When entering a finally block in unoptimized code, we unconditionally
save the accumulator register in the stack in case it holds a return
value or an exception. In the case of a break, continue, or falling
off the end of the try or catch block, this value is unpredictable and
not necessarily safe for GC.
Review URL: http://codereview.chromium.org/5883003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is an improved version of my earlier change r5970. It avoids degrading the
non-optimized code.
Initially we emit a conditional branch that is either always- or never-taken
after a smi-check (depending on whether we test for smi for for non-smi)
Since test-eax always sets the carry-flag to 0 we use jump-if-carry and
jump-if-not-carry.
The first invocation of the stub patches a jc with a jz and
jnc with a jnz-instruction so that the code looks exactly as it was
without patching. The only difference is the test- or nop-instruction
after the IC-call.
Review URL: http://codereview.chromium.org/5763004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
SVN revision 5993 ported changes to the unoptimizing compiler from
ia32 to ARM and x64. A call to AstContext::Plug was moved out of
FullCodeGenerator::EmitVariableAssignment and into the callers. One
call site was missed in both ports.
Review URL: http://codereview.chromium.org/5781008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6003 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the case of inlined smi code in non-optimzied code we could not
distinguish between the smi-only case and the case that the operation was
never executed.
With this change the first execution of a binary operation always jumps
to the stub which in turn patches the smi-check into the correct
conditional branch, so that we benefit from inlined smi code after the
first invocation.
A nop instruction after the call to the BinaryOpIC indicates that no
smi code was inlined. A "test eax" instruction says that there was smi
code inlined and encodes the delta to the patch site and the condition
code of the branch at the patch site to restore the original jump.
Review URL: http://codereview.chromium.org/5714001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
that ip can be used as a scratch register. This is not true because
ip is already used for something else in AllocateInNewSpace in the
macro assembler.
Explicitly allocate a temp register for use in the heap number
allocation instead.
Review URL: http://codereview.chromium.org/5788001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5967 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
inline allocation code used the expected number of properties to
calculate the number of inobject properties for an object instead of
getting the actual number from the initial map.
It is safer to use the inobject property count from the initial map in
any case because that is the amount the instances will get. I think
this disconnect got introduced when adding shrinking of objects.
Unfortuntely I haven't been able to create a simple reproduction for a
test case but this fixes the webpage that exhibits the crash. I'll see
if I can create a reproduction tomorrow.
Review URL: http://codereview.chromium.org/5278003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix the ARM simulator, the ARM disassembler and extend the stop feature.
The stop feature in the simulator now support enabling, disabling and
counting.
BUG=None
TEST=None
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Change more functions used by the Compiler class to have a uniform
interface: they get passed as argument an input/output pointer to a
CompilationInfo that they mutate if they succeed, and they return a
flag telling whether they succeeded.
Also, remove some unnecessary timers.
Review URL: http://codereview.chromium.org/3561012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The plan is to use the CompilationInfo class to communicate inputs and
outputs to compilation pipeline phases, which each return a boolean
success/failure flag.
The intent is to make it easier to compose small pieces of the
pipeline without having to grow a custom function each time, each
taking a half dozen arguments.
This change modifies the very front end (the parser).
Review URL: http://codereview.chromium.org/3586006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For some reason, the scope's arguments and arguments shadow were
variable proxies, which resulted in all references to the arguments
shadow being shared in the AST. This makes it hard to put per-node
state on the AST nodes.
I took the opportunity to remove Variable::AsVariable which has
confused people in the past, and to rename Variable::slot to the more
accurate Variable::AsSlot.
Review URL: http://codereview.chromium.org/3432022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5517 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The number of inobject properties used to be derived from the number
of this property assignments in the constructor (and increased by 2 to
allow for properties added later). This very often leads to wasted inobject
slots.
This patch reclaims some of the unused inobject space by the following method:
- for each constructor function the first several objects are allocated using the initial
("generous) instance size estimation (this is called 'tracking phase').
- during the tracking phase map transitions are tracked and actual property counts are collected.
