on ia32.
1. Operate on the values in edx,eax when possible (all operations
except DIV and MOD). This saves moving them on entry and when falling
out to the non-smi code.
2. Do not perform ADD and SUB before the smi check of their inputs.
This saves undoing the operation in the case that we fall through to
the non-smi case due to non-smi inputs (probably common?), and we can
avoid emitting the smi check code twice (code size reduction).
3. Don't perform OR twice (once to smi check the inputs and once to
smi check the result).
Review URL: http://codereview.chromium.org/556019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3712 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As the start index is already passed it is easy to calculate the "at start" boolean in generated code. Also as direct entry has been implemented this needs to be done in generated code anyway, and therefore might as well be moved to the generated code for RegExp. The "at start" value is now calcualted as a local variable on the native RegExp frame based on the value of the start index argument.
The x64 version have been tested on both Linux and 64-bit Windows Vista.
For ARM I have tested cctest/test-regexp on ARM hardware, but the rest of the tests have only been run on the ARM simulator.
Review URL: http://codereview.chromium.org/554078
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Currently arguments are never passed on registers (due to the way ArgsInRegistersSupported is written) and
if they were, the stub would break in several places because registers are not preserved properly in the
course of execution. This CL makes use of registers more often (than never) and makes sure that registers are
handler properly.
A peformance gain is small (0.2-0.3%) but stable.
This CL was extracted from the one sent out earlier (http://codereview.chromium.org/551093).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is a preparation step for including number type information
in the virtual frame. We need a common place where we can update
the number type information of the result of a binary operation
since we should not modify the state of the virtual frame elements
directly.
Review URL: http://codereview.chromium.org/551080
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
generator.
Contexts are no longer stored in the AST but in the code generator's
state. This means that the running the code generator selector is not
required to use the toplevel code generator (for instance, if we
already know that we can and should use it).
Review URL: http://codereview.chromium.org/546075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When a function is called with a value type as the receiver this is now boxed as an object.
This is a low-impact solution where the receiver is only boxed when required. For IC calls to the V8 builtins values are not boxed and as most of the functions on String.prototype, Number.prototype and Boolean.prototype are sitting there most IC calls on values will not need any boxing of the receiver.
For calls which are not IC calls but calls through the CallFunctionStub a flag is used to determine whether the receiver might be a value and only when that is the case will the receiver be boxed.
No changtes to Function.call and Function.apply - they already boxed values. According to the ES5 spec the receiver should not be boxed for these functions, but current browsers have not adopted that change yet.
BUG=223
TEST=test/mjsunit/value-wrapper.js
TEST=test/mjsunit/regress/regress-crbug-3184.js
Review URL: http://codereview.chromium.org/542087
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in particular).
* Called function is passed on the stack instead of
using a static variable.
* Builtins that don't need the called function don't
get it.
* Made is_construct statically known to HandleApiCall
by setting custom construct stub for API functions.
Review URL: http://codereview.chromium.org/536065
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Refactor VisitProperty to use the platform-specific methods for emitting the IC calls.
* Refactor recording of source positions in the top-level compiler.
* Correct the recorded source positions for assignments and property loads.
* Fix bug on x64 where source positions were not recorded before a calling a call-IC.
* Correct some inconsistencies between IA-32 and X64 top-level code generator.
We now pass all regression tests with
--always-fast-compiler.
Review URL: http://codereview.chromium.org/550043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Replace runtime call to NumberAdd with call to binary op stub.
Until now the top-level compiler always called a runtime function
for count operations.
In some places we expected in the JS builtins smis as arguments.
If we perform a count operation before all smis would get converted into
heap numbers by the runtime number add function and result in a runtime
assert.
Also: Add missing debugger information in the top-level compiler for
do-while loops.
Review URL: http://codereview.chromium.org/548029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When initializing the special local variable containing the reference to the enclosing
function in named functions we now (correctly) emit an INIT_CONST instead of INIT_VAR,
and we correctly bail out in the top-level code generator.
Also part of this change is adding missing statement position information
for some statements in the top-level code generator.
