kmillikin@chromium.org
cb876c25a4
Include what you use for allocation, api, assembler, and ast.
...
R=fschneider@chromium.org
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9288011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10505 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-25 16:31:25 +00:00
jkummerow@chromium.org
6c85119c6a
Fix building with clang
...
BUG=v8:1912
Review URL: https://chromiumcodereview.appspot.com/9285013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 16:36:55 +00:00
vegorov@chromium.org
04289e8d17
Support inlining at call-sites with mismatched number of arguments.
...
Review URL: https://chromiumcodereview.appspot.com/9265004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-24 08:43:12 +00:00
erik.corry@gmail.com
83b439a0f9
Further robustify the keyed lookup cache against unlucky hash
...
seeds. This change is performance neutral on most snapshot
VM builds, but provides a big improvement on string-fasta
on around 5% of builds.
Review URL: https://chromiumcodereview.appspot.com/9193015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10478 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-23 16:18:10 +00:00
svenpanne@chromium.org
fd2731a7e6
Replaced LookupResult::IsProperty by LookupResult::IsFound where possible.
...
Yak shaving for map sharing with accessor properties contd.: When CALLBACKS can
have map transitions, simply looking at the property type is not sufficient
anymore to decide if a property is there or not. One has to look at the actual
contents of the descriptor entry then, but this breaks down sometimes when the
lookup is being done with a NULL holder. Luckily enough, we can oftren replace
IsProperty by the simpler IsFound, because we inspect the type immediately
afterwards, anyway.
Review URL: https://chromiumcodereview.appspot.com/9280007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-23 12:01:47 +00:00
erik.corry@gmail.com
9672a04de2
Fix keyed lookup cache to have 2 entried per bucket instead
...
of one in order to reduce collisions.
Review URL: https://chromiumcodereview.appspot.com/9269004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-20 13:43:21 +00:00
vegorov@chromium.org
704c92ce95
Ensure that LRandom restores rsi after call to the C function on x64.
...
R=ulan@chromium.org
BUG=http://crbug.com/110509
TEST=test/mjsunit/regress/regress-110509.js
Review URL: https://chromiumcodereview.appspot.com/9265003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-19 08:43:34 +00:00
vegorov@chromium.org
fb24808c70
Allow call-known-global and call-constant-function to be used for call-sites with mismatched number of arguments.
...
Adjust InvokeFunction to avoid generating dead code when number when arity mismatch is detected in compile time.
R=fschneider@google.com
Review URL: https://chromiumcodereview.appspot.com/9178017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10424 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-17 15:53:58 +00:00
yangguo@chromium.org
6d0d6a5695
Recursion limit for one-char string replace and retire String::kMinNonFlatLength.
...
TEST=mjsunit/string-replace-one-char.js
Review URL: https://chromiumcodereview.appspot.com/9231017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10422 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-17 14:29:17 +00:00
vegorov@chromium.org
7370cf6f9d
Fix and enable NEW_NON_STRICT_FAST ArgumentsAccess stub on x64.
...
R=fschneider@chromium.org
BUG=v8:1903
Review URL: http://codereview.chromium.org/9179010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10411 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-16 15:11:56 +00:00
erik.corry@gmail.com
70da367f6b
More spelling changes.
...
Review URL: http://codereview.chromium.org/9231009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10407 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-16 12:38:59 +00:00
erik.corry@gmail.com
40a433c9e0
Split NumberDictionary into a randomly seeded and an unseeded
...
version. We don't want to randomize the stub cache.
Review URL: http://codereview.chromium.org/9174023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-16 09:44:35 +00:00
erik.corry@gmail.com
b3e0761e38
Cosmetic changes ("set up" is a verb, "setup" is a noun).
...
Review URL: http://codereview.chromium.org/9139051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10399 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-13 13:09:52 +00:00
yangguo@chromium.org
339c9c12e7
Inlining Math.min and Math.max in crankshaft.
...
BUG=v8:1325
TEST=
Review URL: http://codereview.chromium.org/9147034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10391 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 15:43:33 +00:00
ager@chromium.org
d59749f8b4
Support inlining and crankshaft optimization of Math.random.
...
R=jkummerow@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/9167011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10384 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 10:35:37 +00:00
vegorov@chromium.org
74ef753067
Change inlined cache of intanceof stub to use indirection through cell.
...
The stub was directly patching caller's code without issuing write barrier which violated incremental marking invariants.
R=mstarzinger@chromium.org
BUG=http://crbug.com/109448
TEST=cctest/test-heap/InstanceOfStubWriteBarrier
Review URL: http://codereview.chromium.org/9158015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10380 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 09:39:37 +00:00
fschneider@chromium.org
62168ff831
Tiny improvement of register constraints in LClassOfTest instructions.
...
The input register does not need to be made writable. We already
allocate enough temp registers and the input register will always
be preserved.
Review URL: http://codereview.chromium.org/9166007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10379 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-11 08:29:42 +00:00
fschneider@chromium.org
9e0be36948
Avoid recording unnecessary deoptimization environments in a couple of places.
