Commit Graph

2289 Commits

Author SHA1 Message Date
mvstanton@chromium.org
53194b44ba Allocation site tests aren't compatible with GcStress mode.
They make assumptions about elementskind of arrays based on allocation site
feedback. This feedback is highly dependent on mementos, unrooted objects
placed behind arrays in the heap meant to live until the next scavenge.

GcStress does many more gcs than normal, and wrecks havoc with this kind
of test.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/23449042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 13:32:00 +00:00
jochen@chromium.org
98477e3880 Collect garbage before running mjsunit/fast-prototype
When not using a snapshot, after turning on i18n, there's just enough
garbage after creating a context to trigger gc at the wrong moment.
Since the test uses natives syntax to access information that would
otherwise be hidden from javascript, this makes the test fail

BUG=none
R=mstarzinger@chromium.org
TEST=mjsunit/fast-prototype passes on ia32.release with no snapshot

Review URL: https://codereview.chromium.org/23452047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16830 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 13:11:57 +00:00
mvstanton@chromium.org
59c32b6481 Transitions from DOUBLE to FAST were not checking for allocation site info.
This creates a confusing result. It's better to let allocation sites
transition to their end state than artificially stop tracking at the
double/fast boundary.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22868004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 09:48:50 +00:00
titzer@chromium.org
957a6da2a2 Dynamically align OSR frames on ia32.
BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23619076

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-18 16:05:39 +00:00
prybin@chromium.org
2974f8e3bb Support stepin for combination of apply and bound function
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23513023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16777 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 17:35:36 +00:00
titzer@chromium.org
05797e77fd Implement local load/store elimination on basic blocks.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/24117004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 15:32:21 +00:00
rodolph.perfetta@gmail.com
87d0659e76 ARM: Tweak StoreKeyed.
Avoid corrupting its input in some cases.

BUG=none
TEST=test/mjsunit/lithium/StoreKeyed*.js
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/23600054

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16771 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-17 12:37:31 +00:00
svenpanne@chromium.org
8ed9b08e31 In the case of shift amounts with two constants and if their sum is equal 32, then shift can also be replaced with bit rotate.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/24095002

Patch from Bangfu Tao <bangfu.tao@samsung.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16735 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-16 13:51:14 +00:00
rodolph.perfetta@gmail.com
39f0ccc2b3 ARM: Tweak the integer division operation.
BUG=none
TEST=test/mjsunit/lithium/DivI.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23536045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-16 11:28:18 +00:00
bmeurer@chromium.org
8540129339 ARM: Improve SeqStringSetChar implementation.
TEST=/test/mjsunit/lithium/SeqStringSetChar.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23890007

Patch from Rodolph Perfetta <rodolph.perfetta@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16707 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 09:13:58 +00:00
rossberg@chromium.org
94c4c596e0 Array "splice" changeRecords should be emitted after the performChange has completed (per spec)
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23434008

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 08:13:02 +00:00
rossberg@chromium.org
f99298bf5d Allow implicit conversion of acceptList values to string during Object.observe
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23464058

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-13 08:09:39 +00:00
yangguo@chromium.org
cb10ceb19d Reland "Clean up after r16292 (disable optimization for StringWrappers)."
BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/23619036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16691 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 16:17:58 +00:00
jochen@chromium.org
c5b3ce0671 Snapshot i18n Javascript code
The previous attempt used Boolean instead of $Boolean.

BUG=v8:2745
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23622028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16687 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 13:50:38 +00:00
yangguo@chromium.org
151e514930 Simplify installing concurrently recompiled code.
Instead of overwriting the code entry of the function, we trigger
an interrupt to install the code on the main thread.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23542029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:30:56 +00:00
yangguo@chromium.org
ad25a2969d Revert "Clean up after r16292 (disable optimization for StringWrappers)."
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23600040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 11:15:12 +00:00
yangguo@chromium.org
996813cca2 Clean up after r16292 (disable optimization for StringWrappers).
R=jochen@chromium.org
BUG=v8:2855

Review URL: https://codereview.chromium.org/22891028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16677 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-12 10:55:57 +00:00
rossberg@chromium.org
efd71c9999 performChange no longer takes a |receiver| argument.
The spec omits the receiver arg with the idea arrow functions with lexical |this| will obviate the need for it.

BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/23727006

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:52:20 +00:00
titzer@chromium.org
49d9555a97 Generate a custom OSR entrypoint for OSR compiles on all platforms, and transition to optimized code using the special entrypoint, instead of through the deoptimizer. Do not install the OSR compiled code as _the_ optimized code for a function.
Remove OSR-related stuff from deoptimizer.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/21340002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16599 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-09 16:34:40 +00:00
mstarzinger@chromium.org
ba48f3bd8c Consider out-of-bounds accesses as escaping uses.
R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23892007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16589 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-09 09:53:58 +00:00
prybin@chromium.org
48cae75df8 Debug: parameterize 'step over' action with a frame where the step must be performed
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23533015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-08 19:05:29 +00:00
jkummerow@chromium.org
daee0d83db Fix bitwise negation on x64
BUG=chromium:285355
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/24037003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-06 15:21:38 +00:00
rodolph.perfetta@gmail.com
82f0649c76 ARM: Improve integer multiplication.
TEST=test/mjsunit/lithium/MulI.js
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23452022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16576 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-06 13:12:46 +00:00
yangguo@chromium.org
d9659da6f4 Fix bug in regexp result object construction.
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23548018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 14:32:49 +00:00
verwaest@chromium.org
b41a7b9cea Properly close the CountOperation value/effect context after leaving the store effect context.
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23897003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 12:33:14 +00:00
verwaest@chromium.org
6f358946ac Disable map-check relying on cache behavior sensitive to GC-timing
R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23892005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16544 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-05 08:36:10 +00:00
yangguo@chromium.org
070e3b0af4 Introduce concurrent on-stack replacement.
Currently disabled behind --concurrent-osr.

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23710014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16527 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-04 12:55:59 +00:00
mstarzinger@chromium.org
fa8a182208 Fix OSR to ignore phis without merge index in loop entry.
This fixes a corner case introduced by escape analysis where phis are
introduced in OSR loop entry blocks that don't have a merge index and
hence cannot contain OSR values.

R=titzer@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23503025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 16:51:44 +00:00
verwaest@chromium.org
3f70c3b07b Allow uncacheable identifiers to go generic.
BUG=v8:2867
R=jkummerow@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23453019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16481 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 16:32:11 +00:00
prybin@chromium.org
1e44c36cdc In reporting step-in positions be more accurate with a position the debugger paused at
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23264015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16472 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 12:24:41 +00:00
olivf@chromium.org
78df13d0d5 Move ToI conversions to the MacroAssembler
+ Replace DeferredTaggedToINoSSE2 by DoubleToIStub and a fpu version.

+ Prevent truncating TaggedToI from bailing out.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22290005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16464 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-02 09:30:54 +00:00
jkummerow@chromium.org
9efb5cd23b Make VisitStatements() consistent among all AstVisitor implementations
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23441018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16443 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-30 10:51:37 +00:00
jkummerow@chromium.org
2c9ac9c7e1 Always visit branches during HGraph building
even if constant values indicate that they are unreachable.

