Some instructions can use >16 bit immediates if they represent a <=16 bit signed value.
However some logical instructions (andi, xori, ori, lui) should always treat the immediate value as unsigned.
This patch adds an ASSERT to these places and a minor change to MacroAssembler::li to satisfy this.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9309077
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Instead of checking upfront and estimating a limit for the number, we
now are able to stop register allocation and bailout when we don't
have enough virtual registers.
2. GCed some out-dated flags from flag-definition.h
3. Simplified the interface from the Lithium builder to the
register allocator in lithium-*.cc: For uses and definitions, we
just record the virtual register number given by the Hydrogen value id.
For temporaries, we request a new virtual register from the allocator.
For fixed temps, we don't need to do anything.
4. Increased number of deoptimization entries to 16K. Eventually we
probably want to make this array grow dynamically.
Review URL: https://chromiumcodereview.appspot.com/9325019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10597 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10538 (21c5dc1).
MIPS-specific changes:
-moved MacroAssembler::SmiTagCheckOverflow definition to macro-assembler-mips.cc from the header
-added optimized 3-argument version of said function
-removed the related, completely unused TrySmiTag function
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9296045
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10567 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10531 (d61db240).
Original commit message:
This caches call targets of constructor calls by associating one element
caches with call sites. The type feedback oracle can use the recorded
valued to gather type information for monomorphic constructor call sites.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9298014
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10546 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Yak shaving for map sharing with accessor properties contd.: When CALLBACKS can
have map transitions, simply looking at the property type is not sufficient
anymore to decide if a property is there or not. One has to look at the actual
contents of the descriptor entry then, but this breaks down sometimes when the
lookup is being done with a NULL holder. Luckily enough, we can oftren replace
IsProperty by the simpler IsFound, because we inspect the type immediately
afterwards, anyway.
Review URL: https://chromiumcodereview.appspot.com/9280007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10356 (69da81).
Original commit message:
Loosen the requirement for Map equivalency on several map checks, including checks up the prototype chain, that are not sensitive to ElementsKinds. These selected map checks should also match against FAST_DOUBLE_ELEMENT and FAST_ELEMENT transitions of the original map. This specifically helps all variants of transitioned JSArrays to still efficiently call builtins like push, pop and sort.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9265007
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
for call-sites with mismatched number of arguments.
Port r10424 (92a05c9c).
Original commit message:
Adjust InvokeFunction to avoid generating dead code when number when arity mismatch is detected in compile time.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9150026
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10374 (03bbe39).
Note: the MIPS version was not affected by the bug. This is merely a style cleanup.
Original commit message:
An off-by-one in the register allocator could lead to allocating (and
clobbering) the reserved 0.0 double register. This required a function with
14 or more live double values.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9150025
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
CPU-eating DOS attacks against node.js servers. Based on code from
Bert Belder. This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots. A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10280 (5f6aec5).
Original commit message:
Tell the register allocator the value is not overwritten. Never use
temporary registers on ia32, avoid them on x64 and ARM. Restore the
original copyright date on assembler.cc.
BUG=
TEST=
Review URL: http://codereview.chromium.org/9004017
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10281 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This introduces an additional check into the StoreIC_ArrayLength builtin
checking that the array still has fast properties. Redifinitions of the
length property that would cause it's type or attributes to change, will
switch to slow properties, thereby invalidating said optimization.
R=svenpanne@chromium.org
BUG=v8:1756
TEST=test262
Review URL: http://codereview.chromium.org/8895025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10220 (1dae466).
Original commit message:
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8897025
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10219 (56686b).
Original commit message:
Now with arm and x64 support. Additionally, added default unreachable case to switch statement in CompareIC::TargetState to make win and mac compilers happy.
Reviewer guide:
This is an exact copy of 10216 except:
src/arm/*
src/x64/*
src/ic.cc (added default case to swith in CompareIC::TargetState)
BUG=
TEST=
Review URL: http://codereview.chromium.org/8896022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10085 (1ef7d5eb2).
This patch also contains a fix for StoreArrayLiteralElementStub::Generate which is only used from this code.
Original commit message:
Includes general array boilerplate copier and re-introduction FAST_ELEMENT optimizations in full-codegen.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8743010
Patch from Daniel Kalmard <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10061 (c648e1d1)
Original commit message:
This generates optimized code for deep-copying of nested object literal
boilerplates which are statically known. Most of the boilerplates have
already been generated at crankshaft time, so this optimization should
kick in for virtually every object literal. Only nested object literal
graphs up to a certain depth and containing up to a certain total number
of properties are considered for this optimization. This will prevent
explosion of code size due to large object literals (e.g. eval on JSON).
