Commit Graph

14606 Commits

Author SHA1 Message Date
machenbach@chromium.org
275437023f [Sheriff] Mark new regression test as flaky.
BUG=336820
LOG=n
R=bmeurer@chromium.org
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/139923007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 13:56:00 +00:00
bmeurer@chromium.org
3214cf11ff Don't crash in Array.join() if the resulting string exceeds the max string length.
LOG=y
BUG=336820
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/144533003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18986 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:21:17 +00:00
ishell@chromium.org
2aa17c6e62 Load elimination fix: load should not be replaced with another load if the former is not dominated by the latter.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/151333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18985 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 12:03:32 +00:00
jkummerow@chromium.org
fd6996ffab grokdump: Compute correct call destinations and display them in-place
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/148493008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18984 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 11:49:07 +00:00
verwaest@chromium.org
c7b91cd494 Don't unmark dictionary mode maps as unstable.
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/148493007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18983 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 11:38:43 +00:00
hpayer@chromium.org
3aa29a9a49 Disable concurrent sweeping.
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/151273002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18981 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 10:31:55 +00:00
bmeurer@chromium.org
f3e3fe286e Use CHECK_OBJECT_COERCIBLE macro where possible
Contributed by Mathias Bynens <mathiasb@opera.com>.

TEST=
BUG=v8:3122
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/132333019

Patch from Mathias Bynens <mathiasb@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 10:05:58 +00:00
svenpanne@chromium.org
2daf43ac13 Once again: Fixed some lifetime/ownership issues in cctest
* Fixed lifetime issue in cctest/test-heap-profiler/HeapSnapshotJSONSerialization.

   * Fixed ownership issue in cctest/test-api/ContainsOnlyOneByte.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/142553005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18978 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:50 +00:00
hpayer@chromium.org
27c385bf69 Revert "[Sheriff] Mark profviz flaky on GC stress."
This reverts commit f70687c1e5ef15254887e0619939e25a834e936e.

BUG=
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/148493006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:59:22 +00:00
bmeurer@chromium.org
c050e2c715 Add Opera Software ASA to AUTHORS
Contributed by Mathias Bynens <mathiasb@opera.com>.

BUG=
LOG=N
R=bmeurer@chromium.org, jarin@chromium.org

Review URL: https://codereview.chromium.org/135493003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18976 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:18:43 +00:00
machenbach@chromium.org
5be6daa942 Fix deopt fuzzer variable set up.
Adds the simulator variable configuration from r18959 to the deopt fuzzer.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/143403004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:10:56 +00:00
machenbach@chromium.org
5f7bc00db5 Fix python path for gyp.
BUG=
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/151253002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18974 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:09:43 +00:00
hpayer@chromium.org
1bec4ad750 Check forwarding pointer when marking objects for deoptimization.
BUG=
R=bmeurer@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/148493004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 09:07:30 +00:00
svenpanne@chromium.org
0cb5fd3d3e Implements ES6 String.prototype.normalize method.
BUG=v8:2943
LOG=Y
TEST=Unit tests for "real life" use cases, edge cases, various types of normalization.

==========================

This is identical to the previous CL
   https://codereview.chromium.org/40133004/
with two differences:
 * Added a dummy implementation of String.prototype.normalize to be used when v8 is compiled without intl support
 * Rebased the the test files for webkit. That was the only reason for the previous failure (and revert).

Thank you,
Mihai

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/68133016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18972 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 08:09:17 +00:00
svenpanne@chromium.org
39d1534d66 Fixed a few lifetime/ownership issues in cctest/test-api.
* Fixed CompileExternalTwoByteSource: Registered resources should
     better still be alive when they are accessed.

   * Fixed ownership in cctest/test-api/VisitExternalStrings.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/139923003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 07:29:25 +00:00
bmeurer@chromium.org
735a507385 Improve HConstant::ImmortalImmovable() to check for all immortal immovable roots.
Move the list to IMMORTAL_IMMOVABLE_ROOT_LIST in heap.h, and
automatically include INTERNALIZED_STRING_LIST and STRING_TYPE_LIST.

