left and right sides of the comparison to reflect reality. Don't
check explicitly for NaNs when using VFP3 since the compare
operation can signal this case with the v flag. Use cmp instead
of tst in the fast compilers since tst leaves the v flag unchanged
and thus can only work by accident on non-equality comparisons.
Review URL: http://codereview.chromium.org/551048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When a function is called with a value type as the receiver this is now boxed as an object.
This is a low-impact solution where the receiver is only boxed when required. For IC calls to the V8 builtins values are not boxed and as most of the functions on String.prototype, Number.prototype and Boolean.prototype are sitting there most IC calls on values will not need any boxing of the receiver.
For calls which are not IC calls but calls through the CallFunctionStub a flag is used to determine whether the receiver might be a value and only when that is the case will the receiver be boxed.
No changtes to Function.call and Function.apply - they already boxed values. According to the ES5 spec the receiver should not be boxed for these functions, but current browsers have not adopted that change yet.
BUG=223
TEST=test/mjsunit/value-wrapper.js
TEST=test/mjsunit/regress/regress-crbug-3184.js
Review URL: http://codereview.chromium.org/542087
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in particular).
* Called function is passed on the stack instead of
using a static variable.
* Builtins that don't need the called function don't
get it.
* Made is_construct statically known to HandleApiCall
by setting custom construct stub for API functions.
Review URL: http://codereview.chromium.org/536065
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Refactor VisitProperty to use the platform-specific methods for emitting the IC calls.
* Refactor recording of source positions in the top-level compiler.
* Correct the recorded source positions for assignments and property loads.
* Fix bug on x64 where source positions were not recorded before a calling a call-IC.
* Correct some inconsistencies between IA-32 and X64 top-level code generator.
We now pass all regression tests with
--always-fast-compiler.
Review URL: http://codereview.chromium.org/550043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Replace runtime call to NumberAdd with call to binary op stub.
Until now the top-level compiler always called a runtime function
for count operations.
In some places we expected in the JS builtins smis as arguments.
If we perform a count operation before all smis would get converted into
heap numbers by the runtime number add function and result in a runtime
assert.
Also: Add missing debugger information in the top-level compiler for
do-while loops.
Review URL: http://codereview.chromium.org/548029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When initializing the special local variable containing the reference to the enclosing
function in named functions we now (correctly) emit an INIT_CONST instead of INIT_VAR,
and we correctly bail out in the top-level code generator.
Also part of this change is adding missing statement position information
for some statements in the top-level code generator.
Review URL: http://codereview.chromium.org/536029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
for partial snapshots. After reserving space we can be sure that allocations
will happen linearly (no GCs and no free-list allocation). This change also
contains the start of the partial snapshot support, which, however is not yet
completed or tested.
Review URL: http://codereview.chromium.org/545026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
instruction sequence for jumps:
mov(ip, Operand(target, rmode), LeaveCC, cond);
bx(ip, cond)
Changed a JS call in the compare stub to a tail call to avoid GC
problems where the pushed return address is not updated on GC.
Review URL: http://codereview.chromium.org/549022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3582 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Rename the operation of filling a context with a value. Formerly it
was 'Move', now it's 'Apply' so as to avoid confusion with various
other Moves (eg, in the toplevel codegen, in the macro assemblers).
* Use the abstraction Drop rather than math on the stack pointer.
* Add a predicate on AST expression nodes to abstract a repeated test
whether we should us a regular (named) IC or a keyed IC.
Review URL: http://codereview.chromium.org/546006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added a stub to allocate and fill a string object with a substring from another string.
Use the rep movs instruction to copy the string data as it turned out to be the fastest way.
While preparing this I experimented with some SSE2 instructions, so the instructions movdqa and movdqu are still in the IA-32 assembler even though they are not used.
Review URL: http://codereview.chromium.org/525085
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Calls to RegExp no longer have to be via a call to the runtime system. A new stub have been added which can handle this call in generated code. The stub checks all the parameters and creates RegExp entry frame in the same way as it is created by the runtime system. Bailout to the runtime system is done whenever an uncommon situation is encountered or when the static data used is not initialized. After running the native RegExp code the last match info is updated like in the runtime system.
Currently only ASCII strings are handled.
Added another argument to the RegExp entry frame. It indicated whether the call is direct from JavaScript code or through the runtime system. This information is used when RegExp execution is interrupted. If an interruption happens when RegExp code is called directly a retry is issued causing the interruption to be handled via the runtime system. The reason for this is that the direct call to RegExp code does not support garbage collection.
Review URL: http://codereview.chromium.org/521028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
generator.
The Slot::Type enumeration has four values. It should never be
necessary to use a default to handle the case of a value out of range
of the enumeration. Doing so silences a useful warning when one of
the enumeration values is actually forgotten or when a new enumeration
value is added.
Review URL: http://codereview.chromium.org/521019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3532 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Until now we only supported postfix operations on global variables.
This change add generic count operations to the top-level compiler.
I tried to re-use code from the code generator used for assignment expressions
where possible.
Review URL: http://codereview.chromium.org/496009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If a function contains more than a certain number of locals (IA32: 9, X64: 6, ARM: 4)
a loop for initializing the locals with 'undefined' is more compact.
For less locals we unroll that loop by emitting a sequence of push instructions.
Review URL: http://codereview.chromium.org/515012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3521 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When generating code for object and array literals we performed
the check if the a boilerplate already exists in generated code.