- at the end of the tracking phase instance sizes in the maps are decreased if necessary
(starting with the function's initial map and traversing the transition tree).
- all further allocation use more realistic instance size estimation.
Shrinking generously allocated objects without costly heap traversal is made possible
by initializing their inobject properties with one_pointer_filler_map (instead of undefined).
The initial slack for the generous allocation is increased from 2 to 6 which really helps some tests.
Review URL: http://codereview.chromium.org/3329019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Contextual load requires only a map check followed by a cell hole
check so we can generate pretty compact code for that. The fact that
we have inlined code is marked by mov ecx, offset instruction after
the IC call. Inlining is only enabled inside loops and in non-builtin
functions.
The generated code size increase is about 3%. This descreased the
pc-to-code cache hit rate in some of the benchmarks that trigger
GC. To compensate we now have 4 times as much entries in the cache.
Review URL: http://codereview.chromium.org/3402014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When running profiling in debug mode, several assertions in frame
iterators that are undoubtedly useful when iterator is started from a
VM thread in a known "good" state, may fail when running over a stack
of a suspended VM thread. This patch makes SafeStackFrameIterator
to proactively check addresses and bail out from iteration early,
before an assertion will be triggered.
BUG=crbug/55565
Review URL: http://codereview.chromium.org/3436006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5467 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
the code object's instructions.
This allows us to find a code object using just the pc. This approach
uses a cache (PcToCodeCache) to make sure we don't continuously have
to iterate heap pages.
This change eliminates the need for cooking and uncooking of stack frames.
Review URL: http://codereview.chromium.org/3226014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5369 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The live registers are now only stored to the expression stack with the non pointer values being stored as smis (on the 32-bit platforms these values are assumed to be 31-bit max).
This makes the CEntryStub entry/exit code much simpler, and there is no longer any need for a mode (debug or normal) on it.
Fix a missing live register when breaking at ARM keyed load.
Review URL: http://codereview.chromium.org/3141047
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Object model changes
----------------------------------------
New fixed_cow_array_map is used for the elements array of a JSObject
to mark it as COW. The JSObject's map and other fields are not
affected. The JSObject's map still has the "fast elements" bit set. It
means we can do only the receiver map check in keyed loads and the
receiver and the elements map checks in keyed stores. So introducing
COW arrays doesn't hurt performance of these operations. But note that
the elements map check is necessary in all mutating operations because
the "has fast elements" bit now means "has fast elements for reading".
EnsureWritableFastElements can be used in runtime functions to perform
the necessary lazy copying.
Generated code changes
----------------------------------------
Generic keyed load is updated to only do the receiver map check (this
could have been done earlier). FastCloneShallowArrayStub now has two
modes: clone elements and use COW elements. AssertFastElements macro
is added to check the elements when necessary. The custom call IC
generators for Array.prototype.{push,pop} are updated to avoid going
to the slow case (and patching the IC) when calling the builtin should
work.
COW enablement
----------------------------------------
Currently we only put shallow and simple literal arrays in the COW
mode. This is done by the parser.
Review URL: http://codereview.chromium.org/3144002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Upgraded the CodeGenerator::ToBoolean() function in the ARM backend to use complete JIT code generation and not make runtime calls to ToBool (when VFP is enabled).
This change also includes the vcmp VFP instruction that supports a constant 0.0 as the second operand.
Patch by Subrato K De <subratokde@codeaurora.org>
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5267 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This adds a check to the fast case string add to ensure that the String object still have the default valueOf function. The default valueOf is sitting on a hidden prototype of String.prototype.
Before using the fast case valueOf the object is checked for a local valueOf property. For slow case objects this check always reports true (the dictionary is not probed, so valueOf might be there) and for fast case objects the descriptor array is checked for the valueOf symbol (just liniar scan). After that the prototype is checked for beeing the initial value of String.prototype. If this all pass (that is the default valueOf is still in place) this result is cached on the map making the check fast the next time.
This is only implemented in the optimizing compiler, as the two usages of %_IsStringWrapperSafeForDefaultValueOf is never hit by the full compiler.
