First of all, it has nothing to do with Isolates, it is related to the assembler
at hand. Furthermore, the saving/restoring is platform-independent. Cleaned up
some platform-specific stuff on the way.
Note that there are some things which still need some cleanup, like e.g. using
EnumSet instead of uint64_t, making Probe() more uniform across platforms etc.,
but the CL is already big enough.
BUG=v8:2487
Review URL: https://codereview.chromium.org/12391055
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13823 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13781 (59f39a06)
Original commit message:
The SymbolTable became the StringTable. I also made sure to adapt all comments. The only remaining use of the term "symbol" (other than unrelated uses in the parser and such) is now 'NewSymbol' in the API and the 'V8.KeyedLoadGenericSymbol' counter, changing which might break embedders.
The one functional change in this CL is that I removed the former 'empty_string' constant, since it is redundant given the 'empty_symbol' constant that we also had (and both were used inconsistently).
BUG=
Review URL: https://codereview.chromium.org/12374074
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13807 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13768 (4996bcd0)
Original commit message:
- Later the different parts will become individual code objects that tailcall into one another.
- The mapcheck/symbol check still needs to be separated from the overall prototype-chain check so that the ICs can reuse the handlers.
BUG=
Review URL: https://codereview.chromium.org/12378061
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13763 (6b32e7d6)
Original commit message:
This fixes the deoptimizer to materialize arguments objects of correct
length even in cases where the actual argument values are unknown and
were optimized away by Crankshaft. This can happen if only the length
property or the identity of an arguments object is used.
BUG=
Review URL: https://codereview.chromium.org/12383076
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13732 (686b0a45)
Original commit message:
This changes FastCloneShallowObjectStub to be compiled independent of
the target architecture. It also adds tracing to the deoptimizer for
compiled stubs and contains some minor bugfixes.
BUG=
Review URL: https://codereview.chromium.org/12389070
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
in preparation of the introduction of ES6 'symbols' (aka private/unique names).
The SymbolTable became the StringTable. I also made sure to adapt all comments. The only remaining use of the term "symbol" (other than unrelated uses in the parser and such) is now 'NewSymbol' in the API and the 'V8.KeyedLoadGenericSymbol' counter, changing which might break embedders.
The one functional change in this CL is that I removed the former 'empty_string' constant, since it is redundant given the 'empty_symbol' constant that we also had (and both were used inconsistently).
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/12210083
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13781 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Unified parameter order of CreateHandle with the rest of v8 on the way. A few
Isolate::Current()s had to be introduced, which is not nice, and not every place
will win a beauty contest, but we can clean this up later easily in smaller steps.
Review URL: https://codereview.chromium.org/12300018
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13585 (4174b9d2)
Original commit message:
This includes:
* Adding support for saving callee-clobbered double registers in Crankshaft code.
* Adding a new "HTrapAllocationMemento" hydrogen instruction to handle AllocationSiteInfo data in crankshafted stubs.
* Adding a new "HAllocate" hydrogen instruction that can allocate raw memory from the GC in crankshafted code.
* Support for manipulation of the hole in HChange instructions for Crankshafted stubs.
* Utility routines to manually build loops and if statements containing hydrogen code.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/12212080
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Initial step towards separating IC (map check(s)), handler frontend
(prototype-check) and handler backend (actual handler code).
- Still need to split the map-check (IC) from rest of the prototype
chain check.
- Still need to turn different parts in own code objects and cache them
in more optimal places.
Review URL: https://chromiumcodereview.appspot.com/12207016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13604 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13533 (2f339757)
Original commit message:
In preparation of supporting stubs that deopt and then need to push their
register-based parameters to an arguments area on the stack that gets properly
collected, add StubFailureTrampolineFrames to hold those parameters.
BUG=
TEST=
Review URL: https://codereview.chromium.org/12087053
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13560 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13475 (0076e1ee)
Original commit message:
With parallel recompilation enabled, objects made accessible by handles may
have changed between graph construction and graph optimization. Therefore
we must not assume that information on those objects remain the same between
those two phases. To police this, we forbid handle dereferencing during
graph optimization.
Exceptions to this rule are:
- Dereferencing the handle to obtain the raw location of the object. This
is safe since parallel recompilation acquires RelocationLock
- Some places that dereference the handle for a type check. These are checked
to be safe on a case-by-case basis.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/12049037
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13477 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13454 (2c0dd0ff)
Original commit message:
HCheckPrototypeMaps currently records the prototype and the holder of the
prototype chain (both ends of the chain) and assumes that the chain elements
and their maps did not change in during the entirety of Crankshaft. The actual
traversal of the prototype chain happens in Lithium at code generation.
With parallel compilation, this assumption is not longer correct.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/12036030
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13476 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13462 (74f0ddf6)
Original commit message:
Incorrect ARM assembly in MacroAssembler::TestJSArrayForAllocationSiteInfo Restored test code in allocation-site-info.js that was failing on ARM because of this bug.
BUG=
TEST=
Review URL: https://codereview.chromium.org/11896037
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13465 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13341 (673c3243)
Original commit message:
The basic idea is to tag OOM-Failure objects with an ID indicating where they were created. This requires changes to equality comparisons.
BUG=
TEST=
Review URL: https://codereview.chromium.org/11972002
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13395 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13330 (6d9ce8a8)
Original commit message:
Adapt Danno's Track Allocation Info idea to fast literals. When allocating a literal array, we store an AllocationSiteInfo object right after the JSArray, with a pointer to the boilerplate object. Later, if the array transitions we check for the continued existence of the temporary AllocationSiteInfo object (has no roots). If found, we'll use it to transition the boilerplate array as well.
