The main issue was due to multiple recompilations of functions. Now
code objects are grouped by function using SFI object address.
JSFunction objects are no longer tracked, instead we track SFI object
moves. To pick a correct code version, we now sample return addresses
instead of JSFunction addresses.
tools/{linux|mac|windows}-tickprocessor scripts differentiate
between code optimization states for the same function
(using * and ~ prefixes introduced earlier).
DevTools CPU profiler treats all variants of function code as
a single function.
ll_prof treats each optimized variant as a separate entry, because
it can disassemble each one of them.
tickprocessor.py not updated -- it is deprecated and will be removed.
BUG=v8/1087,b/3178160
TEST=all existing tests pass, including Chromium layout tests
Review URL: http://codereview.chromium.org/6551011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Change more functions used by the Compiler class to have a uniform
interface: they get passed as argument an input/output pointer to a
CompilationInfo that they mutate if they succeed, and they return a
flag telling whether they succeeded.
Also, remove some unnecessary timers.
Review URL: http://codereview.chromium.org/3561012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5583 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The plan is to use the CompilationInfo class to communicate inputs and
outputs to compilation pipeline phases, which each return a boolean
success/failure flag.
The intent is to make it easier to compose small pieces of the
pipeline without having to grow a custom function each time, each
taking a half dozen arguments.
This change modifies the very front end (the parser).
Review URL: http://codereview.chromium.org/3586006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The lazy parsing functions took a host of arguments that can all be
derived from the SharedFunctionInfo, and the SharedFunctionInfo is
always available when parsing lazily. Change the interface to take a
single CompilationInfo or SharedFunctionInfo argument.
Also remove a flag in the parser that was always false when it was read.
Review URL: http://codereview.chromium.org/3538005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5561 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
It was a wart that we had three handle fields, exactly one of which
was non-null; and that we had three overloaded constructors. Instead,
introduce subclasses and virtual methods.
Remove some unused fields from class CompilationInfo.
Review URL: http://codereview.chromium.org/3566003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This fixes issue 49099 (http://crbug.com/49099) that makes chromium
crash if a gc is triggered by setting the scopeinfo in CompileLazy. If
this gc triggers code flushing the compiled function could be flushed,
causing the ASSERT(shared->is_compiled()) to fail. By reordering the
two methods we make sure that no allocation happens before the end of
the method.
Review URL: http://codereview.chromium.org/3035006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5089 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The static ScopeInfo members moved into this class.
The new class is named ScopeInfoObject which I am not proud of,
better ideas are very welcome.
Also got rid of the sentinels in the serialized scope info which saves 3 words per function
and is not slower.
Review URL: http://codereview.chromium.org/2908009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This adds an additional step to full gc, removing code from functions
that are no longer in the compilation cache. The code is replaced with
a lazy compile version enabling us to recompile the function in case
we do actually need it again.
Review URL: http://codereview.chromium.org/2632003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4814 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The full compiler is now complete on ARM as well. The syntax checker is still used to determine whether to use it for top level code or not during normal execution. When debugging is enabled all code will be compiled with the full compiler.
This change removes the temporary flag --force-full-compiler and now the flag --always-full-compiler enables the full compiler for all code on all platforms.
This also fixes building on Intel platform without debugger support (ENABLE_DEBUGGER_SUPPORT not defined) and adds full check for the full compiler for lazily compiled code.
Review URL: http://codereview.chromium.org/2163006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4716 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The full compiler will now be used for all code compiler when debugging is active. As the code generated by the full compiler is much simpler it will be easier to make debugging work better when using that code.
To ensure that all code debugged is from the full compiler all functions will have to be recompiled when starting debugging. Initialing debugging already turns off the code cache.
Review URL: http://codereview.chromium.org/2120009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In browser (DevTools) mode, only non-native JS code and callbacks are reported.
Also, added "(garbage collector)" entry which accumulates samples count in GC state.
Trying to display "(compiler)" and "(external)" only brings confusion,
because it ends up in displaying scripts code under "(compiler)" node, and DOM
event handlers under "(external)" node, which looks weird.
Review URL: http://codereview.chromium.org/1523015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The flow graph has been simplified to remove the special branch, join,
and exit nodes. All nodes are now basic blocks (possibly empty to
preserve edge-split form) with a distinguished entry and exit block.
Most trivial expressions are not added to the flow graph as
instructions. The assigned variable analyzer has been changed to
sometimes work right-to-left so that right subexpressions can be
marked as trivial.