I will port to x64 and ARM when this has been reviewed for ia32.
I will remove the performance counters prior to final commit.
BUG=http://code.google.com/p/v8/issues/detail?id=760
TEST=test/mjsunit/regress/regress-760-1.js
TEST=test/mjsunit/regress/regress-760-2.js
Review URL: http://codereview.chromium.org/3117006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5252 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in allowing more flexible compilation and to simplify builtins lookup.
This changes a number of places where code objects are assigned to
SharedFunctionInfo objects to also assign this code object to the
JSFunction. In addition, the code flushing is changed slightly to
accomodate this (we need to flush the code from functions pointing to
SharedFunctionInfo objects that has already been flushed).
Review URL: http://codereview.chromium.org/3120006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This includes adding a new inline IsSpecObject method to the code
generator. The old approach was somehow ineffecient since we would
call both IsObject, IsUndetectable and IsFunction to determine if
something was an object according to the spec. This change introduces
a new macro that determines if something is an object according to the
spec (and this does not include null).
This change also corrects a few places where undetectable objects was
not allowed even when they should be (priorly they would use only
IS_SPEC_OBJECT_OR_NULL, which would return false on an undetectable
object, the new IS_SPEC_OBJECT returns true on an undetectable object.
Review URL: http://codereview.chromium.org/2877018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
to the runtime will both patch in the more specialized binary op
stub and calculate the answer. This eliminates the need to call
both the rest of the binary op and the patching runtime call. The
runtime routines are altered to be more agressive in returning
Smis so we don't get spurious heap numbers as inputs to binary ops
while we are patching the binary op ICs.
Review URL: http://codereview.chromium.org/2843049
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5026 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The change in r4990 contained a bug in Math.pow when then exponent was a large negative smi. In that case calculating 1/Math.pow(x,-y) did not provide the correct result as Math.pow(x,-y) would overflow ti infinity. This was caught by Sputnik test S8.5_A13_T1.
Review URL: http://codereview.chromium.org/2815039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The change in r4990 contained a bug in Math.pow. One of the arguments for the call to runtime where clobbered if allocation of the heap number for the result failed.
Caught by a couple of Mozilla tests which does a lot of calls to Math.pow.
Fix presubmit error in x64.
Review URL: http://codereview.chromium.org/2847037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The IC stub is completely generic, so there will only be one such stub
in the system.
Added a new overloaded version of the macro assembler RecordWrite
method for cases where we have the address we store to computed up
front.
Review URL: http://codereview.chromium.org/2804029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When calculating Math.pow where the exponent is a smi use a simple loop to calculate the result.
Added support for the vmov instruction moving from one doubleword extension register to another.
Added some Math.pow tests which partially covers what is in the Sputnik tests.
Review URL: http://codereview.chromium.org/2804033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4990 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A potential issue with this change is creating lots of maps when
objects flip between fast/slow elements modes. We could add special
transitions to avoid this. Yet testing this on our benchmarks, gmail,
and wave seems to indicate that this is not a real problem.
Review URL: http://codereview.chromium.org/2870018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4941 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Similar or duplicate checks are scattered around the code before doing the dictionary load.
Also the entire branch in GenerateCallNormal that handles global/builtin receiver is
guaranteed to bail out from GenerateDictionaryLoad, so there is no point in generating it at all.
The purpose of the patch is:
- making C++ code more compact and transparent,
- not generating dead code.
There is a tiny performance gain. The patch is ia32 only for now.
Please tell me if I am missing anything.
Review URL: http://codereview.chromium.org/2801007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Zhang Kun. For now we only emit movw and movt in places where no
relocation is needed. Small performance boost (around 0.5%).
Also adds support for turning ALU operations (eor etc.) with
large immediates into mvn or movw followed by a register-based
ALU operation.
Review URL: http://codereview.chromium.org/2821014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4913 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If a two-byte string only contains ascii characters, then we can save
memory when flattening a cons string containing it. Similarly we can
use this in Array.prototype.join implementation. To track this a new
bit is added to instance type. This bit is used as a hint in generated
code and in runtime functions.