Improves splay performance because object literals are created often.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8745012
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10064 (9c6789a3)
Original commit message:
There is no test case to trigger any crash. This is only to guard against the case that the native function is called with unsafe arguments.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8742012
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10097 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This shaves 416+ KB, just under 1% off the size of the debug d8 executable
on Linux (mostly because the CheckHelper functions for assertions were
getting separate copies for each compilation unit). The difference in
release builds is negligible---a size reduction of 0.1%.
Also, change namespace-level 'static const' variables to remove the static
storage class as it's the default.
R=danno@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/8680013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10083 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This CL introduces a third mode next to the non-strict
(henceforth called 'classic mode') and 'strict mode'
which is called 'extended mode' as in the current
ES.next specification drafts. The extended mode is based on
the 'strict mode' and adds new functionality to it. This
means that most of the semantics of these two modes
coincide.
The 'extended mode' is entered instead of the 'strict mode'
during parsing when using the 'strict mode' directive
"use strict" and when the the harmony-scoping flag is
active. This should be changed once it is fully specified how the 'extended mode' is entered.
This change introduces a new 3 valued enum LanguageMode
(see globals.h) corresponding to the modes which is mostly
used by the frontend code. This includes the following
components:
* (Pre)Parser
* Compiler
* SharedFunctionInfo, Scope and ScopeInfo
* runtime functions: StoreContextSlot,
ResolvePossiblyDirectEval, InitializeVarGlobal,
DeclareGlobals
The old enum StrictModeFlag is still used in the backend
when the distinction between the 'strict mode' and the 'extended mode' does not matter. This includes:
* SetProperty runtime function, Delete builtin
* StoreIC and KeyedStoreIC
* StubCache
Review URL: http://codereview.chromium.org/8417035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10062 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r9977 (9aded78be4).
Note: This is the port of the reapplied patch, not the original.
Original commit message:
To support deoptimization of exception handlers, the handler address in the
stack is converted to a pair of code object and an index into a separate
table of code offsets. The index part is invariant under deoptimization.
The index is packed into the handler state field so that handler size does
not change.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8557003
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10039 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10006 (4b344a03).
Original commit message:
Changes the way we do lazy deoptimization:
1. For side-effect instructions, we insert the lazy-deopt call at
the following LLazyBailout instruction.
CALL
GAP
LAZY-BAILOUT ==> lazy-deopt-call
2. For other instructions (StackCheck) we insert it right after the
instruction since the deopt targets an earlier deoptimization environment.
STACK-CHECK
GAP ==> lazy-deopt-call
The pc of the lazy-deopt call that will be patched in is recorded in the
deoptimization input data. Each Lithium instruction can have 0..n safepoints.
All safepoints get the deoptimization index of the associated LAZY-BAILOUT
instruction. On lazy deoptimization we use the return-pc to find the safepoint.
The safepoint tells us the deoptimization index, which in turn finds us the
PC where to insert the lazy-deopt-call.
Additional changes:
* RegExpLiteral marked it as having side-effects so that it
gets an explicitlazy-bailout instruction (instead of
treating it specially like stack-checks)
* Enable target recording CallFunctionStub to achieve
more inlining on optimized code.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8587008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10020 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
EmitIsObject is only called from one function, DoIsObjectAndBranch.
DoIsObjectAndBranch now passes the temp2 register to EmitIsObject
instead of simply relying on the two functions using the same
lithium scratch register.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8588004
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10017 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changes:
-separated the two code-paths (constant power of 2 divisor similar to ARM and everything else)
-replaced a bailout condition with faster handling (negative modulo result)
-removed a possibly useless mov instruction from one path
-replaced the IsConstantOperand condition with the more meaningful HasPowerOf2Divisor (although in this specific case they're equivalent)
BUG=
TEST=
Review URL: http://codereview.chromium.org/8591002
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10016 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
r9871 (5baeaf57) changed the fill value for deleted entries in hash tables from null_value to the_hole_value.
This commit changes an assertion in MIPS code that expects this value.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8479028
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9955 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r9909 (56c8728aa).
Original commit message:
Test at the bottom in the unwind loop. Eliminate the possibility of a
useless move to the eax/rax/r0 register (currently impossible because
this function has two call sites). Do not explicitly zero the context
because we've already saved 0 as the context in the handler.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8507007
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9923 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r9847 (fc7590).
Original commit message:
Also partition side effects into observable and not observable, with only observable requiring Simulates and non-observable changes able to participate in GVN and code hoisting.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8387044
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9866 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r9863 (0996dc77)
Original commit message:
This was pretty heavyweight. It was kept in just for a few corner cases
that assumed it was there. We can work around them by making sure that the
expression in a reified test context is always really the expression that
was visited in that context; and by inspecting the context manually and
consing up a pair of extra AST IDs for the unusual case of unary not in a
value AST context.
BUG=
TEST=
Review URL: http://codereview.chromium.org/8372085
Patch from Gergely Kis <gergely@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9865 ce2b1a6d-e550-0410-aec6-3dcde31c8c00