Review URL: http://codereview.chromium.org/536029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Rename the operation of filling a context with a value. Formerly it
was 'Move', now it's 'Apply' so as to avoid confusion with various
other Moves (eg, in the toplevel codegen, in the macro assemblers).
* Use the abstraction Drop rather than math on the stack pointer.
* Add a predicate on AST expression nodes to abstract a repeated test
whether we should us a regular (named) IC or a keyed IC.
Review URL: http://codereview.chromium.org/546006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added newly added instructions to test-disasem-ia32.cc and implemented the missi
ng ones in the disasembler.
Added some asserts to 8-bit instructions which only work with eax, ebx, ecx and
edx (al, bl, cl and dl).
Removed the loope instruction.
Review URL: http://codereview.chromium.org/548002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Instead of going through a runtime function for keyed loads
on strings we invoke a separate specialized stub that
assumes string as receiver type and the key to be a number.
The stub calls a JS builtin function to return the corresponding one-character string.
Review URL: http://codereview.chromium.org/521041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added a stub to allocate and fill a string object with a substring from another string.
Use the rep movs instruction to copy the string data as it turned out to be the fastest way.
While preparing this I experimented with some SSE2 instructions, so the instructions movdqa and movdqu are still in the IA-32 assembler even though they are not used.
Review URL: http://codereview.chromium.org/525085
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Calls to RegExp no longer have to be via a call to the runtime system. A new stub have been added which can handle this call in generated code. The stub checks all the parameters and creates RegExp entry frame in the same way as it is created by the runtime system. Bailout to the runtime system is done whenever an uncommon situation is encountered or when the static data used is not initialized. After running the native RegExp code the last match info is updated like in the runtime system.
Currently only ASCII strings are handled.
Added another argument to the RegExp entry frame. It indicated whether the call is direct from JavaScript code or through the runtime system. This information is used when RegExp execution is interrupted. If an interruption happens when RegExp code is called directly a retry is issued causing the interruption to be handled via the runtime system. The reason for this is that the direct call to RegExp code does not support garbage collection.
Review URL: http://codereview.chromium.org/521028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
generator.
The Slot::Type enumeration has four values. It should never be
necessary to use a default to handle the case of a value out of range
of the enumeration. Doing so silences a useful warning when one of
the enumeration values is actually forgotten or when a new enumeration
value is added.
Review URL: http://codereview.chromium.org/521019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Until now we only supported postfix operations on global variables.
This change add generic count operations to the top-level compiler.
I tried to re-use code from the code generator used for assignment expressions
where possible.
Review URL: http://codereview.chromium.org/496009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If a function contains more than a certain number of locals (IA32: 9, X64: 6, ARM: 4)
a loop for initializing the locals with 'undefined' is more compact.
For less locals we unroll that loop by emitting a sequence of push instructions.
Review URL: http://codereview.chromium.org/515012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
that attempt to run with a small heap. Additionally, it can
potentially keep a lot of string data alive and it is never flushed.
Can we make it grow dynamically if used so that we can still start the
VM with a small heap size?
Review URL: http://codereview.chromium.org/503081
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
to floating point and then converting back we convert directly to a
32 bit integer. In addition the bit twiddling implementation of float-
to-integer conversion has been ported from ARM. Testing has shown that
this runs faster than the x87 or SSE3 rounding instructions. This change
is IA32 only. There may be a smaller benefit from doing the same on x64.
Review URL: http://codereview.chromium.org/506052
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
callback load (or keyed load) IC.
The problem was that the IC code calls a stub, which can allocate and
thus trigger a GC if the stub is not already generated. Problem is
solved by adding the ability to "try" to call a stub, trying to
generate the stub code if necessary but signaling an allocation
failure if generating the code is not possible.
Review URL: http://codereview.chromium.org/472002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When generating code for object and array literals we performed
the check if the a boilerplate already exists in generated code.
In the top-level compiler we now do this check in a new runtime
function. This makes the generated code more compact for top-level code.
