AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
12,373 Commits 1 Branch 0 Tags 839 MiB
2fe3799b8f
Commit Graph

819 Commits

Author SHA1 Message Date
mvstanton@chromium.org
e9cc78af7e Fix for V8 issue 2795: Check fails with deopt for mjsunit/array-store-and-grow 
(https://code.google.com/p/v8/issues/detail?id=2795)

The reason is when allocating and building arrays in hydrogen we need to ensure
we do any int32-to-smi conversions BEFORE the allocation. These conversions can
at least theoretically deoptimize. If this happens before all the fields of the
newly allocated object are filled in, we will have a corrupted heap.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/20726002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-29 11:50:39 +00:00
jkummerow@chromium.org
32e2e37230 Fix JSArray-specific length lookup in polymorphic array handling 
BUG=chromium:263276
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/20295005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15884 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-25 15:04:21 +00:00
verwaest@chromium.org
5de783d47e Adding Smi support to Add, Sub, Mul, and Bitwise 
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20070005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-25 11:53:38 +00:00
titzer@chromium.org
5dd517ff3b Move representation into HObjectAccess and remove from HLoadNamedField and HStoreNamedField. 
BUG=
R=danno@chromium.org

Review URL: https://codereview.chromium.org/18503006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15875 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-25 09:37:52 +00:00
mmassi@chromium.org
b5a43f48a6 New array bounds check elimination pass (focused on induction variables and bitwise operations). 
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/17568015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-25 06:37:25 +00:00
verwaest@chromium.org
6b83c868f0 Convert CONSTANT_FUNCTION to CONSTANT 
R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19485008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15858 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-24 12:34:50 +00:00
mstarzinger@chromium.org
3cdeb2f9cd Avoid adding HWrapReceiver during graph building. 
This adds an early check to the graph builder which prevents adding an
HWrapReceiver instruction if the receiver type is already known at graph
building time. Also HAllocate no longer unnecessarily postpones setting
it's type until type inference but sets it right away. These changes are
in preparation for escape analysis.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/19493005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15843 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-24 08:05:49 +00:00
jkummerow@chromium.org
b7369c38ec Fix assert/crash in HandlePolymorphicCallNamed 
R=jkummerow@chromium.org
TEST=Ryan Sturgell's test runs through without crashing

Review URL: https://codereview.chromium.org/20051008

Patch from Daniel Clifford <danno@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15842 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-24 08:00:52 +00:00
danno@chromium.org
8cbbdd066c Unify SoftDeoptimize and Deoptimize hydrogen instructions 
BUG=chromium:258519
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/19528003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15827 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-23 13:35:10 +00:00
verwaest@chromium.org
7e08f81e6d Also eliminate map checks with transitions. 
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19888006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15821 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-23 10:01:06 +00:00
verwaest@chromium.org
babce318d1 Eliminate map checks of constant values. 
R=ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19954005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15819 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-23 09:18:42 +00:00
olivf@chromium.org
b8d7bee4a3 Avoid tagged values for Instructions that truncate the operands with ToNumber. 
I case the ToNumber is applied to a non numeric value but its not observable (some constants and oddballs) we should already do it in hydrogen...

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/19798002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15818 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-23 09:13:59 +00:00
bmeurer@chromium.org
44f576ba65 Replace BuildExternalArrayElementAccess() with AddExternalArrayElementAccess(). 
This is trivial cleanup. All calls to BuildExternalArrayElementAccess()
pass the result to AddInstruction().

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/19658004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-22 08:20:47 +00:00
bmeurer@chromium.org
1b73068626 Replace BuildFastElementAccess() with AddFastElementAccess(). 
This is trivial cleanup. All calls to BuildFastElementAccess() pass
the result to AddInstruction().

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/19759003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-22 07:00:46 +00:00
ulan@chromium.org
88a4b0d6ca Fix deopt in store with effect context. 
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19693004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15780 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 13:45:26 +00:00
mvstanton@chromium.org
ec8c6f4692 Rename AllocationSiteInfo to AllocationMemento 
This is just a rename change with the exception of a bug found along the way in
CodeStubGraphBuilder<FastCloneShallowArrayStub>::BuildCodeStub(). There, the
intent is to get the boilerplate object from an AllocationSite. But the wrong
HObjectAccess was used. It only succeeds because it happened to be the same
offset :).