The reaching definitions analysis has been temporarily removed, and
the analyses that depended on it (primitivity analysis, dead code
marking) as well.
Review URL: http://codereview.chromium.org/1530003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As part of aggressive dead code elimination, we initially assume all
flow-graph instructions are not live. We mark those that are critical
and recursively all their children. The children of variable
references (VariableProxies occurring as rvalues) include all their
reaching definitions.
Review URL: http://codereview.chromium.org/1159005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change adds a data-flow pass to statically determine
if a variable contains a primitive type.
It requires building the flow graph and computing reaching
definitions as pre-requisites. The analysis annotates all
VariableProxy nodes with the result.
Review URL: http://codereview.chromium.org/1132005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4224 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change adds the option to peel off the first iteration of inner loops.
Loop peeling is off by default and can enabled by a flag. It also requires building a flow graph.
As part of this I added the possibility to clone AST nodes.
Review URL: http://codereview.chromium.org/998001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4205 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Reaching definitions in (RD_in) is initially empty for all nodes. Gen
and kill sets are computed. AST node numbers are used for nodes to
refer to their definition number.
Also: two small changes to flow graph printing. Children of branch
nodes are visited in right-to-left order when performing depth first
search. Instructions are numbered locally within blocks so as to not
destroy AST node number before printing (it's useful to print the
definition).
Review URL: http://codereview.chromium.org/876001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4107 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change adds a pass over the AST that computes the
set of assigned variables for locals and parameters for each expression.
The result of this analysis is used to for two purposes:
1. Recognize variables that are trivial subexpressions. A left sub-expression
of a binary operation is trivial if it is a local variable or a parameter
and it is not assigned in the right sub-expression. In the case of a
trivial left sub-expression we evaluate the right first.
Currently only binary operations and compare operations are considered
when finding trivial left sub-expressions.
2. Recogize certain simple for-loops with a constant trip count where the loop
variable is always within smi range. If the loop count variable is not
assigned in the body of the loop (except in the update expression the
for-loop). This allows omitting smi checks on operation using the loop
count variable.
Review URL: http://codereview.chromium.org/669155
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Visitor stack overflow is used to signal an unsupported construct in
the flow graph. Check for it in more places. Make the utility
functions for appending to graphs handle more cases if they can be
handled correctly.
Remove the entry node in favor of a block with a NULL predecessor as
single entry. Represent the empty flow graph as a single empty block.
Add empty blocks lazily where needed to preserve edge-split form.
Review URL: http://codereview.chromium.org/804003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4086 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A variable usage analysis pass was run on toplevel and lazily-compiled
code but never used. Remove this pass and the data structures it
builds.
The representation of variable usage for Variables has been changed
from a struct containing a (weighted) count of reads and writes to a
simple flag. VariableProxies are always used, as before. The unused
"object uses" is removed.
Review URL: http://codereview.chromium.org/669270
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The flow graph is built by walking the AST. Edges are labeled with
instructions (AST nodes). Normal nodes have a single predecessor edge and a
single (labeled) successor edge. Branch nodes are explicit, they have a
single predecessor edge and a pair of (unlabeled) successor edges. Merge
nodes are explicit, they have a pair of predecessor edges and a single
(unlabeled) successor edge.
There is a distinguished (normal) entry node and a distinguished (special)
exit node with arbitrarily many predecessor edges and no successor edges.
The graph is intended to support graph-based analysis and transformation.
Review URL: http://codereview.chromium.org/660449
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change adds a post-order numbering to AST nodes that
are relevant for the fast code generator. It is only invoked
together with the fast compiler.
Also changed the ast printer to print the numbering for
testing purposes if it is present.
Review URL: http://codereview.chromium.org/553134
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3738 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
non-optimizing compiler can cope with. By default it bails out
to the old compiler on encountering a for loop (for performance)
but with this change the --always-fast-compiler flag will enable
functions with for loops to be compiled in the non-optimizing
compiler. Also enables the non-optimizing compiler on functions
that can be lazily compiled (again only with the flag).
Review URL: http://codereview.chromium.org/552065
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3667 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
generator.
Contexts are no longer stored in the AST but in the code generator's
state. This means that the running the code generator selector is not
required to use the toplevel code generator (for instance, if we
already know that we can and should use it).
Review URL: http://codereview.chromium.org/546075
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When initializing the special local variable containing the reference to the enclosing
function in named functions we now (correctly) emit an INIT_CONST instead of INIT_VAR,
and we correctly bail out in the top-level code generator.