To enable testing a new V8 extension is added controlled by
--expose-externalize-string flag.
Review URL: http://codereview.chromium.org/2762008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4894 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Generating code for function return on ARM is now aligned with the other platforms. The first non-shadowed return statement encountered will emit code for function return and all other returns including the fall through at the bottom of a function will jump to that.
Review URL: http://codereview.chromium.org/2815003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4856 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
With the change in r4820 all return statements are now breakable like any statement, so stepping will stop before the return statement actually returning from a function. With this change the position when breaking in the function return (after executing the return statement) will be the actual end of the function. At this point the return value is available as it saved to the stack by the debug break at return handling. Added information on the actual value returned from the function to the debugger.
Review URL: http://codereview.chromium.org/2783002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4835 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added support for more precise break points when debugging and stepping. To achieve that additional nop instructions are inserted where breaking would otherwise be impossible. The number of nop instructions inserted are sufficient to make place for patching with a call to a debug break code stub. On Intel that is 5 nop's for 32-bit and 13 for 64-bit. Om ARM 3 nop instructions (12 bytes) are required.
In order to avoid inserting nop's in to many places a simple ast checker have been added to check whether there are breakable code in a statement or expression. If it is possible to break in an expression no additional break enabeling code is inserted.
Added break locations to the true and false part of a conditional expression.
Added stepping tests to cover more constructs.
These changes are only in the full compiler.
Changed the default value for the option --debugger in teh d8 shell from true to false. The reason for this is that with --debugger turned on the full compiler will be used for all code in when running d8, which can be unexpeceted.
Review URL: http://codereview.chromium.org/2693002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in a spilled scope or not. Also get rid of some spilled scopes
that we don't need any more. The generators for the %_ functions,
CodeGenerator::Generate*, are now not spilled by default. Some
of them (IsObject and related) have been converted to register
allocated operation.
Review URL: http://codereview.chromium.org/2368001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Support building with or without unaligned accesses by using scons flag simulatorunalignedaccesses.
$ scons simulator=arm simulatorunalignedaccesses=off
$ scons simulator=arm simulatorunalignedaccesses=on
If simulatorunalignedaccesses is not specified (or specified as default) the default is to use unaligned accesses.
Review URL: http://codereview.chromium.org/2218003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4737 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
NumberToUint32 that I was trying to use maps -0 to +0 (as desired) but
also maps +/-Infinity to +0, which made +/-Infinity a valid string
index. I fixed it by introducing a new runtime function with the right
semantics.
TEST=LayoutTests/fast/js/char-at.html,mjsunit/string-charat.js
Review URL: http://codereview.chromium.org/2223003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
These string methods can be composed from two basic blocks: charCodeAt
and fromCharCode, both of which have fast cases for certain types of
inputs. In this patch these two blocks are refactored to allow
generating the fast cases without having to jump around the slow
cases. In the slow cases since they can now be invoked both from
inline runtime functions and from IC stubs we either have to
save/restore state of the current frame or enter/leave a new internal
frame. This is handled by new RuntimeCallHelper interface. Its
implementation for virtual frame is based on FrameRegisterState class
extracted from DeferredCode class.
Review URL: http://codereview.chromium.org/2087009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1) do not push receiver early---that simplifies tail call preparation
on ia32/x64 and renders special cleanup unnecessary;
2) do not do second map check if interceptor's and cached holder
are the same;
3) do not push/pop receiver if receiver and holder registers are the same
(means that receiver is interceptor's holder);
4) do batch pushes on arm;
5) minor cosmetic improvements.
Review URL: http://codereview.chromium.org/2282001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4732 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The macro assembler now checks for ARMv7 support and generates instructions for Ldrd/Strd accordingly. INstructions ldrd/strd in the assembler requires ARMv7 support enabled. This removes the a check for CAN_USE_ARMV7_INSTRUCTIONS making the ARMv7 support in the simulator fully controled by the --enable-armv7 flag.
