the last remnants of the TranscendentalCache.
...
It was only used for Math.log, and even then only in full code and in %_MathLog. For crankshafted code, Intel already used the FP operations directly, while the ARM/MIPS ports were a bit lazy and simply called the stub. The latter directly call the C library now without any cache. It would be possible to directly generate machine code if somebody has the time, from what I've seen out in the wild it should be only about a dozen instructions.
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/113343003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18344 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-18 10:40:26 +00:00
yurys@chromium.org
cd5ea74700
Replace 'operator*' with explicit 'get' method on SmartPointer
...
Made operator* return reference to the raw type, not pointer. New method 'get()' should be used when raw pointer is needed.
Also removed useless inline modifier from the SmaprtPointer methods and added const modifier to the methods that don't change smart pointer.
Made ~SmartPointerBase protected to avoid accidental calls of the non-virtual base class's destructor.
drive-by: fixed use after free in src/factory.cc
BUG=None
LOG=N
R=alph@chromium.org , svenpanne@chromium.org
Review URL: https://codereview.chromium.org/101763003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-09 07:41:20 +00:00
mvstanton@chromium.org
a1a871fb5a
Remove unnecessary overflow check in HGraphBuilder::BuildCreateAllocationMemento().
...
With this fix codegen looks like:
mov ecx,[eax+0xf] ;;; <@52,#38> load-named-field
add ecx,0x2 ;;; <@54,#40> add-i
mov [eax+0xf],ecx ;;; <@56,#41> store-named-field
without it there is an overflow check and jump to deopt.
x64 code looks similar, except there is an (annoying) smi-untag then int32-to-smi around the add operation.
R=bmeurer@chromium.org , hpayer@chromium.org
Review URL: https://codereview.chromium.org/104313003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 10:46:18 +00:00
bmeurer@chromium.org
69b5d5f8f6
Revert "Use constant types to represent the fixed right arg of a MOD."
...
This reverts commit r18246 for tanking all benchmarks.
TBR=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/104243002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 09:27:48 +00:00
bmeurer@chromium.org
1868ef5de9
Use constant types to represent the fixed right arg of a MOD.
...
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/103933002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-04 08:37:34 +00:00