R=hpayer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/146623003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 07:28:46 +00:00
hpayer@chromium.org
dae054e7f0 Fix compiler error on MacOS, remove unused ParameterCount member in CallInterceptorCompiler.
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/132113004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18969 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 07:02:33 +00:00
palfia@homejinni.com
c7f94b8049 MIPS: Fix the context check in LoadGlobalFunctionPrototype
Port r18958 (5cd635d0)

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/132883017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18968 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:49:07 +00:00
palfia@homejinni.com
71971764fe MIPS: crankshaft support for api method calls
Port r18946 (a152f5ae)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/150913002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:36:19 +00:00
verwaest@chromium.org
bef13f739c Fix regression caused by supporting inlining accesses to non-JSObjects
TBR=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/150983002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-31 00:29:04 +00:00
plind44@gmail.com
02d8dc57c1 MIPS: Specialize FixedTypedArray<> set and get functions to solve unaligned double access.
BUG=
TEST=test-api/FixedFloat64Array
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/136333011

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 20:05:11 +00:00
plind44@gmail.com
5b46492c8e MIPS: stub api getters.
Port r18941 (517adbf)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/148383017

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 18:22:28 +00:00
plind44@gmail.com
ad53abec73 MIPS: Optimize HWrapReceiver.
Port r18945 (699b03e)

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/145083018

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 18:13:38 +00:00
plind44@gmail.com
51107bad1c Skip webkit/function-apply-aliased.js when running on simulators.
The webkit/function-apply-aliased.js test fails on simulators (both MIPS
and ARM) as the printed output does not match to the expected. The
failing test forces a stack overflow exception and the ToString()
operation of the exception object fails because of an other stack
overflow and returns an empty string.

The problem is that on hardware a common JS and C stack is used so the
stack overflow can be caught in C functions also while on simulator
separated JS and C stacks are used.

This patch adds a "sim" condition to test .status files to skip tests
only on simulator.

LOG=N
BUG=v8:3124
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/139233005

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18959 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 18:04:33 +00:00
verwaest@chromium.org
a9ba16dee3 Fix the context check in LoadGlobalFunctionPrototype
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/146303003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18958 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 17:45:09 +00:00
verwaest@chromium.org
1280edd4e5 Fix polymorphic load handling.
BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/150453003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18954 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 16:44:32 +00:00
bmeurer@chromium.org
552720c2c2 Revert "Use HType::NonPrimitive() for non primitive HConstants."
This reverts commit r18947.

TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/147493005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18948 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 13:54:01 +00:00
bmeurer@chromium.org
fd9eade93a Use HType::NonPrimitive() for non primitive HConstants.
This allows us to use the faster write barrier, omitting the
smi check when storing constant heap objects.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/150303002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18947 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 13:32:05 +00:00
dcarney@chromium.org
5c589640bf crankshaft support for api method calls
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/148333003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18946 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 13:18:41 +00:00
verwaest@chromium.org
b73101d539 Optimize HWrapReceiver
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/135593006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:52:49 +00:00
machenbach@chromium.org
c3c064360d Disable unsuitable tests in ASAN mode.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/148963010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18944 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:52:22 +00:00
alph@chromium.org
9e3af5a4db Add global_context field to GlobalObject in heap profiler.
LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/143263015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:17:21 +00:00
dcarney@chromium.org
a1f55c107f stub api getters
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/150213003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18941 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:15:51 +00:00
bmeurer@chromium.org
846b6cefea The uninitialized value is immortal immovable.
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/137953008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18939 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 12:00:52 +00:00
verwaest@chromium.org
73529a7d14 Support loads from primitive values.
This also changes load computation to use HeapTypes rather than Maps.
TODO: move conversion between maps and heaptypes earlier in the process, already in the oracle.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/147763006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18938 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 11:30:38 +00:00
svenpanne@chromium.org
0c2c9ece90 Make sure we delete[] what we got from new[], not one byte after it.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/150213002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:53:20 +00:00
jarin@chromium.org
99ce5a2484 The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=danno@chromium.org, mstarzinger@chromium.org
LOG=N
BUG=

Committed: https://code.google.com/p/v8/source/detail?r=18918

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18936 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:33:53 +00:00
machenbach@chromium.org
32f45eb7df Fix test expectations for cctest/test-debug.
BUG=v8:3125
R=bmeurer@chromium.org
TBR=verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/150173003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 10:16:54 +00:00
palfia@homejinni.com
af4694e6a0 MIPS: Turn RegExpConstructResultStub into a HydrogenCodeStub.
Port r18902 (ba394fbc)

Original commit message:
This has the additional benefit that it is now possible to
inline the RegExpResult construction code into Hydrogen
builtins.