...
This reduces the number of uses and potentially shortens live ranges.
Review URL: http://codereview.chromium.org/8983018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-10 16:06:32 +00:00
erik.corry@gmail.com
dc9910f4a4
Minor cleanups of numeric seeded hashing patch.
...
Review URL: http://codereview.chromium.org/9155010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-10 13:24:18 +00:00
erik.corry@gmail.com
6178a8d42c
Add seed to hash of numeric keyed properties. This is a commit of http://codereview.chromium.org/9148006/ for Fedor Indutny.
...
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10366 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-10 12:58:41 +00:00
erik.corry@gmail.com
0aff6c26d3
Fix zero hash handling on ARM.
...
Some cleanup.
Review URL: http://codereview.chromium.org/9169010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-10 12:01:04 +00:00
danno@chromium.org
03c737625a
Make sure transitioned arrays efficiently call builtin Array functions
...
Loosen the requirement for Map equivalency on several map checks, including checks up the prototype chain, that are not sensitive to ElementsKinds. These selected map checks should also match against FAST_DOUBLE_ELEMENT and FAST_ELEMENT transitions of the original map. This specifically helps all variants of transitioned JSArrays to still efficiently call builtins like push, pop and sort.
BUG=none
TEST=none
Committed: http://code.google.com/p/v8/source/detail?r=10331
Review URL: http://codereview.chromium.org/9015020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10356 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-09 16:37:47 +00:00
danno@chromium.org
2335545108
Rollback 10331: Make sure transitioned arrays efficiently call builtin Array functions
...
Due to perf regressions
TBR=fschneider@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/8983027
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10332 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-04 17:29:01 +00:00
danno@chromium.org
69366adfb6
Make sure transitioned arrays efficiently call builtin Array functions
...
Loosen the requirement for Map equivalency on several map checks, including checks up the prototype chain, that are not sensitive to ElementsKinds. These selected map checks should also match against FAST_DOUBLE_ELEMENT and FAST_ELEMENT transitions of the original map. This specifically helps all variants of transitioned JSArrays to still efficiently call builtins like push, pop and sort.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/9015020
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-04 17:16:04 +00:00
erik.corry@gmail.com
81a0271004
Randomize the seed used for string hashing. This helps guard against
...
CPU-eating DOS attacks against node.js servers. Based on code from
Bert Belder. This version only solves the issue for those that compile
V8 themselves or those that do not use snapshots. A snapshot-based
precompiled V8 will still have predictable string hash codes.
Review URL: http://codereview.chromium.org/9086006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10330 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-04 15:12:15 +00:00
danno@chromium.org
79f18cae93
Undo allocation of half-formed array during elements transition
...
R=vegorov@chromium.org
BUG=none
TEST=no asserts in debug tests with smi-only-array on
Review URL: http://codereview.chromium.org/9015023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10320 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-01-03 09:39:34 +00:00
danno@chromium.org
cab07f5523
Add InternalArrayCodeGeneric
...
R=whesse@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/9006051
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-29 12:19:34 +00:00
danno@chromium.org
aa38094bf0
Ensure that InternalArrays remain InternalArrays regardless of how they are constructed.
...
R=whesse@chromium.org
BUG=v8:1878
TEST=test/mjsunit/regress/regress-1878.js
Review URL: http://codereview.chromium.org/9016041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10306 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-27 15:12:12 +00:00
vegorov@chromium.org
3947056c03
Avoid embedding new space objects into code objects in the lithium gap resolver.
...
R=danno@chromium.org
BUG=http://crbug.com/108296
TEST=test/mjsunit/regress/regress-108296.js
Review URL: http://codereview.chromium.org/8960004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10301 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-23 10:39:01 +00:00
fschneider@chromium.org
70056762f1
Remove unnecessary environment from LStoreKeyedFastElements.
...
This was a left-over from a time when bounds-check was performed
as part of this instruction.
I also refactored and improved the code for smi-only arrays.
R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/9023006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-22 16:23:47 +00:00
kmillikin@chromium.org
d8acc2dfbe
Clean up handling of global cell stores in the optimizing compiler.
...
Tell the register allocator the value is not overwritten. Never use
temporary registers on ia32, avoid them on x64 and ARM. Restore the
original copyright date on assembler.cc.
R=fschneider@chromium.org
BUG=v8:1870
TEST=
Review URL: http://codereview.chromium.org/8965038
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10280 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-20 10:57:12 +00:00
yangguo@chromium.org
4ed4a7a652
Porting r10252 to x64 (handle external strings in generated code when concatenating short strings).
...
Review URL: http://codereview.chromium.org/8909004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10261 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-15 10:59:39 +00:00
mstarzinger@chromium.org
502039a6bd
Fix invalid usage of StoreIC_ArrayLength optimization.
...
This introduces an additional check into the StoreIC_ArrayLength builtin
checking that the array still has fast properties. Redifinitions of the
length property that would cause it's type or attributes to change, will
switch to slow properties, thereby invalidating said optimization.