Review URL: http://codereview.chromium.org/465148
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Refactor the structure of VisitAssignment: The existing code is not ideal
to be extended with support for compound assignments.
2. Reuse common code for keyed property assigments: Now variables rewritten
to a property (.arguments access) are treated like normal keyed property
assignments. This allows us to remove some code duplication.
Review URL: http://codereview.chromium.org/456024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3425 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This adds a code stub which can do most of what Heap::AllocateConsString can do. It bails out if the result cannot fit in new space or if the result is a short (flat) string and one argument is an ascii string and the other a two byte string. It also bails out if adding two one character strings as Heap::AllocateConsString has special handling of this utilizing the symbol table. The stub is used both for the binary add operation and for StringAdd calls from runtime JavaScript files. Extended the string add test to cover all sizes of flat result stings.
Review URL: http://codereview.chromium.org/442024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3400 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The different length string types was used to encode the string length and the hash in one field. This is now split into two fields one for length and one for hash. The hash field still encodes the array index of the string if it has one. If an array index is encoded in the hash field the string length is added to the top bits of the hash field to avoid a hash value of zero.
On 32-bit this causes an additional 4 bytes to be used for all string objects. On 64-bit this will be half on average dur to pointer alignment.
Review URL: http://codereview.chromium.org/436001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Summary:
This change fixes a performance regression introduced by the special
handling of regular expressions in typeof expressions.
As a result we regain ~8% speedup on 3d-raytrace and ~13% on boyer
(vs bleeding edge)
Description:
The macros IS_OBJECT and IS_FUNCTION are frequently used in the
JS runtime functions.
By introducing new inlined runtime functions %_IsFunction and %_IsObject
we avoid invoking the more expensive %_ClassOf function plus comparing
its result to a string.
Review URL: http://codereview.chromium.org/399111
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Change name of shifts picking the shift count from cl to sal_cl, shl_cl and shr_cl.
Add special encoding of shift by one for shr which was missing it.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3314 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change fixes the problem with the original version of this approach
(r3032) that may lead to a corrupted stack if we would invoke spilling during
syncing a large SMI constant (unsafe SMIs) in the virtual frame.
The new code for storing unsafe SMI constants does not use an extra temporary
register. This prevents the compiler from ever having to spill during a
virutal frame sync operation.
For storing a large SMI constant we previously generated:
mov ecx, (large_smi & 0x0000ffff)
xor ecx, (large_smi & 0xffff0000)
push ecx
we now generate:
push (large_smi & 0x0000ffff)
or [esp], (large_smi & 0xffff0000)
Not using a temporary register avoids spilling within an nvocation
of VirtualFrame::SyncRange.
Review URL: http://codereview.chromium.org/391079
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3313 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Condition block of do/while statements is a valid break location so it should have its own position. The block is represented by a regular Expression node so we cannot store the position in it, instead the position is stored in a separate field in DoWhileStatement AST node.
BUG=514
Review URL: http://codereview.chromium.org/385136
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This optimization is already done on x64 and ARM.
Until now we used a push immediate for each local variable on IA32:
push $undefined
push $undefined
...
to initialize each local variable. This change does:
mov eax, $undefined
push eax
push eax
...
Review URL: http://codereview.chromium.org/393009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3304 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
available. We use this to ensure that snapshots on MacOSX can
use SSE2 instructions. Also clean up and assertify the
handling of things we can't do when we are generating a
snapshot. Fix a bug in the new serialization tests where
they activated Snapshot::enable() too late after code had been
generated that assumed no snapshots.
Review URL: http://codereview.chromium.org/391051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
regular expressions to be consistent with typeof in other contexts.
Typeof regular expressions should now be 'function' in all contexts.
In the JS natives, IS_FUNCTION, IS_OBJECT, and IS_REGEXP return the
same answers as before.
Review URL: http://codereview.chromium.org/360053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the generated code for function.apply there was a loop checking the stack limit for interruption. This loop would call into the runtime system to handle interuption and keep running until there was no interruption. However if the interuption was debug break the runtime system would never clear the interruption as debug break is prevented in builtins are prevented and the assumption here was that returning with the debug break flag set would move execution forward.