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/19595004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15778 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 13:30:49 +00:00
bmeurer@chromium.org
5e85399572 Cleanup StringAddFlags. 
Avoid duplication of StringAddFlags in the platform specific code stubs header files.
Fix the inverted flag logic, replacing it with a scheme that is easier to understand.

Depends on: https://codereview.chromium.org/19541003

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/19492006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 11:52:42 +00:00
bmeurer@chromium.org
d750a6dcd8 Consistently use HStringAdd instead of HCallStub with CodeStub::StringAdd. 
Previously there were two ways to actually use the StringAddStub
from Hydrogen:

- Either using HStringAdd (which implied NO_STRING_CHECK_IN_STUB
  and and does the argument handling internally),
- or using HCallStub with CodeStub::StringAdd (which implied
  NO_STRING_ADD_FLAGS and expected the arguments to be on the
  stack already).

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/19541003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 09:42:15 +00:00
verwaest@chromium.org
be472d82fd Fix wrong bailout id in polymorphic stores. 
BUG=chromium:259787
R=titzer@chromium.org, ulan@chromium.org

Review URL: https://chromiumcodereview.appspot.com/19528005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15763 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 08:45:47 +00:00
mstarzinger@chromium.org
3eded2c06c Fix %NeverOptimizeFunction runtime call. 
The current usage of this runtime function is broken as it does not
prevent inlining of the affected function but rather bails out from the
whole unit of compilation after trying to inline affected functions.
This simplifies said runtime function to avoid accidental misuse.

R=titzer@chromium.org
TEST=mjsunit/never-optimize

Review URL: https://codereview.chromium.org/19776006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15762 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-19 08:25:44 +00:00
jkummerow@chromium.org
2c7b8cf5c1 Hydrogen array accesses: switch from elements_kind to map based polymorphism 
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18209023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-18 09:46:56 +00:00
hpayer@chromium.org
ced115b6ae Double align fast literals of fast double elements kind. 
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/19603002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-18 08:42:03 +00:00
jkummerow@chromium.org
9ed1fe1ac4 Better fix for LiteralCompareTypeof 
This reverts r15725 and replaces it with the following one-liner
in hydrogen.cc's HandleLiteralCompareTypeof:

-  CHECK_ALIVE(VisitForValue(sub_expr));
+  CHECK_ALIVE(VisitForTypeOf(sub_expr));

R=danno@chromium.org

Review URL: https://codereview.chromium.org/19523005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15728 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 15:58:59 +00:00
jkummerow@chromium.org
f5cae51e20 Fix LiteralCompareTypeof breakage introduced in r15723 
R=danno@chromium.org

Review URL: https://codereview.chromium.org/19556003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 14:58:00 +00:00
olivf@chromium.org
d75b34db33 There is no undefined Literal. 
BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/18429005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15724 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 14:10:38 +00:00
jkummerow@chromium.org
22f2fd8397 Synchronize Compare-Literal behavior in FullCodegen and Hydrogen 
BUG=chromium:260345
R=danno@chromium.org

Review URL: https://codereview.chromium.org/19582002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 13:13:38 +00:00
bmeurer@chromium.org
410b4b2db4 Reland "Turn ElementsTransitionAndStore stub into a HydrogenCodeStub". 
Fix the invalid array length check, replacing it with a check of
the elements pointer similar to TransitionElementsKindStub.
Refactor common code from ElementsTransitionAndStoreStub and TransitionElementsKindStub into BuildTransitionElementsKind() helper method.
Add test case for the MD5 computation that used to crash before,
and a small test case for the specific issue.