Also part of this change is adding missing statement position information
for some statements in the top-level code generator.
Review URL: http://codereview.chromium.org/536029
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3587 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Rename the operation of filling a context with a value. Formerly it
was 'Move', now it's 'Apply' so as to avoid confusion with various
other Moves (eg, in the toplevel codegen, in the macro assemblers).
* Use the abstraction Drop rather than math on the stack pointer.
* Add a predicate on AST expression nodes to abstract a repeated test
whether we should us a regular (named) IC or a keyed IC.
Review URL: http://codereview.chromium.org/546006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3580 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Until now we only supported postfix operations on global variables.
This change add generic count operations to the top-level compiler.
I tried to re-use code from the code generator used for assignment expressions
where possible.
Review URL: http://codereview.chromium.org/496009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3530 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Refactor the structure of VisitAssignment: The existing code is not ideal
to be extended with support for compound assignments.
2. Reuse common code for keyed property assigments: Now variables rewritten
to a property (.arguments access) are treated like normal keyed property
assignments. This allows us to remove some code duplication.
Review URL: http://codereview.chromium.org/456024
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3425 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For scripts originating from a call to eval the Script object used to hold a reference to the function from where the eval was called together with the code offset within that function of the eval call. This is used by the stack trace and is part of the debugger protocol. In order to avoid storing the function the script, the position within the script and the name of the function calling eval is stored instead. This avoids holding context dependent objects in the script object.
The calculation of the position of the eval in the script holding the eval is now done when the eval script is compiled as it is not possible to postpone this unless a reference is kept to the generated code for the function calling eval.
BUG=http://code.google.com/p/v8/issues/detail?id=528
TEST=cctest/test-api/Regress528
Review URL: http://codereview.chromium.org/450034
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3393 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change re-allows non-lazy compiled function literals for top-level compilation.
There was a problem on ARM exposed through this change which was fixed as part of r3289
in fast-codegen-arm.cc (Threading and Threading2 tests failed)
It occurred before r3289 when we allocate a local context at the beginning of a function. The
code for the stack check was split up in an unintended way (load of stack check limit into r2,
and use of r2 in the actual stack check code).
Review URL: http://codereview.chromium.org/385070
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
We forgot resetting true-/false-label to NULL after evaluating the
condition expression in dowhile- and while-loops.
This change fixes this.
This causes an assertion to fail in VisitIfStatement whenever there is an
if-statement after a while-loop before. e.g. like in:
var i=0, j=0;
while(j<5) { j++; }
if (i ==0 ) { j++; }
Review URL: http://codereview.chromium.org/371070
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3255 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
There were two separate implementations of the function
'BuildBoilerplate' that is used to compile function declarations and
function literals. The implementations did not do exactly the same
thing. In particular, one ignored the flag --lazy.
Combine the two implementations.
Review URL: http://codereview.chromium.org/360011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3218 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
directly-applied function literals that are themselves compiled with
the top-level code generator.
The choice is guarded by a test that the function is anonymous (thus
not expected to be recursive) and not in a loop.
A compilation hint is set in the shared function info and used to make
the choice.
Review URL: http://codereview.chromium.org/341081
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3206 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
context. Test contexts are used for the left subexpressions of
short-circuited boolean operators. The right subexpressions inherit
their expression context from the binary op expression.
Compilation of short-circuited operations in effect and test context
is straightforward:
effect(e0 || e1) =
test(e0, L0, L1)
L1: effect(e1)
L0:
test(e0 || e1, L0, L1) =
test(e0, L0, L2)
L2: test(e1, L0, L1)
Because the value of the first subexpression may be needed as the
value of the whole expression in a value context, we introduce a
hybrid value/test contest (the value is needed if true, but not if
false).
value(e0 || e1) =
value/test(e0, L0, L1)
L1: value(e1)
L0:
The compilation of value/test and test/value (introduced by boolean
AND) is:
value/test(e0 || e1, L0, L1) =
value/test(e0, L0, L2)
L2: value/test(e1, L0, L1)
test/value(e0 || e1, L0, L1) =
test(e0, L0, L2)
L2: test/value(e1, L0, L1)
Boolean AND is the dual. The AST nodes themselves (not their parents)
are responsible for producing the proper result (effect, value, or
control flow) depending on their context.
Review URL: http://codereview.chromium.org/339082
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3187 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
o.x() and o[expr]()
other changes:
- Fix missing relocation info for StoreIC on global object.