Renamed initial_jslimit and initial_climit to real_jslimit and real_climit. Renamed a few external references related to the stack limit as well.
Exposed the real stack limit to generated code to make the stack check when entering function.apply use the real stack limit and not the stack limit which is changed to signal interruption.
Added the real stack limit to the roots array.
BUG=http://code.google.com/p/v8/issues/detail?id=493
TEST=cctest/test-debug/DebugBreakFunctionApply
Review URL: http://codereview.chromium.org/345048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
separate JS stack.
In exception handling, we need to be able to compare addresses into
the JavaScript portion of the stack with the address of a C++ handler
on the stack. Since the stacks are separate on the simulator, we need
a JavaScript stack address corresponding to a C++ try catch handler in
order to perform valid address comparisons.
On the simulator, we now link the C++ try catch handlers indirectly
through the JS stack and use the JS stack indirection address for
comparisons.
JS C++
handler
[C++ address] <------ next_
\
\
\----> handler
[C++ address] <------ next_
On actual hardware the C++ try catch handlers continue to be directly
linked.
BUG=http://code.google.com/p/v8/issues/detail?id=271
Review URL: http://codereview.chromium.org/360004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
There were two separate implementations of the function
'BuildBoilerplate' that is used to compile function declarations and
function literals. The implementations did not do exactly the same
thing. In particular, one ignored the flag --lazy.
Combine the two implementations.
Review URL: http://codereview.chromium.org/360011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
used to signal that an expression was the immediate subexpression of
typeof, or (?) in the arm of a conditional expression itself in the
typeof state.
It was inconsistently consulted. It was not used for property loads,
but only for slot loads. This means that we matched the Webkit JSC
(not Spidermonkey) behavior for:
typeof(true ? x : y) // throws ReferenceError
and we matched the SpiderMonkey behavior (not JSC) for:
with ({}) { typeof(true ? x : y) } // ==> "undefined"
Now we are expected to match the JSC behavior in all cases.
Review URL: http://codereview.chromium.org/362004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
directly-applied function literals that are themselves compiled with
the top-level code generator.
The choice is guarded by a test that the function is anonymous (thus
not expected to be recursive) and not in a loop.
A compilation hint is set in the shared function info and used to make
the choice.
Review URL: http://codereview.chromium.org/341081
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
context. Test contexts are used for the left subexpressions of
short-circuited boolean operators. The right subexpressions inherit
their expression context from the binary op expression.
Compilation of short-circuited operations in effect and test context
is straightforward:
effect(e0 || e1) =
test(e0, L0, L1)
L1: effect(e1)
L0:
test(e0 || e1, L0, L1) =
test(e0, L0, L2)
L2: test(e1, L0, L1)
Because the value of the first subexpression may be needed as the
value of the whole expression in a value context, we introduce a
hybrid value/test contest (the value is needed if true, but not if
false).
value(e0 || e1) =
value/test(e0, L0, L1)
L1: value(e1)
L0:
The compilation of value/test and test/value (introduced by boolean
AND) is:
value/test(e0 || e1, L0, L1) =
value/test(e0, L0, L2)
L2: value/test(e1, L0, L1)
test/value(e0 || e1, L0, L1) =
test(e0, L0, L2)
L2: test/value(e1, L0, L1)
Boolean AND is the dual. The AST nodes themselves (not their parents)
are responsible for producing the proper result (effect, value, or
control flow) depending on their context.
Review URL: http://codereview.chromium.org/339082
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
o.x() and o[expr]()
other changes:
- Fix missing relocation info for StoreIC on global object.
- Generate only one common return sequence instead of always appending
"return <undefined>" at the end of each function: The first JS
return-statement will generate the common return sequence. All
other return-statements will generate a unconditional branch to the common
return sequence.
