danno@chromium.org
afcfa7d2b7
Keep new arrays allocated with 'new Array(N)' in fast mode (revisited)
...
Also explicit length setting with a.length = N should remain in fast mode.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/416403002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-28 13:12:26 +00:00
danno@chromium.org
b5a5148260
Revert 22595: "Keep new arrays allocated with 'new Array(N)' in fast mode"
...
Due to failures in mjsunit/array-functions-prototype-misc
TBR=verwaest@chromium.org
Review URL: https://codereview.chromium.org/417953004
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-24 13:38:05 +00:00
danno@chromium.org
ac89b17813
Keep new arrays allocated with 'new Array(N)' in fast mode
...
Also explicit length setting with a.length = N should remain in fast mode.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/397593008
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22595 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-24 12:08:23 +00:00
danno@chromium.org
1d2a4b8333
Remove experimental flags that are now required
...
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/397253002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22461 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-18 07:17:21 +00:00
mvstanton@chromium.org
e3af6b1821
Test mjsunit/allocation-site-info is flaky without explicit gc()
...
It started failing on arm64 nosnap during a test case where complex nested
literal arrays are created.
R=machenbach@chromium.org
BUG=
Review URL: https://codereview.chromium.org/367703002
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22125 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-01 14:51:11 +00:00
mvstanton@chromium.org
535f3427ca
Pretenure call new support.
...
When FLAG_pretenure_call_new is on, we emit mementos on new object creation
in full code, and consume the feedback in crankshaft. A key difference in the
generated code for stubs is the allocation of an additional type vector slot for the
CallNew AST node, which simplifies the CallConstructStub and CallFunctionStub
considerably.
Some performance tuning still needs to be addressed, therefore the flag is off at
this moment, though fully functional. The goal is to remove the flag as soon as
possible, which allows much code deletion (yay).
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/132963012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20076 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-03-19 13:39:09 +00:00
mvstanton@chromium.org
8bcdbc354f
Revert "Add a premonomorphic state to the call target cache."
...
This reverts commit r19402
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/169713002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19412 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 14:22:18 +00:00
mvstanton@chromium.org
be731e6c95
Add a premonomorphic state to the call target cache.
...
From a CL by kasperl: https://codereview.chromium.org/162903004/
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/163413003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19402 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-02-17 11:59:45 +00:00
machenbach@chromium.org
1864f7388e
Add infrastructure for skipping tests in GC stress mode.
...
Also move the GC stress configuration from the buildbot to the test runner.
BUG=
R=jkummerow@chromium.org , mvstanton@chromium.org
Review URL: https://codereview.chromium.org/141653008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18708 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-21 12:41:25 +00:00
mvstanton@chromium.org
fc5834343f
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Committed: https://code.google.com/p/v8/source/detail?r=18385
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-01-07 15:58:25 +00:00
hpayer@chromium.org
f583b73b70
Revert "Remove flag track-allocation-sites."
...
This reverts commit 6c430da40efe388035504d3603756aa8c46ed1dc.
BUG=
Review URL: https://codereview.chromium.org/109303006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18386 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 12:04:34 +00:00
mvstanton@chromium.org
e654c88fab
Remove flag track-allocation-sites.
...
The flag has been on in the build for ~9 months, and we aren't likely to turn it off. The only customer of the flag is a set of tests that want to verify transitioning behavior in isolation. This CL removes the flag and updates those tests to get what they want without the flag.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/104923010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18385 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-12-20 11:46:31 +00:00
mvstanton@chromium.org
cec8548d0e
Correct handling of arrays with callbacks in the prototype chain.
...
Our generic KeyedStoreIC doesn't handle the case when a callback is
set on array elements in the prototype chain of the object, nor do
we recognize that we need to avoid the monomorphic case if these
callbacks exist.
This CL addresses the issue by looking for dictionary elements in
the prototype chain on IC misses and crankshaft element store
instructions. When found, the generic IC is used. The generic IC is
changed to go to the runtime in this case too.
In general, keyed loads are immune from this problem because they
won't return the hole: discovery of the hole goes to the runtime where
the callback will be found in the prototype chain. Double array loads
in crankshaft can return the hole but only if the prototype chain is
unaltered (we will catch such alterations).
Includes the following patch as well (already reviewed by bmeurer):
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
(Review URL for the ElementsTransitionAndStoreIC_Miss change:
https://codereview.chromium.org/26911007 )
R=danno@chromium.org
Review URL: https://codereview.chromium.org/35413006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17525 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-11-06 15:45:43 +00:00
mstarzinger@chromium.org
3e0f828b8f
Revert "TransitionAndStoreStub bailout needs to transition (and store)."
...
This reverts commit r17216 breaking fast/js/cross-frame-bad-time.html test.
R=mvstanton@chromium.org
TEST=webkit:fast/js/cross-frame-bad-time.html
Review URL: https://codereview.chromium.org/27516002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17241 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 14:17:31 +00:00
mvstanton@chromium.org
8f9f192f6e
AllocationSites for all literals
...