- Generate only one common return sequence instead of always appending
"return <undefined>" at the end of each function: The first JS
return-statement will generate the common return sequence. All
other return-statements will generate a unconditional branch to the common
return sequence.
Review URL: http://codereview.chromium.org/340037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3183 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The code for .result = (b.y = 99) where b is a global variable is:
push [esi+0x17]
mov ecx,0xf5c229ad ;; object: 0xf5c229ad <String[1]: b>
call LoadIC_Initialize
nop
mov [esp],eax
mov eax,0xc6
mov ecx,0xf5c25c41 ;; object: 0xf5c25c41 <String[1]: y>
call StoreIC_Initialize
nop
mov [esp],eax
pop [ebp+0xf4]
There is still some room for improvement in the generated code.
Other changes:
- Replaced switch-statement in FastCodeGenerator::VisitProperty with DropAndMove(...)
- Do not emit nop after IC calls on ARM.
Review URL: http://codereview.chromium.org/347001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
context of the expressions they label. Introduce an "unintialized"
location to catch failure to assign any location at all.
Changed the object literal initialization on ARM to use a Store IC in
the same cases where it did on the other platforms. This was required
because the location of the literal property name is given an
"unitialized" location.
Review URL: http://codereview.chromium.org/339045
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3171 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
location to an Expression AST node from the node's parent to the node
itself.
This allows an inherited code generation context from a parent node to
be passed arbitrarily far down the tree (eg, the subexpression of a
unary not is in the same context as the unary expression itself, the
then and else subexpressions of the ternary operator are in the same
context as the whole expression, and so forth).
We do not yet take advantage of this in the backend (eg, the right
subexpression of short-circuited OR is still compiled by using the
parent's destination location, rather than the subexpression's
itself).
Review URL: http://codereview.chromium.org/340005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3163 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Literals now have a location of temporary by default and are
responsible for moving themselves into their location like all other
expressions.
The constant location turned out not to allow us to avoid checking
subexpressions in AST interior nodes, and it turned out to require
checking after some normal calls to Visit (like for the arguments to a
call). With this change do not have to check after a call to Visit
that we got our result in the expected location.
Review URL: http://codereview.chromium.org/339004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3137 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
I also added more unit tests for literals.
Right now, the fast compiler produces code very similar to
the existing code generator. We may consider different ways to
further compact the generated code for top-level code.
ARM always goes through a runtime function to initialize computed
properties in an object literal whereas IA32 and x64 use StoreIC.
Review URL: http://codereview.chromium.org/316009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3129 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in a non-test (ie, value or effect) context. (It is implicitly not in
a test context because the code generator does not support expressions
in a test context yet.)
Compilation is essentially the same as in the optimized code
generator. The expression (e0 || e1) is compiled as if it were
(let (temp = e0) temp ? temp : e1).
On ia32 and x64 a single shared ToBoolean stub is used to convert a
value to a flag. The inlined checks assumed by the stub are reordered
to compare to undefined (the common case in toplevel code?) first. On
ARM a call to the runtime is used. In the interest of code size no
checks are yet inlined on ARM.
Review URL: http://codereview.chromium.org/334006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
currently compiled the same as with the optimizing compiler: they are
cloned from a boilerplate object and the boilerplate objects are
lazily constructed.
Also changed argument pushing on ARM to use stm (store multiple),
which required changing the order of arguments to the runtime
functions DeclareGlobals and NewClosure. They were only used from
generated code.
Finally, changed the toplevel code generator so that stack pops to
discard a temporary became addition to the stack pointer on ia32 and
x64.
Review URL: http://codereview.chromium.org/303021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3110 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For .result = /abc.*/g we generate the following IA-32 code:
...
mov ebx,[edi+0x17]
mov eax,[ebx+0xb]
cmp eax, 0xf5d0e135 ;; object: 0xf5d0e135 <undefined>
jnz done
push ebx
push 0x2
push 0xf5d13805 ;; object: 0xf5d13805 <String[5]: abc.*>
push 0xf5d13815 ;; object: 0xf5d13815 <String[1]: g>
call RuntimeStub_MaterializeRegExpLiteral
done:
push eax
pop [ebp+0xf4]
...
This is very similar to the code previously generated except we do not
generate deferred code for the case where we call the runtime.
On ARM we use the stm instruction to make pushing the arguments more compact.
Review URL: http://codereview.chromium.org/300037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