Review URL: http://codereview.chromium.org/340037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The code for .result = (b.y = 99) where b is a global variable is:
push [esi+0x17]
mov ecx,0xf5c229ad ;; object: 0xf5c229ad <String[1]: b>
call LoadIC_Initialize
nop
mov [esp],eax
mov eax,0xc6
mov ecx,0xf5c25c41 ;; object: 0xf5c25c41 <String[1]: y>
call StoreIC_Initialize
nop
mov [esp],eax
pop [ebp+0xf4]
There is still some room for improvement in the generated code.
Other changes:
- Replaced switch-statement in FastCodeGenerator::VisitProperty with DropAndMove(...)
- Do not emit nop after IC calls on ARM.
Review URL: http://codereview.chromium.org/347001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
context of the expressions they label. Introduce an "unintialized"
location to catch failure to assign any location at all.
Changed the object literal initialization on ARM to use a Store IC in
the same cases where it did on the other platforms. This was required
because the location of the literal property name is given an
"unitialized" location.
Review URL: http://codereview.chromium.org/339045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
location to an Expression AST node from the node's parent to the node
itself.
This allows an inherited code generation context from a parent node to
be passed arbitrarily far down the tree (eg, the subexpression of a
unary not is in the same context as the unary expression itself, the
then and else subexpressions of the ternary operator are in the same
context as the whole expression, and so forth).
We do not yet take advantage of this in the backend (eg, the right
subexpression of short-circuited OR is still compiled by using the
parent's destination location, rather than the subexpression's
itself).
Review URL: http://codereview.chromium.org/340005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3163 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Literals now have a location of temporary by default and are
responsible for moving themselves into their location like all other
expressions.
The constant location turned out not to allow us to avoid checking
subexpressions in AST interior nodes, and it turned out to require
checking after some normal calls to Visit (like for the arguments to a
call). With this change do not have to check after a call to Visit
that we got our result in the expected location.
Review URL: http://codereview.chromium.org/339004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
of individual changes:
- Added infrastructure for custom stub caching.
- Push the code object onto the stack in exit calls instead of a
debug/non-debug marker.
- Remove the DEBUG_EXIT frame type.
- Add a new exit stub generator for API getters.
Review URL: http://codereview.chromium.org/330017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
I also added more unit tests for literals.
Right now, the fast compiler produces code very similar to
the existing code generator. We may consider different ways to
further compact the generated code for top-level code.
ARM always goes through a runtime function to initialize computed
properties in an object literal whereas IA32 and x64 use StoreIC.
Review URL: http://codereview.chromium.org/316009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As the list of code-stubs is used in two places it is now handled through a macro to keep this in sync. As some code-stubs is only used on ARM the list have been split into two parts to indicate this and get rid of dummy implementation on ia32 and x64 platforms.
BUG=484
Review URL: http://codereview.chromium.org/335025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in a non-test (ie, value or effect) context. (It is implicitly not in
a test context because the code generator does not support expressions
in a test context yet.)
Compilation is essentially the same as in the optimized code
generator. The expression (e0 || e1) is compiled as if it were
(let (temp = e0) temp ? temp : e1).
On ia32 and x64 a single shared ToBoolean stub is used to convert a
value to a flag. The inlined checks assumed by the stub are reordered
to compare to undefined (the common case in toplevel code?) first. On
ARM a call to the runtime is used. In the interest of code size no
checks are yet inlined on ARM.
Review URL: http://codereview.chromium.org/334006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
specification under development. This is a follow-on CL to
http://codereview.chromium.org/293023 .
Based on review feedback, defined the behavior of storing NaN and
+/-Infinity into external arrays of integer types as storing 0. Added
test cases. Added fucomi instruction to assembler. Fixed bug in
KeyedLoadIC::GenerateExternalArray when allocation of HeapNumber
failed. Fixed bug in encoding of 16-bit immediate arithmetic
instructions in 64-bit port.
Removed raising of exceptions for negative array indices passed to
external arrays and associated tests. Based on current discussion in
WebGL working group, will probably end up removing the exception
throwing altogether.