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/24250005
Review URL: https://codereview.chromium.org/27366003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-16 08:10:36 +00:00
mvstanton@chromium.org
f4edc076d8
Revert "AllocationSites for all literals"
...
This reverts commit r17219 due to WebKit failures.
R=mstarzinger@chromium.org
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/26539010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17222 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 15:35:23 +00:00
mvstanton@chromium.org
362c0cfbca
AllocationSites for all literals
...
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/24250005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17219 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 14:52:58 +00:00
mvstanton@chromium.org
3769a2d24d
TransitionAndStoreStub bailout needs to transition (and store).
...
Performance regression found in test regress-2185-2.js. The problem was
that the bailout method for TransitionAndStoreStub was not performing
the appropriate transition.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/26911007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17216 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-10-15 12:42:03 +00:00
mvstanton@chromium.org
53194b44ba
Allocation site tests aren't compatible with GcStress mode.
...
They make assumptions about elementskind of arrays based on allocation site
feedback. This feedback is highly dependent on mementos, unrooted objects
placed behind arrays in the heap meant to live until the next scavenge.
GcStress does many more gcs than normal, and wrecks havoc with this kind
of test.
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/23449042
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 13:32:00 +00:00
mvstanton@chromium.org
59c32b6481
Transitions from DOUBLE to FAST were not checking for allocation site info.
...
This creates a confusing result. It's better to let allocation sites
transition to their end state than artificially stop tracking at the
double/fast boundary.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/22868004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16820 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-19 09:48:50 +00:00
yangguo@chromium.org
cd41cb9b6d
Turn on parallel recompilation for tests that assert optimization status.
...
R=mvstanton@chromium.org
BUG=
Review URL: https://codereview.chromium.org/19807002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15793 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-22 09:16:33 +00:00
mvstanton@chromium.org
10615aef7b
AllocationSites: when updating allocation site transition information,
...
be careful to merge feedback appropriately. For example, one array may
have gone holey, and then another allocated at the same place instead
went DOUBLE but remained packed. In this case the ElementsKind
ultimately stored in the AllocationSite should be HOLEY_DOUBLE.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/18531007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 13:08:36 +00:00
mvstanton@chromium.org
b61dfd4a82
A bug in AllocationSite::GetMode(from, to) meant that we didn't update
...
boilerplates for SMI to SMI_HOLEY transitions.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/18917003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-11 09:39:22 +00:00
mvstanton@chromium.org
c1e19bfc35
Bugfix: The general array constructor stub did not handle the case
...
properly when it is called with a function pointer in the type cell,
instead assuming that an AllocationSite object should be present. The
case where this can happen is if the cell is uninitialized, then the
first constructor call made is to the Array function of a different
context. In that case, we'll store the function pointer in the cell,
and then go ahead and call the array constructor stub too. The bug is
fixed by checking for the AllocationSite object map. If not found, the
constructor stub goes forward with a default ElementsKind, just as in
several other cases.
A test in allocation-site-info.js was beefed up to make sure the state
chain described above is traversed.
BUG=
R=hpayer@chromium.org , hpayer@google.com
Review URL: https://codereview.chromium.org/18277006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15555 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 14:41:54 +00:00
mvstanton@chromium.org
faaa90d13c
Allocation-site-info test, removed TODOs.
...
Some code was commented out earlier as a todo. Now the code can be reenabled,
because allocation site feedback is working there again.
BUG=
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/18753005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15543 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-07-08 09:11:56 +00:00
mvstanton@chromium.org
83519ec87a
Hydrogen array constructor cleanup and improvements
...
* Cleanup of LCallNewArray::PrintDataTo() method
* Created HCallNewArray::PrintDataTo()
* Created many more tests in array-constructor-feedback.js
* Removed redundant instructions in
GenerateRecordCallTarget
* Bugfix in CreateArrayDispatchOneArgument: on a call to
new Array(0), we'd like to set the type feedback cell to
a packed elements kind, but we shouldn't do it if the
cell contains the megamorphic sentinel.
* When used from crankshaft, ArrayConstructorStubs can
avoid verifying that the function being called is the
array function from the current native context, relying
instead on the fact that crankshaft issues an
HCheckFunction to protect the constructor call. (this
new minor key is used in LCodeGen::DoCallNewArray(), and
influences code generation in
CodeStubGraphBuilderBase::BuildArrayConstructor()).
* Optimization: the array constructor specialized for
FAST_SMI_ELEMENTS can save some instructions by looking
up the correct map on the passed in constructor, rather
than indexing into the array of cached maps per element
kind.
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/17091002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15383 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-28 13:16:14 +00:00
mvstanton@chromium.org
081134ecd1
Removed flag optimize-constructed-arrays.
...
This eliminates a large amount of hand-written assembly in the platforms.
BUG=
R=danno@chromium.org , mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/16453002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15328 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-25 16:31:07 +00:00
mvstanton@chromium.org
5b2c1a50d9
HCheckFunction is needed to protect new array constructors in
...
crankshafted code.
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/16944006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-13 14:29:01 +00:00
mvstanton@chromium.org
a9a80fb422
Allocation type info advice consumed in bailout path leads to assert failure.
...