Review URL: http://codereview.chromium.org/2226003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4726 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The full compiler is now complete on ARM as well. The syntax checker is still used to determine whether to use it for top level code or not during normal execution. When debugging is enabled all code will be compiled with the full compiler.
This change removes the temporary flag --force-full-compiler and now the flag --always-full-compiler enables the full compiler for all code on all platforms.
This also fixes building on Intel platform without debugger support (ENABLE_DEBUGGER_SUPPORT not defined) and adds full check for the full compiler for lazily compiled code.
Review URL: http://codereview.chromium.org/2163006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- New сardmarking write barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).
- Changes to enable oldspaces iteration without maps decoding:
-- layout change for FixedArrays: length is stored as a smis (initial patch by
Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on
arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not
computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special
way.
Review URL: http://codereview.chromium.org/2144006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-- layout change for FixedArrays: length is stored as a smis (initial patch by Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special way.
- Cardmarking write barrier. New barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).
Review URL: http://codereview.chromium.org/2101002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This makes the full compiler handle all constructs on ia32. However the syntax checker for the full compiler is still the same so for both normal operation and with the flag --always-full-compiler the coverage of the full compiler will be the same.
This is on preparation for improving the debugger break point experience where the plan is to only use code from full code generator when debugging JavaScript.
Runs all tests on all three platforms in release and debug mode. The tests also run with both the following flags to the test runner
--special-command="@ --nofull-compiler"
--special-command="@ --always-full-compiler"
The changes to the x64 and ARM architectures are mainly structural due to the change to EmitVariableAssignment to handle initialization of const variables.
Review URL: http://codereview.chromium.org/1989012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4676 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The calling convention for keyed store IC on ARM is changed to receive the arguments value, key and receiver in registers r0, r1 and r2 instead of on the stack. When calling keyed store IC with a virtual frame the arguments are passed through the virtual frame and consumed by the call.
Changed the register usage in the IC code to postpone spilling the registers holding value, key and receiver to the stack until making a call into the runtime system.
Runs all the tests with:
--special-command="@ --nofull-compiler"
--special-command="@ --always-full-compiler"
--special-command="@ --noenable-vfp3"
Review URL: http://codereview.chromium.org/2116003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When ldrd is not available two ldr instructions are generated. This fixes these in the case where the register used in the memory operand is the same as the first register in the register pair receiving the values.
All tests now run on ARM with the flag --special-command="@ --noenable-vfp3". Running without VFP3 support in the simulator causes more ldrd instructions to be used, and the default build configuration does not utilize ldrd, but generated tow ldr instructions.
Review URL: http://codereview.chromium.org/2078013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Chromium build.
v8.gyp no longer sets any V8_TARGET_ARCH_* macro on the Mac. Instead, the
proper V8_TARGET_ARCH_* macro will be set by src/globals.h in the same way as
the V8_HOST_ARCH_* macro when it detects that no target macro is currently
defined. The Mac build will attempt to compile all ia32 and x86_64 .cc files.
#ifdef guards in each of these target-specific source files prevent their
compilation when the associated target is not selected. For completeness,
these #ifdef guards are also provided for the arm and mips .cc files.
BUG=706
TEST=x86_64 Mac GYP/Xcode-based Chromium build (still depends on other changes)
Review URL: http://codereview.chromium.org/2133003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
of having a list of virtual frame pointers in the jump
target we have one virtual frame, which is the frame that
all have to merge to to branch to that frame. The virtual
frame in the JumpTarget is inside the JumpTarget, rather than
being an allocated object that is pointed to. Unfortunately
this means that the JumpTarget class has to be able to see
the size of a VirtualFrame object to compile, which in turn
lead to a major reorganization of related .h files. The
actual change of functionality in this change is intended
to be minimal (we now assert that the virtual frames match
when using JumpTarget instead of just assuming that they do).
Review URL: http://codereview.chromium.org/1961004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The change r4608 accidently disabled the inlined keyed load as the key/receiver registers was mixed up. Also make sure that the registers for the keyed load IC is not clobbered before bailout to deferred code. This adds one instriction to the inlined code path.