Review URL: http://codereview.chromium.org/294022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3113 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
currently compiled the same as with the optimizing compiler: they are
cloned from a boilerplate object and the boilerplate objects are
lazily constructed.
Also changed argument pushing on ARM to use stm (store multiple),
which required changing the order of arguments to the runtime
functions DeclareGlobals and NewClosure. They were only used from
generated code.
Finally, changed the toplevel code generator so that stack pops to
discard a temporary became addition to the stack pointer on ia32 and
x64.
Review URL: http://codereview.chromium.org/303021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For .result = /abc.*/g we generate the following IA-32 code:
...
mov ebx,[edi+0x17]
mov eax,[ebx+0xb]
cmp eax, 0xf5d0e135 ;; object: 0xf5d0e135 <undefined>
jnz done
push ebx
push 0x2
push 0xf5d13805 ;; object: 0xf5d13805 <String[5]: abc.*>
push 0xf5d13815 ;; object: 0xf5d13815 <String[1]: g>
call RuntimeStub_MaterializeRegExpLiteral
done:
push eax
pop [ebp+0xf4]
...
This is very similar to the code previously generated except we do not
generate deferred code for the case where we call the runtime.
On ARM we use the stm instruction to make pushing the arguments more compact.
Review URL: http://codereview.chromium.org/300037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
when using snapshots.
The alignment of new space has to match the alignment in the snapshot,
but the max committed amount of memory does not.
For now, we assume that the default semispace size is always used in a
snapshot.
Review URL: http://codereview.chromium.org/300036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3106 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
specification under development. The optimizations are patterned after
those previously done for CanvasPixelArray. This CL adds all of the
necessary framework but continues to use the generic KeyedLoadIC and
KeyedStoreIC code, to create a baseline for benchmarking purposes. The
next CL will add the optimized ICs to ic-ia32.cc and ic-x64.cc.
These new CanvasArray types have different semantics than
CanvasPixelArray; out-of-range values are clamped via C cast
semantics, which is cheaper than the clamping behavior specified by
CanvasPixelArray. Out-of-range indices raise exceptions instead of
being silently ignored.
As part of this work, pulled FloatingPointHelper::AllocateHeapNumber
up to MacroAssembler on ia32 and x64 platforms. Slightly refactored
KeyedLoadIC and KeyedStoreIC. Fixed encoding for fistp_d on x64 and
added a few more instructions that are needed for the new ICs. The
test cases in test-api.cc have been verified by hand to exercise all
of the generated code paths in the forthcoming specialized ICs.
Review URL: http://codereview.chromium.org/293023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
constant known at compile time. Do not ever use the stack to
materialize (non-function-argument) constants. Currently, constants
are only the non-materialized, non-function literals in the AST.
It is a known issue that there is no test coverage for the cases of
assigning a non-literal to a variable and returning a literal. Those
code paths are unreachable and tests will be added when they become
reachable.
For the code '.result = true', we had previously on ia32:
27 push 0xf5c28161 ;; object: 0xf5c28161 <true>
32 pop [ebp+0xf4]
Now:
27 mov eax,0xf5c26161 ;; object: 0xf5c26161 <true>
32 mov [ebp+0xf4],eax
======== We had previously on x64:
25 movq r10,0x7fb8c2f78199 ;; object: 0x7fb8c2f78199 <true>
35 push r10
37 pop [rbp-0x18]
Now:
25 movq r10,0x7fb131386199 ;; object: 0x7fb131386199 <true>
35 movq [rbp-0x18],r10
The generated code for ARM did not include the extra memory traffic.
It was already eliminated by the ARM assembler's push/pop elimination.
Review URL: http://codereview.chromium.org/300003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3088 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Slots appear only indirectly in the AST (through variables linked to
variable proxies). Slots are shared among variable references, so
putting compilation-time state on them is potentially a source of
bugs. Avoid it for now.
Review URL: http://codereview.chromium.org/284009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3079 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
fast-mode code generator.
AST expression nodes are annotated with a location when doing the
initial syntactic check of the AST. In the current implementation,
expression locations are 'temporary' (ie, allocated to the stack) or
'nowhere' (ie, the expression's value is not needed though it must be
evaluated for side effects).