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/149863003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18934 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 01:42:03 +00:00
machenbach@chromium.org
33ebd4fdb2 Prepare push to trunk. Now working on version 3.24.28.
R=jkummerow@chromium.org
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/149943002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18931 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-30 01:05:08 +00:00
palfia@homejinni.com
8eb39f2aeb MIPS: Remove the HValueOf instruction.
Port r18905 (88f14cd3)

BUG=
R=plind44@gmail.com

Review URL: https://codereview.chromium.org/130803012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 21:51:08 +00:00
machenbach@chromium.org
f815198288 [Sheriff] Mark profviz flaky on GC stress.
BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/149763002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 20:50:51 +00:00
hpayer@chromium.org
e5d9803c17 Make eager allocation site pretenuring decisions.
BUG=
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/149393005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18927 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 17:03:57 +00:00
alph@chromium.org
c911ec3322 Do not overwrite builtin code names in heap profiler
Make sure builtin code objects get their builtin tags
first. Otherwise a particular JSFunction object could set
its custom name to a generic builtin.

LOG=N
R=ulan@chromium.org, yurys@chromium.org

Review URL: https://codereview.chromium.org/145973006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 17:03:13 +00:00
machenbach@chromium.org
953470bdf8 [Sheriff] Mark test-debug/* as flaky on Mac.
Now including release mode.

BUG=v8:3125
LOG=n
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/149623002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 16:59:50 +00:00
jarin@chromium.org
ec51f26b9e Revert "Captured arguments object materialization"
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/130803009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:49:48 +00:00
machenbach@chromium.org
5d8e2f3435 Make 'ASAN' configurable in test status file.
BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/149173006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:30:41 +00:00
machenbach@chromium.org
1f346769c1 Don't parallelize tests that register extensions.
These tests register extensions on the isolate and the configuration of the extensions runs out of scope. If run in parallel, other tests access the isolate's state and read the registered extensions.

BUG=
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/149413005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:29:58 +00:00
machenbach@chromium.org
2eb89824b5 [Sheriff] Mark test-debug/* as flaky on Mac.
BUG=v8:3125
LOG=n
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/135183015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:15:37 +00:00
jarin@chromium.org
868ad01ecb This is a preview of the captured arguments object materialization,
mostly to make sure that it is going in the right direction. The current
version is passing all the existing test + a bunch of new tests
(packaged in the change list, too).

The patch extends the SlotRef object to describe captured and duplicated
objects. Since the SlotRefs are not independent of each other anymore,
there is a new SlotRefValueBuilder class that stores the SlotRefs and
later materializes the objects from the SlotRefs.

Note that unlike the previous implementation of SlotRefs, we now build
the SlotRef entries for the entire frame, not just the particular
function.  This is because duplicate objects might refer to previous
captured objects (that might live inside other inlined function's part
of the frame).

We also need to store the materialized objects between other potential
invocations of the same arguments object so that we materialize each
captured object at most once.  The materialized objects of frames live
in the new MaterielizedObjectStore object (contained in Isolate),
indexed by the frame's FP address.  Each argument materialization (and
deoptimization) tries to lookup its captured objects in the store before
building new ones.  Deoptimization also removes the materialized objects
from the store. We also schedule a lazy deopt to be sure that we always
get rid of the materialized objects and that the optmized function
adopts the materialized objects (instead of happily computing with its
captured representations).

Concerns:

- Is there a simpler/more correct way to store the already-materialized
objects? (At the moment there is a custom root reference to JSArray
containing frames' FixedArrays with their captured objects.)

- Is the FP address the right key for a frame? (Note that deoptimizer's
representation of frame is different from the argument object
materializer's one - it is not easy to find common ground.)

- Performance is suboptimal in several places, but a quick local run of
benchmarks does not seem to show a perf hit. Examples of possible
improvements: smarter generation of SlotRefs (build other functions'
SlotRefs only for captured objects and only if necessary), smarter
lookup of stored materialized objects.

- Ideally, we would like to share the code for argument materialization
with deoptimizer's materializer.  However, the supporting data structures
(mainly the frame descriptor) are quite different in each case, so it
looks more like a separate project.

Thanks for any feedback.

R=mstarzinger@chromium.org, danno@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/103243005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-29 15:14:15 +00:00