The previous code relied on the tricky global invariant that there is no map
sharing when accessor properties are involved (or in other words: that
TransformToFastProperties is dumb enough :-). Although this is not a real
problem with the current code, this assumption breaks when map sharing in fast
mode is enabled, so we defensively copy an AccessorPair.
Review URL: https://chromiumcodereview.appspot.com/9430048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10810 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This refactors the way we (re)define elements to perform normalization
and attribute updating at a much deeper level, thereby removing some
bogus special cases in upper runtime layers.
Most element setters take an indicator flag that distinguishes between
setting and defining. Setting of an element causes attributes to remain
unchanged, writability to be checked and callbacks to be called.
Defining of an element causes attributes to be updated and callbacks to
be overridden. The same approach could be taken for properties.
R=svenpanne@chromium.org
BUG=v8:1772
TEST=test262,test262/15.2.3.6-4-333-11
Review URL: https://chromiumcodereview.appspot.com/9443014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The old HashMap class had an explicit member to determine the allocation
policy. The template version matches the approach used already for
lists.
Cleanup some include dependencies and unnecessary forward declarations.
Cleanup some dead code from isolate.h and replace some HEAP macros
with GetHeap().
Review URL: https://chromiumcodereview.appspot.com/9372106
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10806 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
It is achieved by:
1. skipping entries those dominators have already reached root.
2. processing only entries those retainers have changed their
dominators and skipping other entries.
3. removing extra memory indirection by making the dominators array
contain entry indices instead of entries themselves.
The dominators building time has dropped from ~4000 ms to ~200 ms
on gmail.com heap snapshot.
BUG=none
TEST=none
Review URL: https://chromiumcodereview.appspot.com/9372105
Patch from Alexei Filippov <alexeif@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10799 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Modify PreProcessOsrEntry to work with OSR entries that have non-empty expression stack.
Modify graph builder to take for-in state from environment instead of directly referencing emitted instructions.
Extend %OptimizeFunctionOnNextCall with an argument to force OSR to make writing OSR tests easier: %OptimizeFunctionOnNextCall(f, "osr").
R=fschneider@chromium.org
TEST=test/mjsunit/compiler/optimized-for-in.js
Review URL: https://chromiumcodereview.appspot.com/9431030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Only JSObject enumerables with enum cache (fast case properties, no interceptors, no enumerable properties on the prototype) are supported.
HLoadKeyedGeneric with keys produced by for-in enumeration are recognized and rewritten into direct property load by index. For this enum-cache was extended to store property indices in a separate array (see handles.cc).
New hydrogen instructions:
- HForInPrepareMap: checks for-in fast case preconditions and returns map that contains enum-cache;
- HForInCacheArray: extracts enum-cache array from the map;
- HCheckMapValue: map check with HValue map instead of immediate;
- HLoadFieldByIndex: load fast property by it's index, positive indexes denote in-object properties, negative - out of object properties;
Changed hydrogen instructions:
- HLoadKeyedFastElement: added hole check suppression for loads from internal FixedArrays that are knows to have no holes inside.
R=fschneider@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9425045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This CL is an intermediate step only, in the end we need to have a single
DefineOrRedefineAccessorProperty call for a single Object.defineProperty
call. Currently we can end up making two such calls, making the necessary access
checks extremely ugly and hard (impossible?) to get right for complete spec
conformance.
The bulk of the change is quite mechanical:
* Prepare an AccessorPair *before* we add it to our data structures,
eliminating the previous voodoo-like threading of a placeholder.
* The previous item makes it possible to activate our check that we do not
share AccessorPairs by accident.
* Split a monster method into 2 quite unrelated methods.
* Use templated To method in a few places.
Review URL: https://chromiumcodereview.appspot.com/9428026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10700 (c976fbd5).
Original commit message:
This change enables optimization of top-level and eval-code. For this to work, it adds
support for declaring global variables in optimized code.
At the same time it disables the eager generation of deoptimization support data
in the full code generator (originally introduced in
r10040). This speeds up initial compilation and saves
memory for functions that won't be optimized. It requires
recompiling the function with deoptimization
support when we decide to optimize it.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9418006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The bulk of this CL is purely mechanical: Make the CONVERT_FOO macros more
uniform by always using an index instead of an object. Apart from this, it
includes a few minor changes like using CONVERT_SMI_ARG_CHECKED a bit more or
introducing a new macro for PropertyDetails. Nothing spectacular, just something
sitting on my disk for quite some time now...
Review URL: https://chromiumcodereview.appspot.com/9395075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A GC in the access check callbacks NamedSecurityCallback and IndexedSecurityCallback
violates the contract about these callbacks.
Added a EXTERNAL VMState scope around the call to FailedAccessCheckCallback to be
consistent with the other callback invocations.
BUG=v8:1952
TEST=cctest/test-api/TurnOnAccessCheckAndRecompile
Review URL: https://chromiumcodereview.appspot.com/9425048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Turned all uses of 'const' into 'var'.
* Turned all uses of local 'function' into 'var'.
* Added a couple of missing toplevel 'var' declarations.
One consequence is that the properties on the builtin object are no longer
non-writable, and I had to adapt one test. Is that a problem?
Unfortunately, we cannot actually switch the library scripts to strict mode
by default, because that makes observable things like poisoned .caller properties
for library functions.
Also removed dead flag code in Compiler::Compile.
R=yangguo@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9415010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