Review URL: http://codereview.chromium.org/2018005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The calling convention for keyed load IC's on ARM now passes the key and receiver in registers r0 and r1.
The code path in the ARM full compiler for handling keyed property load now has the same structure as for ia32 where the keyed load IC is also called with key end receiver in registers.
This change have been tested with an exhaustive combinations of the flags
--special-command="@ --nofull-compiler"
--special-command="@ --always-full-compiler"
--special-command="@ --noenable-vfp3"
to the test runner.
Review URL: http://codereview.chromium.org/2024002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The build process must add -DCAN_USE_UNALIGNED_ACCESSES=1 to the
C++ flags to activate the support. This is a commit for
Subrato of CodeAurora. See http://codereview.chromium.org/1731013
Small edits by Erik Corry to activate unaligned accesses by
default on the simulator and testing Android builds.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The calling convention for keyed load IC is changed to have the key passed both in a register (r0) and on the stack.
Next steps will be first to remove the key from the stack and then pass the receiver in a register (r1).
Review URL: http://codereview.chromium.org/1937003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is mainly a port of r3899. It also adds handling of initilization blocks in ARM which had no special handling before.
The "calling conventions" used for
EmitNamedLoad
EmitNamedStore
EmitKeyedLoad
EmitKeyedStore
are somewhat mixed, but will become more aligned as the use of register allication and passing of argument in registers to IC's is extended.
Review URL: http://codereview.chromium.org/1846002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
is both on top of the stack and also in r0. This makes
sense because the receiver is usually in r0 anyway. We may
remove it from the stack later. Also removes some spilled
scopes from the code generator allowing it to keep expression
temporaries in registers more.
Review URL: http://codereview.chromium.org/1751019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This uses the same infrastructure as is used by the inlining of named property load. The code patching if the inlined code is simpler as the key is provided in a register os the only patching required is the map check directing the inlined code to the deferred code block or not.
Review URL: http://codereview.chromium.org/1735007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The generation of the deferred code for named property load where the load was inlined did a constant pool blocking for the whole deferred code. Having large numbers of this type of deferred code generated one ofter the other effectively blocked the constant pool for all the deferred code causing
Removed the BeforeGenerate/AfterGenerate for the deferred code and made macro assembler StartBlockConstPool/EndBlockConstPool non-public. Re-introduced BlockConstPoolFor instead to use with BlockConstPoolScope to block some more instructions cross function calls.
Also handle the use of native code counters for inlined named property load.
Review URL: http://codereview.chromium.org/1787005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4507 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A reference to the caches array was embedded directly into the builtin
code and this allowed sharing objects between contexts.
Unfortunately, clearing the cache on GC won't prevent sharing so we
either have to have per-context builtin code or load the cache
indirectly from the current context. This change implements the second
approach. The first approach may be interesting to consider in the
future for some perfomance critical functions, and the current
approach can still be improved by putting the caches directly into the
global context (or even global objects).
Review URL: http://codereview.chromium.org/1731002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4486 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
On a pair of smis HEAP_NUMBERS stub is significantly slower than GENERIC. This slows
down some tests dramatically (crypto-aes from SunSpider).
With this change HEAP_NUMBERS stub switches to GENERIC stub the first time it sees 2 smis
as its operands.
Review URL: http://codereview.chromium.org/1687005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Instaed of having a nop after all non-inlined calls to load IC use a different nop (mov r1, r1 instead of mov r0, r0) to detect an inlined load IC.
Added more infrastructure to the deferred code handling to make it possbile to block constant pool emitting in a deferred code block, including the branch instruction ending the deferred code block.
Addressed a couple of comments to http://codereview.chromium.org/1715003, including adding an assert to make sure that the patching of an ldr instruction is always possible.
Review URL: http://codereview.chromium.org/1758003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4480 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Generate inlined named property load for in-object properties. This uses the same mechanism as on the Intel platforms with the map check and load instruction of the inlined code being patched by the inline cache code. The map check is patched through the normal constant pool patching and the load instruction is patched in place.