For the assignment '.result = true' on IA32, we had before (with the
true value already on top of the stack):
32 mov eax,[esp]
35 mov [ebp+0xf4],eax
38 pop eax
Now:
32 pop [ebp+0xf4]
======== On x64, before:
37 movq rax,[rsp]
41 movq [rbp-0x18],rax
45 pop rax
Now:
37 pop [rbp-0x18]
======== On ARM, before (with the true value in register ip):
36 str ip, [sp, #-4]!
40 ldr ip, [sp, #+0]
44 str ip, [fp, #-12]
48 add sp, sp, #4
Now:
36 str ip, [fp, #-12]
Review URL: http://codereview.chromium.org/267118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
fast code generator is optimized for compilation time and code size.
Currently it is only implemented on IA32. It is potentially triggered
for any code in the global scope (including code eval'd in the global
scope). It performs a syntactic check and chooses to compile in fast
mode if the AST contains only supported constructs and matches some
other constraints.
Initially supported constructs are
* ExpressionStatement,
* ReturnStatement,
* VariableProxy (variable references) to parameters and
stack-allocated locals,
* Assignment with lhs a parameter or stack-allocated local, and
* Literal
This allows compilation of literals at the top level and not much
else.
All intermediate values are allocated to temporaries and the stack is
used for all temporaries. The extra memory traffic is a known issue.
The code generated for 'true' is:
0 push ebp
1 mov ebp,esp
3 push esi
4 push edi
5 push 0xf5cca135 ;; object: 0xf5cca135 <undefined>
10 cmp esp,[0x8277efc]
16 jnc 27 (0xf5cbbb1b)
22 call 0xf5cac960 ;; code: STUB, StackCheck, minor: 0
27 push 0xf5cca161 ;; object: 0xf5cca161 <true>
32 mov eax,[esp]
35 mov [ebp+0xf4],eax
38 pop eax
39 mov eax,[ebp+0xf4]
42 mov esp,ebp ;; js return
44 pop ebp
45 ret 0x4
48 mov eax,0xf5cca135 ;; object: 0xf5cca135 <undefined>
53 mov esp,ebp ;; js return
55 pop ebp
56 ret 0x4
Review URL: http://codereview.chromium.org/273050
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
while, and for loops.
Previously they were distinguished by a type field, which required
runtime asserts to avoid invalid nodes (since not all loop types have
the same internal structure). Now they C++ type system is used to
require well-formed loop ASTs.
Because they do not share compilation code, we had very large
functions in the code generators that merely did a runtime dispatch to
a specific implementation based on the type.
Review URL: http://codereview.chromium.org/269049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3048 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The calls to GenericBinaryStub can now pass the arguments in registers instead of on the stack. It is supported for ADD, SUB, MUL and DIV. The convention in GenericBinaryStub is not changed so the left operand is passed in edx and the right one in eax. When the stub contains smi code arguments are always passed on the stack as the smi code has to have left and right operands on eax and ebx, so moving from edx,eax to eax,ebx is not worth it and the smi code also trashes the registers so if arguments where passed in registers they would have to be saved on the stack anyway.
Added flags to disable the use of certain Intel CPU features to make it easier to test different code paths.
Review URL: http://codereview.chromium.org/246075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3041 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Named a constant and added an assert to get notified when related constants
change.
Removed reloading of the Array function when Array is called as a constructor as
the Array function is preserved in edi.
This - unlike r2908 and r2909 - both compiles and passes the tests.
Review URL: http://codereview.chromium.org/209012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2940 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The construction of arrays when using the the Array function either as a constructor or a normal function is now handled fully in generated code in most cases. Only when Array is called with one argument which is either negative or abowe JSObject::kInitialMaxFastElementArray (which is currently 1000) or if the allocated object cannot fit in the room left in new space is the runtime system entered.