Danno's original changeset: https://codereview.chromium.org/10615002/
BUG=
TEST=
Review URL: https://codereview.chromium.org/11783048
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13339 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13320 (916d70a6)
Original commit message:
Remove code specific to KeyedLoadICs in DoCompiledStubFrame on all platforms, driving stub frame translation by the register parameter information found in a stub's CodeStubInterfaceDescriptor.
BUG=
TEST=
Review URL: https://codereview.chromium.org/11783046
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13336 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r13288 (5fa2c889)
Original commit message:
This change associates TypeFeedbackIds with ToBoolean stubs in
full-compiled code on ARM, allowing their information to be used in
Crankshaft. This eliminates unnecessary checks, especially in
DoBranch.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/11801003
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
There are now NONE and NONE64 RelocInfo types, but only ARM uses them
both at the same time. They were added in:
https://chromiumcodereview.appspot.com/11191029/
I'll rename NONE to NONE32 in a later CL.
This CL cleans up the RelocInfo::NONE usage by:
- Using RelocInfo::IsNone when testing for NONE-ness.
- Using NONE on 32-bit platforms (MIPS and IA32), and NONE64 on 64-bit
platforms (x64).
This cleans up the code and prevents it from evolving bugs in the future
because NONE32 and NONE64 are used in misleading ways.
R= ulan@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11695006
Patch from JF Bastien <jfb@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This makes the DeoptimizeAll function O(n) instead of O(n^2) where n in the number of optimized functions.
Before this change, DeoptimizeAll iterated over the optimized function list and called DeoptimizingVisitor for each function. The visitor iterated over the optimized function list again to remove the functions that share the same optimized code.
This change partitions the optimized function list into one or more lists of related functions in one pass over the optimized function list.
R=mstarzinger@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11547015
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13226 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Making the code size predictable is hard, and to make things even more
complicated, the start of a function can contain various stuff like calls to a
profiling hook, receiver adjustment or dynamic frame alignment. Instead of
tackling all these problems separately, we now simply record the offset where
patching should happen later in the Code object itself.
Review URL: https://codereview.chromium.org/11316218
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13081 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r12898 (69ff6e50)
Original commit message:
When code objects in the heap for FUNCTIONs and OPTIMIZED_FUNCTIONs are marked by the GC, their prologue is patched with a call to a stub that removes the patch. This allows the collector to quickly identify code objects that haven't been executed since the last full collection (they are the ones that sill contain the patch). The functionality is currently disabled, but can be activated by specifying the "--age-code".
BUG=
TEST=
Review URL: https://codereview.chromium.org/11358252
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This fixes a corner case when the instance prototype of a function is
changed while inobject slack tracking is still in progress. This caused
the intial map to be unrelated for functions with the same shared info
and hence the shared construct stub is no longer generic enough to work
for all those functions.
R=danno@chromium.org
BUG=chromium:157019
TEST=mjsunit/regress/regress-crbug-157019
Review URL: https://codereview.chromium.org/11293059
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Previously Crankshaft emitted a generic load for these, now we emit a load of a
named field, guarded by a proto chain check.
LCheckPrototypeMaps now returns the holder, which is for free, because it
already had to check its map as the last step, anyway. This is in sync with what
StubCompiler::CheckPrototype does.
Review URL: https://codereview.chromium.org/11338030
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r12373 (9fdde2ad)
Original commit message:
Fix DoDeferredNumberTagU to keep the value in xmm1 instead of xmm0 on x64.
xmm0 is not saved across runtime call on x64 because MacroAssembler::EnterExitFrameEpilogue preserves only allocatable XMM registers unlike on ia32 where it preserves all registers.
Cleanup handling of shifts: SHR can deoptimize only when its a shift by 0, all other shift never deoptimize.
Fix type inference for i-to-t change instruction. On X64 this ensures that write-barrier is generated correctly.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10876054
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
We use marking bits in nops (in the 'sa' field) for debug markers, and for some IC stuff. A normal NOP in mips is sll(zero_reg, zero_reg, 0), where the 0 is a 5 bit immediate field in 'sa'.
See enum NopMarkerTypes at around line 654 of assembler-mips.h
The problem is that these markers use encodings that are reserved for the 'ssnop' and 'ehb' instructions. These are instructions used for hazard barriers.
It does not break anything, but it will slow things down a little bit as some pipeline stages are cleared, etc.
This commit changes the "marked" NOPs to sll(zero_reg, at, type) instructions, which is also a NOP operation on MIPS.
BUG=
TEST=
Review URL: https://codereview.chromium.org/10990110
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r12492 (479be376)
Original commit message:
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own descriptor array or not.
Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.
We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10918287
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This fixes materialization of arguments objects for strict mode functions during
deoptimization. We materialize arguments from the stack area where optimized
code pushes the arguments when entering the inlined environment. For adapted
invocations we use the arguments adaptor frame for materialization.
R=svenpanne@chromium.org
BUG=v8:2261
TEST=mjsunit/regress/regress-2261,mjsunit/compiler/inline-arguments
Review URL: https://chromiumcodereview.appspot.com/10908194
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12489 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r12383 (881d7d4d)
Original commit message:
Accessing Lithium operands via position is fragile and makes it impossible to
statically find all uses of a given operand. This CL is a step towards cleaning
this up, more to come...
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/10911021
Patch from Akos Palfi <palfia@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12423 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