BUG=chromium:280333
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23623009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-29 14:55:45 +00:00
hpayer@chromium.org
95c7ae8149 Simplified BuildFastLiteral by eliminating manual allocation folding.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23030002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-29 12:06:45 +00:00
jkummerow@chromium.org
3747b5bc6d Delete HAbnormalExit. It does more harm than good.
BUG=v8:2843
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23462007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 15:00:30 +00:00
mstarzinger@chromium.org
57ac971a78 Implement proper map checks of captured objects.
R=verwaest@chromium.org
TEST=mjsunit/compiler/escape-analysis

Review URL: https://codereview.chromium.org/23697002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 14:16:57 +00:00
verwaest@chromium.org
652b174cfc Merge verbatim descriptors from other (the descriptor of the map being updated) rather than this (descriptors of the most updated map found in the transition tree).
BUG=v8:2863
R=svenpanne@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23676003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16396 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 12:37:14 +00:00
hpayer@chromium.org
4d7375ca98 Clear next map word when folding allocations into js arrays.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/22915007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 08:39:43 +00:00
plind44@gmail.com
b45fa06231 MIPS: Fix return-value from Array.push stub when pushing non-SMI value
Load and update the arrays length in v0 to make sure the length gets
returned correctly when leaving the function.

Add new testcase.

TEST=mjsunit/array-push-non-smi-value

BUG=130022
R=jkummerow@chromium.org, plind44@gmail.com

Review URL: https://codereview.chromium.org/23589002

Patch from fs <fs@opera.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16377 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-28 05:23:51 +00:00
verwaest@chromium.org
788811244e Eliminate intentional conversion from Smi to Int32 in HMul
If not all uses of arithmetic binary operation can be truncated to Smi, check if they can be truncated to Int32 which could avoid minus zero check

Fixed DoMulI on X64 to adopt correct operand size when the representation is Smi

Fixed DoMulI on ARM. Constant right operand optimization is based on Integer 32 instead of its representation.

BUG=
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/22600005

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16361 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-27 13:55:00 +00:00
jkummerow@chromium.org
da037f9872 H-BuildIncrement should make use of available type feedback
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/22611009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16353 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-27 11:44:45 +00:00
jkummerow@chromium.org
caba24c813 Revert "Snapshot i18n Javascript code" and "Fix mjsunit/debug-script after r16298".
This reverts r16298 and r16303 due to ChromeOS browser_tests failures ("Uncaught ReferenceError: Boolean is not defined" in --gtest_filter="FileDisplay/FileManagerBrowserTest.Test/0" and others)

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23414008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 17:00:58 +00:00
mstarzinger@chromium.org
e146b6e148 Fix replaying of captured objects during chunk building.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/22819011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 16:43:19 +00:00
jkummerow@chromium.org
11fd577261 Lower kInitialMaxFastElementArray constant to 95K
to work around erroneous "illegal access" error on x64.

BUG=v8:2790
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/22877039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16324 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 13:04:05 +00:00
mvstanton@chromium.org
c9591f005e Store mode for keyed stores should be passed in from type feedback
regardless of the map used in polymorphic stores.

BUG=
R=jkummerow@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/21058003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16323 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 12:28:08 +00:00
dcarney@chromium.org
ad9cc8e716 js accessor creation on Template
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/22903012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16321 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-26 11:59:14 +00:00
jochen@chromium.org
885c88e4d5 Fix mjsunit/debug-script after r16298
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/23102015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16303 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 13:45:24 +00:00
jochen@chromium.org
064c91be57 Snapshot i18n Javascript code
BUG=v8:2745
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23304005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16298 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 13:24:48 +00:00
jochen@chromium.org
de7352db92 Temporarily disable optimization for StringWrappers to use native valueOf
V8 stores this information directly in the map of the wrapper, however,
it is not invalidated when the prototype of the wrapper is changed, so
once the bit is set, it is no longer possible to override valueOf.

This bug is currently hidden in Chrome since the i18n extension always
modifies the String.prototype, and so the optimization never kicks in.
Disabling the optimization temporarily allows for snapshotting i18n now.

BUG=v8:2855
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-2855.js

Review URL: https://codereview.chromium.org/23060030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16292 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 11:31:18 +00:00
rossberg@chromium.org
971df386b3 Fix scoping of function declarations in eval inside non-trivial local scope
R=mstarzinger@chromium.org
BUG=v8:2594

Review URL: https://codereview.chromium.org/22901010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-08-23 09:25:37 +00:00