Two new native code built-in functions are added one for normal invocation and one for the construct call. The existing C++ builtin is renamed, but kept. When the normal invocation cannot be handled in generated code the C++ builtin is called. When the construct invocation cannot be handled in native code the generic construct stub is called (which will end up in the C++ builtin through a construct trampoline).
One thing that might be changed is preserving esi (constructor function) during the handling of a construct call. We know precisily what function we where calling anyway and can just reload it. This could remove the parameter construct_call to ArrayNativeCode and remove the handling of this from that function.
The X64 and ARM implementations are not part of this changelist.
Review URL: http://codereview.chromium.org/193125
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The SCons build now has the options profilingsupport and debuggersupport for controlling the setting of the defines ENABLE_LOGGIGN_AND_PROFILING and ENABLE_DEBUGGER_SUPPORT. By default both are set to true.
The changes to the XCode project have not been tested.
Review URL: http://codereview.chromium.org/195061
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2875 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Use the code patcher for the patching of the JS return sequence used by the debugger.
Added explicit instruction cache flushing in a code patching section which did not have it for completeness, even though it is not required on Intel processors.
Review URL: http://codereview.chromium.org/203016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Got rid of the debug break on return entry code which did not add anything. It just jumped directly to the debug break on return code.
Removed the CodePatcher class on x64 as it was not implemented.
Added instruction cache flush to where the return sequence was patched on x64.
Added some missing ENABLE_DEBUGGER_SUPPORT #ifdef/#endif.
Review URL: http://codereview.chromium.org/193057
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2863 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Objects which require an additional fixed array to be allocated now have this allocated in generated code as well. Added allocation flags to the macro assembler new space allocation routines.
Changed the ia32 and x64 macro assemblers to take allocation flags to the allocation routines instead of boolean flag.
Review URL: http://codereview.chromium.org/201015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Factored out the allocation in new space from assembler code into the macro assembler. To support the current allocation patterns a number of different functions where required.
This is change is identical to http://codereview.chromium.org/174524 (committed in r2768 and reverted in r2769) except that line 710 in macro-assembler-ia32.cc is
cmp(result_end, Operand::StaticVariable(new_space_allocation_limit));
instead of
cmp(result, Operand::StaticVariable(new_space_allocation_limit));
and pre-submit fixes as well.
TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/174600
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For objects which only have simple assignments of the form this.x = ...; a
specialized constructor stub is now generated. This generated code allocates the
object and fills in the initial properties directly. If this fails for some
reason code continues in the generic constructor stub which in turn might pass
control to the runtime system.
Added counter to see how many objects are constructed using a specialized stub.
The specialized stub is only implemented for ia32 architecture in this change.
For x64 and ARM the generic construct stub is used.
This is change is identical to http://codereview.chromium.org/174392 (committed in r2753 and reverted in r2754) except that a few parts have already been committed from http://codereview.chromium.org/173469 (committed in r2762).
Review URL: http://codereview.chromium.org/173470
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For objects which only have simple assignments of the form this.x = ...; a specialized constructor stub is now generated. This generated code allocates the object and fills in the initial properties directly. If this fails for some reason code continues in the generic constructor stub which in turn might pass control to the runtime system.
Added counter to see how many objects are constructed using a specialized stub.
The specialized stub is only implemented for ia32 architecture in this change. For x64 and ARM the generic construct stub is used.
Review URL: http://codereview.chromium.org/174392
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
During parsing functions are analyzed for statements of the form this.x = ...;. These assignments are categorized in two types: simple and non simple. The simple ones are where the right hand side is known to be either a constant or an argument to the function. If a function only contains statements of this type the property names are collected and for the simple assignments the index of the argument or the constant value assigned are stored as well.
When the initial map for a function is created and the function consists of only this type of assignemnts the initial map is created with a descriptor array describing these properties which will be known to always exist in an object created from the function.
The information on this property assignments is not collected during pre-parsing so if compiling using pre-parse data these optimization hints are not available.
Next step will be to use the information collected for the simple assignments to generate constructor code which will create and initialize the object from this information without calling the code for the function.
Review URL: http://codereview.chromium.org/172088
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