R=danno@chromium.org

Review URL: https://codereview.chromium.org/19367003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15713 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 11:37:20 +00:00
hpayer@chromium.org
29ad06f684 More aggressively inline optimized code. 
BUG=
R=danno@chromium.org, mstarzinger@chromium.org, titzer@chromium.org

Review URL: https://codereview.chromium.org/19504006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 08:44:10 +00:00
svenpanne@chromium.org
0e99e77143 Removed unused HOptimizedGraphBuilder::BuildCallSetter method. 
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/19235011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-17 08:02:08 +00:00
mstarzinger@chromium.org
35052bc2ea Reland deprecation of HAllocateObject in favor of HAllocate. 
This essentially relands r14930 and r14935 with adaptions to the current
code base. It models the instantiation of an implicit receiver for
CallNew nodes in hydrogen using HAllocate together with generic stores
instead of one specialized HAllocateObject instruction, hence creating a
single choking point for inlined allocation in optimized code.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/19207002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-15 15:12:16 +00:00
bmeurer@chromium.org
fb77805ab7 Turn propagate deoptimizing mark into a proper HPhase. 
Also turn the recursion on the domination chain into a loop with
an explicit stack, to avoid possible stack overflow here.

R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/19150002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-15 09:53:00 +00:00
verwaest@chromium.org
a7d38e483b Support grow-stub by >1 if the target is holey. 
R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18484006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 14:21:14 +00:00
titzer@chromium.org
9e7819fac4 Added %NeverOptimize runtime call that can disable optimizations for a method for tests. 
BUG=

Review URL: https://codereview.chromium.org/18214005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 14:17:56 +00:00
bmeurer@chromium.org
b2f909cf3e Turn array index dehoisting into a proper HPhase. 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/18562009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 12:03:43 +00:00
rossberg@chromium.org
b17713e405 Introduce type Bounds record 
Refactoring in anticipation of handling variable bounds.

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/18415005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 11:47:05 +00:00
bmeurer@chromium.org
c294a40e0a Turn canonicalization into a proper HPhase. 
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/18758003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 08:21:50 +00:00
verwaest@chromium.org
e6721cdcb4 Fix StoreIsUninitialized, and add Soft Deopt if keyed store is uninitialized. 
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18526005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-11 07:52:57 +00:00
bmeurer@chromium.org
695b18c050 Turn merge removable simulates into a proper HPhase. 
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/18258004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 16:34:28 +00:00
bmeurer@chromium.org
5664bcaed3 Refactor compute minus zero checks into a proper HPhase. 
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/18666006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 14:08:19 +00:00
verwaest@chromium.org
cc877e4836 Turn polymorphic calls using the same prototype monomorphic. 
R=mvstanton@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18918002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15593 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 13:05:41 +00:00
bmeurer@chromium.org
bdff9c70b8 Use BuildGrowElementsCapacity for the TransitionElementsKind stub. 
R=danno@chromium.org, dslomov@chromium.org

Review URL: https://codereview.chromium.org/18876004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 12:19:02 +00:00
verwaest@chromium.org
22d7a85519 Unify Count Operation assignment with other assignments 
This relands 15578, disables 1 test in harmony observe re bug v8:2774

R=dslomov@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18452013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 12:02:18 +00:00
olivf@chromium.org
857178ad23 Replace custom builtin invocation instructions by a generic version 
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/18154004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 09:02:23 +00:00
dslomov@chromium.org
6071894047 Revert "Unify the Count Operation assignment with other assignments." 
This reverts commit r15578.

This change made mjsunit/harmony/object-observe.js flaky.

TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18537006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-10 07:53:16 +00:00
verwaest@chromium.org
5eeed4636d Unify the Count Operation assignment with other assignments. 
This does not enable inlining of setters (yet).

R=danno@chromium.org

Review URL: https://chromiumcodereview.appspot.com/17432004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15578 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-09 17:08:47 +00:00
verwaest@chromium.org
125b7d0848 Add support to turn polymorphic loads from the same prototype into a monomorphic load. 
R=yangguo@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18887002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-09 09:59:23 +00:00
mvstanton@chromium.org
23695eb86e Rename AllocationSite::payload to AllocationSite::transition_info 
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/18749004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 15:00:12 +00:00
mvstanton@chromium.org
67d9051bcd Create AllocationSite objects, pointed to by AllocationSiteInfo. 
This creates a platform where we can do additional things with allocation sites,
other than just aid in reducing array transitions.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/15094018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15545 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 10:02:16 +00:00
bmeurer@chromium.org
47df386841 Turn the representation changes into a proper HPhase. 
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/18832002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15541 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 09:02:09 +00:00
bmeurer@chromium.org
99f171a128 Turn redundant bounds checks elimination into a proper HPhase. 
R=dslomov@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/18826002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15537 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2013-07-08 08:36:28 +00:00