If the runtime is taken for a constructor like "new Array(100000)", where
allocation site info already led to an elements kind of DOUBLE, then the runtime
would fail to transition the array to dictionary mode. Better to recognize this
case and avoid wasting time by following the advice. Furthermore, it offers a
way to recognize that the array should be in dictionary mode (though a future
checkin will capitalize on that).
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/15993012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-06 09:26:30 +00:00
mvstanton@chromium.org
3d3c6b1599
Special Array constructor type feedback erroneously recorded when Array
...
was called as a function. Issue was found with optimize_constructed_array
turned on. This patch makes the fix, and turns the flag back on.
BUG=244461
R=danno@chromium.org
Review URL: https://codereview.chromium.org/16057005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-06-03 14:46:23 +00:00
mstarzinger@chromium.org
26e7936e27
Re-enable allocation-site-info test case.
...
R=svenpanne@chromium.org
TEST=mjsunit/allocation-site-info
Review URL: https://codereview.chromium.org/16192002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-29 08:29:25 +00:00
mvstanton@chromium.org
1a4482ab3f
Missing type cell on ia32 from bindings.
...
Javascript constructors called from C++ code didn't have a type cell
properly filled in on ia32. This showed up as a bug in webkit bindings.
Re-enabled flag optimize-constructed-arrays.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/15870002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14775 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-23 13:45:33 +00:00
mvstanton@chromium.org
239b2830cc
Turning off optimize-constructed-arrays to investigate a WebKit/bindings issue.
...
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/15303002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14718 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-17 12:33:48 +00:00
mvstanton@chromium.org
31b8fc19c3
With flag optimize-constructed-arrays on, ARM and MIPS suffered a performance degrade due to incorrect code in GenerateRecordCallTarget().
...
The CL also enables flag optimize-constructed-arrays.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/14772043
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-15 15:17:01 +00:00
mvstanton@chromium.org
f5ad8e4469
Turn off optimize-constructed-arrays flag to investigate ARM perf issue
...
BUG=
R=danno@chromium.org
Review URL: https://codereview.chromium.org/14753007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14588 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-08 08:49:29 +00:00
mvstanton@chromium.org
d7b013de57
Becuase of cross-context calls, hydrogen-based Array constructor needs to ensure
...
the array constructor pointer passed in matches that of the current context.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/14846017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-05-07 21:01:53 +00:00
dslomov@chromium.org
1da21f1868
Revert "Flag optimize-constructed-arrays turned on."
...
This reverts commit r14491.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-30 11:23:34 +00:00
mvstanton@chromium.org
ff57a1062b
Flag optimize-constructed-arrays turned on.
...
This routes array construction through a hydrogen stub, and enables use of
allocation site info tracking.
BUG=
Review URL: https://codereview.chromium.org/14616010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-30 08:22:05 +00:00
mvstanton@chromium.org
e751ad06d9
Constructed arrays can be created with Hydrogen code stubs. The feature is still off by default (--optimize-constructed-arrays).
...
BUG=
Review URL: https://codereview.chromium.org/12385014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14441 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-25 16:00:32 +00:00
hpayer@chromium.org
2db9e62fc8
Build fast literals in hydrogen.
...
BUG=
Review URL: https://codereview.chromium.org/12880017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@14211 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-04-10 13:52:08 +00:00
mvstanton@chromium.org
c4caf766bf
Allocation Info Tracking, continued.
...
Addresses missing cases for array literals.
Adds support for "new Array()" call sites. This isn't complete yet, I have to run with --noinline_new.
BUG=
Review URL: https://codereview.chromium.org/11818021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-03-01 16:06:34 +00:00
mvstanton@chromium.org
90d0f18007
Incorrect ARM assembly in MacroAssembler::TestJSArrayForAllocationSiteInfo
...
Restored test code in allocation-site-info.js that was failing on ARM because of this bug.
BUG=
Review URL: https://codereview.chromium.org/12045017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13462 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-22 10:49:23 +00:00
mvstanton@chromium.org
c3746b4388
allocation-site-info.js broken on arm with new changes. Reverting to previous version until diagnosed.
...
Regress-2185.js test takes too long on slow path when allocation site info is discovered.
BUG=
Review URL: https://codereview.chromium.org/12049003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13456 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-21 16:15:08 +00:00
mvstanton@chromium.org
3414a514cd
Fixed test failure.
...
A test case erroneously expected a transition to a double array, but the array remains FAST_SMI.
In person LGTM from Danno...
BUG=
Review URL: https://codereview.chromium.org/12038008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13447 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-21 13:21:53 +00:00
mvstanton@chromium.org
d7d917e6f0
Out of bounds memory access in TestJSArrayForAllocationSiteInfo.
...
The function intended to check the map pointer of an AllocationSiteInfo object, but neglected to
subtract an offset to do so.
BUG=169928
Review URL: https://codereview.chromium.org/11931037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-21 12:26:29 +00:00
mvstanton@chromium.org
7884216804
Additional work to get array literal allocation tracking working, even with --always-opt
...
BUG=
Review URL: https://codereview.chromium.org/11817017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13406 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-01-17 08:41:27 +00:00