Review URL: http://codereview.chromium.org/1715003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4468 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
We need to be careful to check global property cells for the property
encountered during lookup. Therefore, the ICs have to be specific to
the name of the property if global objects are involved. In
principle, this means that we could get a large number of monomorphic
ICs for the same map if there is a global object in the prototype
chain. However, since this is only done for normal load ICs and not
for keyed load ICs I do not expect this to be a problem. I will
experiment with it once this goes in.
BUG=675
Review URL: http://codereview.chromium.org/1559033
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the CEntryStub keep track of the actual skew from the correct alignment to ensure proper alignment before calling the runtime. Add checks to test the expected skew when running on hardware.
Use the PrepareCallCFunction/CallCFunction in a few other places.
Add check to the ARM simulator for correct alignment.
Add option --sim-stack-alignment to set the stack alignment in the simulator. Currntly only values 4 and 8 makes sense. 8 is the default to make snapshots generated with the simulator work on hardware requiring 8 byte stack alignment.
Review URL: http://codereview.chromium.org/1530043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4425 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The command "stack" will dump the stack and "mem" will dump memory from a address given either as a register or as a literal. Both commands dump 10 words unless an additional argument with the number of words to dump is given.
sim> stack
sim> mem fp
sim> mem 0xe612a450 100
Also parse address literals in simulator debugger command as unsigned.
Review URL: http://codereview.chromium.org/1596022
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4388 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
stack for now. Next step is probably fixing the binary
op stubs so they can take swapped registers and fixing
the deferred code so it doesn't insist that all registers
except the two operands are flushed. Generates slightly
worse code sometimes because the peephole push-pop
elimination gets confused when we don't use the same
register all the time (the old code used r0 always).
Review URL: http://codereview.chromium.org/1604002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4368 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The bkpt instruction is now supported by both the disassembler and the simulator. In the simulator it breaks to the native debugger if any like int3 on Intel.
Moved the handling of the miscellaneous instructions to a separate part.
Review URL: http://codereview.chromium.org/1576026
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4360 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This re-applies r4220 and r4233, which was reverted in r4254 due to a bug. This bug has now been fixed, with the only change being line 2884 changed from
__ SmiTag(left_side->reg());
to
__ SmiTag(operand->reg());
Added a regression test.
BUG=http://crbug.com/39160
TEST=test/mjsunit/regress/regress-crbug-39160.js
Review URL: http://codereview.chromium.org/1251009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4261 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
registration of external references in Proxy objects).
I moved the declaration of the two functions to stub-cache.h
because with all the types they use it's hard to declare them
anywhere else. But the actual definition is still in runtime.cc
near to the place where they are used.
Review URL: http://codereview.chromium.org/1079012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Inline floating point compare instead of calling the stub when the following conditions are met:
* Code is in a loop
* Compare is not a for loop condition
* Compare is not an equal comparison
This inlined code handles heap number to heap number and heap number to smi compare. It can also handle smi to smi compare, but whenever there is a chance of comparing two smis the smi compare is inlined before the inlined floating point compare. Support for non SSE2 hardware is included.
A new set of variants of the compare stub without the floating point comparison code is called if the inline comapre fails due to the operands not beeing heap numbers or smis.
The virtual frame has been extended with a branch taking two live results to be carried through to the destination. This makes this change much simpler as the inlined code have two live results in registers and a number of bailouts.
CompareStub::GetName needs to be updated as well. I will do that as a separate change.
Also inlined equality check if both operands can't be NaN. This can only provide positive equals if it is the same object.
Review URL: http://codereview.chromium.org/1117011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The inline runtime functions are now included in the fuzzing of the natives. The chack for the expected number of arguments passed have been moved to the parser which will generate a syntax error if a runtime function (either C++ or inline) is called with a different number of arguments than expected.
Review URL: http://codereview.chromium.org/573056
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Introducing a virtual-frame-inl.h file containing some platform-independent
virtual frame function which are small enough to be inlined.