R=svenpanne@chromium.org
BUG=v8:1756
TEST=test262
Review URL: http://codereview.chromium.org/8895025
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10254 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 12:46:32 +00:00
yangguo@chromium.org
03696ca765
Porting r10221 to x64 (avoid bailing out to runtime for short substrings).
...
Review URL: http://codereview.chromium.org/8894001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 10:26:24 +00:00
fschneider@chromium.org
1bdac10670
Fix two x64 code generation bugs introduced by const context slot code from r10244
...
TEST=mjsunit debug tests pass again.
Review URL: http://codereview.chromium.org/8932014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10249 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-14 08:43:55 +00:00
fschneider@chromium.org
626454a61a
[hydrogen] don't bailout assignments to consts
...
If constant variable is allocated in CONTEXT
Patch by Fedor Indutny <fedor.indutny@gmail.com>.
BUG=
TEST=
R=vegorov@chromium.org
Review URL: http://codereview.chromium.org/8857001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-13 17:10:34 +00:00
keuchel@chromium.org
f1649cf39c
Hydrogen support for context allocated harmony bindings.
...
This CL adds support for loading from and storing to context slots
belonging to harmony let or const bound variables. Checks for the
hole value are performed and the function is deoptimized if they fail.
The full-codegen generated code will take care of properly throwing
a reference error in these cases.
TEST=mjsunit/harmony/block-let-crankshaft.js
Review URL: http://codereview.chromium.org/8820015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 09:50:30 +00:00
ricow@chromium.org
ec66c36fbf
Reland 10216 - Optimize the equality check case of ICCompare stubs.
...
Now with arm and x64 support. Additionally, added default unreachable case to switch statement in CompareIC::TargetState to make win and mac compilers happy.
Reviewer guide:
This is an exact copy of 10216 except:
src/arm/*
src/x64/*
src/ic.cc (added default case to swith in CompareIC::TargetState)
Review URL: http://codereview.chromium.org/8872060
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 09:26:14 +00:00
danno@chromium.org
ef54f5690f
Support Smi->Double->HeapObject transitions in constructed Arrays.
...
Also several bugs with Smi/double elements handling and make Ensure* routines more flexible.
BUG=none
TEST=test/mjsunit/array-construct-transition.js
Review URL: http://codereview.chromium.org/8820014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-09 08:50:19 +00:00
yangguo@chromium.org
30a2c00da5
Tweaks on Math.pow (ia32 and x64).
...
Review URL: http://codereview.chromium.org/8831008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10203 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 16:15:18 +00:00
fschneider@chromium.org
c1662a199b
Fix a bug with register use in optimized Math.round.
...
We're not allowed to modify the input register and have to
use a temporary instead, otherwise the result of expressions
containing Math.round can be wrong.
BUG=106351
TEST=test/mjsunit/compiler/regress-106351.js
Review URL: http://codereview.chromium.org/8833007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 10:13:46 +00:00
yangguo@chromium.org
10675502f8
Tweak to shorten generated code in Math.pow.
...
Review URL: http://codereview.chromium.org/8834007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10189 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 09:44:31 +00:00
erik.corry@gmail.com
f6eab29d73
Remove write barriers for cells on x64, ARM and MIPS.
...
Review URL: http://codereview.chromium.org/8834005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10188 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 08:49:06 +00:00
yangguo@chromium.org
c9c9ea676b
Porting Math.pow changes to x64.
...
TEST=math-pow.js, regress-397.js
Review URL: http://codereview.chromium.org/8821019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10185 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-07 08:34:27 +00:00
yangguo@chromium.org
72827079ac
Fixing mozilla test failures regarding Math.pow.
...
BUG=
TEST=
Review URL: http://codereview.chromium.org/8820011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 13:14:46 +00:00
fschneider@chromium.org
066822a2cf
Port to x64 and ARM and some refactoring of ia32.
...
Review URL: http://codereview.chromium.org/8111006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-06 12:11:08 +00:00
yangguo@chromium.org
4c3049b0f7
Fixing MathPowHalf on x64.
...
BUG=v8:397
TEST=regress-397.js
Review URL: http://codereview.chromium.org/8805011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10159 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 16:36:13 +00:00
erik.corry@gmail.com
b8691a78af
Clean up multi byte nop support on x64 to more closely match IA32.
...
Fix missing instruction in disassembler.
Fix wrong disassembly of multi-byte NOP on x64
Add test of disassembler on 64 bit!
Review URL: http://codereview.chromium.org/8773039
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-05 08:58:01 +00:00
danno@chromium.org
25e3d2706d
Optimize Crankshaft array literal initialization from boilerplate.
...
BUG=none
TEST=test/mjsunit/array-literal-transitions.js
Review URL: http://codereview.chromium.org/8747009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 12:42:35 +00:00
yangguo@chromium.org
d5fdb76028
Implement Math.pow using FPU instructions and inline it in crankshaft (ia32).
...
Review URL: http://codereview.chromium.org/8749002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10133 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-12-02 08:06:37 +00:00