In the top-level compiler we now do this check in a new runtime
function. This makes the generated code more compact for top-level code.
Review URL: http://codereview.chromium.org/465148
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Refactor the structure of VisitAssignment: The existing code is not ideal
to be extended with support for compound assignments.
2. Reuse common code for keyed property assigments: Now variables rewritten
to a property (.arguments access) are treated like normal keyed property
assignments. This allows us to remove some code duplication.
Review URL: http://codereview.chromium.org/456024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3425 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This adds a code stub which can do most of what Heap::AllocateConsString can do. It bails out if the result cannot fit in new space or if the result is a short (flat) string and one argument is an ascii string and the other a two byte string. It also bails out if adding two one character strings as Heap::AllocateConsString has special handling of this utilizing the symbol table. The stub is used both for the binary add operation and for StringAdd calls from runtime JavaScript files. Extended the string add test to cover all sizes of flat result stings.
Review URL: http://codereview.chromium.org/442024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3400 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The different length string types was used to encode the string length and the hash in one field. This is now split into two fields one for length and one for hash. The hash field still encodes the array index of the string if it has one. If an array index is encoded in the hash field the string length is added to the top bits of the hash field to avoid a hash value of zero.
On 32-bit this causes an additional 4 bytes to be used for all string objects. On 64-bit this will be half on average dur to pointer alignment.
Review URL: http://codereview.chromium.org/436001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Summary:
This change fixes a performance regression introduced by the special
handling of regular expressions in typeof expressions.
As a result we regain ~8% speedup on 3d-raytrace and ~13% on boyer
(vs bleeding edge)
Description:
The macros IS_OBJECT and IS_FUNCTION are frequently used in the
JS runtime functions.
By introducing new inlined runtime functions %_IsFunction and %_IsObject
we avoid invoking the more expensive %_ClassOf function plus comparing
its result to a string.
Review URL: http://codereview.chromium.org/399111
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Condition block of do/while statements is a valid break location so it should have its own position. The block is represented by a regular Expression node so we cannot store the position in it, instead the position is stored in a separate field in DoWhileStatement AST node.
BUG=514
Review URL: http://codereview.chromium.org/385136
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
available. We use this to ensure that snapshots on MacOSX can
use SSE2 instructions. Also clean up and assertify the
handling of things we can't do when we are generating a
snapshot. Fix a bug in the new serialization tests where
they activated Snapshot::enable() too late after code had been
generated that assumed no snapshots.
Review URL: http://codereview.chromium.org/391051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
regular expressions to be consistent with typeof in other contexts.
Typeof regular expressions should now be 'function' in all contexts.
In the JS natives, IS_FUNCTION, IS_OBJECT, and IS_REGEXP return the
same answers as before.
Review URL: http://codereview.chromium.org/360053
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the generated code for function.apply there was a loop checking the stack limit for interruption. This loop would call into the runtime system to handle interuption and keep running until there was no interruption. However if the interuption was debug break the runtime system would never clear the interruption as debug break is prevented in builtins are prevented and the assumption here was that returning with the debug break flag set would move execution forward.
Renamed initial_jslimit and initial_climit to real_jslimit and real_climit. Renamed a few external references related to the stack limit as well.
Exposed the real stack limit to generated code to make the stack check when entering function.apply use the real stack limit and not the stack limit which is changed to signal interruption.
Added the real stack limit to the roots array.
BUG=http://code.google.com/p/v8/issues/detail?id=493
TEST=cctest/test-debug/DebugBreakFunctionApply
Review URL: http://codereview.chromium.org/345048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
separate JS stack.
In exception handling, we need to be able to compare addresses into
the JavaScript portion of the stack with the address of a C++ handler
on the stack. Since the stacks are separate on the simulator, we need
a JavaScript stack address corresponding to a C++ try catch handler in
order to perform valid address comparisons.
On the simulator, we now link the C++ try catch handlers indirectly
through the JS stack and use the JS stack indirection address for
comparisons.
JS C++
handler
[C++ address] <------ next_
\
\
\----> handler
[C++ address] <------ next_
On actual hardware the C++ try catch handlers continue to be directly
linked.
BUG=http://code.google.com/p/v8/issues/detail?id=271
Review URL: http://codereview.chromium.org/360004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
There were two separate implementations of the function
'BuildBoilerplate' that is used to compile function declarations and
function literals. The implementations did not do exactly the same
thing. In particular, one ignored the flag --lazy.
Combine the two implementations.
Review URL: http://codereview.chromium.org/360011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
used to signal that an expression was the immediate subexpression of
typeof, or (?) in the arm of a conditional expression itself in the
typeof state.
It was inconsistently consulted. It was not used for property loads,
but only for slot loads. This means that we matched the Webkit JSC
(not Spidermonkey) behavior for:
typeof(true ? x : y) // throws ReferenceError
and we matched the SpiderMonkey behavior (not JSC) for:
with ({}) { typeof(true ? x : y) } // ==> "undefined"
Now we are expected to match the JSC behavior in all cases.
Review URL: http://codereview.chromium.org/362004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
directly-applied function literals that are themselves compiled with
the top-level code generator.
The choice is guarded by a test that the function is anonymous (thus
not expected to be recursive) and not in a loop.
A compilation hint is set in the shared function info and used to make
the choice.
Review URL: http://codereview.chromium.org/341081
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