Removed unnecessary #include of virtual-frame.h from register-allocator-inl.h
and added the necessary explicit includes in a number of files.
Review URL: http://codereview.chromium.org/660104
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3962 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A list of bailout descriptions is kept in the CompilationInfo
structure that is shared between the primary and secondary code
generators. The primary adds a description to the list for each
bailout position.
Responsibility for binding labels is moved from the primary to the
secondary code generator. All the labels still target the start of the
secondary code and the compilation state of the primary is still
ignored.
Move the compilation mode flag to the CompilationInfo.
Review URL: http://codereview.chromium.org/651031
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Replaced IsValid by IsPropertyOrTransition and used IsProperty in most
of the places where IsValid was used before. Most of the time when
inspecting a lookup result we really want to know if there is a real
property present. Only for stores are we interested in transitions.
BUG=http://crbug.com/20104
TEST=cctest/test-api/NamedInterceptorMapTransitionRead
Review URL: http://codereview.chromium.org/647015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3901 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix for issue 603.
Revision r3484 removed the property name from the call stack for
call ICs. When a non-function was called via a call IC and
Function.prototype.call, an extra value was left on the stack that the
caller could not know to clean up.
Fix is to change the JS builtin used for calling non-functions. It
now gets the callee as receiver, rather than iterating stack frames
and finding it on the expression stack of its JS caller.
Review URL: http://codereview.chromium.org/604064
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
NumberToString in runtime JavaScript is inlined through a call to a stub. Currently the stub only checks the number string cache and only if the number is a smi. Code is shared with the inlining of number string cache lookup when adding a smi to a string.
Review URL: http://codereview.chromium.org/604062
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3865 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Initial implementation of ad hoc must-be-smi tracking in the fast code
generator. Type information is used to avoid the write barrier for
smi property stores and to avoid the smi check for the inputs/output
of bitwise OR.
Review URL: http://codereview.chromium.org/597021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3833 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
function instead of baking in the address of the first one that we see
in code.
This removes the need for fixups processing and makes the stubs safe
when there is no natives cache and therefore multiple versions of the
builtin functions.
Review URL: http://codereview.chromium.org/594009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Support a binary operation (bitwise OR) so long as it's not nested in
the left subexpression. This ensures that the expression stack never
has height greater than two and so can be kept fully in registers.
The bounded expression stack height and the absence of any side
effects on the fast path allows us to still bailout out to the very
beginning of the function if any of our fast-path checks fail.
Review URL: http://codereview.chromium.org/594008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3822 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is a first step towards loading globals directly from property cells instead
of going through a load IC.
This change supports only properties with the DontDelete attribute since
we are only able to bailout into the generic code generated by the secondary
code generator the beginning of a function. The resulting fast-case code is
specialized for a specific context. When invoked with a different global object,
it will always bailout to the secondary code.
When loading a property that does not exist at compile-time or a property
that is deleteable we still generate the generic load IC.
Review URL: http://codereview.chromium.org/565034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3808 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
bailouts. For now the virtual-frame state at entry of a function is
hard-coded when using the virtual-frame based compiler as the
secondary compiler.
Setup frame pointer correctly on function entry on ARM in
fast-codegen-arm.
Review URL: http://codereview.chromium.org/569010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3776 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As the start index is already passed it is easy to calculate the "at start" boolean in generated code. Also as direct entry has been implemented this needs to be done in generated code anyway, and therefore might as well be moved to the generated code for RegExp. The "at start" value is now calcualted as a local variable on the native RegExp frame based on the value of the start index argument.
The x64 version have been tested on both Linux and 64-bit Windows Vista.
For ARM I have tested cctest/test-regexp on ARM hardware, but the rest of the tests have only been run on the ARM simulator.
Review URL: http://codereview.chromium.org/554078
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3709 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
generator.
Contexts are no longer stored in the AST but in the code generator's
state. This means that the running the code generator selector is not
required to use the toplevel code generator (for instance, if we
already know that we can and should use it).
Review URL: http://codereview.chromium.org/546075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00