- 15 Aug, 2012 1 commit
-
-
svenpanne@chromium.org authored
Currently we inline functions with different contexts only on ia32, so we have to move the helper functions for the various contexts to the top level. Further more, "new Object()" seems to prevent inlining, too, so we us a simple object literal. Although things get consistently inlined now, something strange seems to happen in test/effect contexts: The DEOPT output seems to contain too few frames, and we don't get any DEOPT ouput after the first time for those contexts. This has to be investigated... TBR=mstarzinger@chromium.org Review URL: https://chromiumcodereview.appspot.com/10836258 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12312 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 10 Aug, 2012 2 commits
-
-
yangguo@chromium.org authored
R=ulan@chromium.org BUG= Review URL: https://chromiumcodereview.appspot.com/10855099 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
svenpanne@chromium.org authored
Currently only simple setter calls are handled (i.e. no calls in count operations or compound assignments), and deoptimization in the setter is not handled at all. Because of the latter, we temporarily hide this feature behind the --inline-accessors flag, just like inlining getters. We now use an enum everywhere we depend on the handling of a return value, passing around several boolean would be more confusing. Made VisitReturnStatement and the final parts of TryInline more similar, so matching them visually is a bit easier now. Simplified the signature of AddLeaveInlined, the target of the HGoto can simply be retrieved from the function state. Review URL: https://chromiumcodereview.appspot.com/10836133 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12286 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 27 Jun, 2012 2 commits
-
-
mstarzinger@chromium.org authored
R=yangguo@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://chromiumcodereview.appspot.com/10689005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11942 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mstarzinger@chromium.org authored
R=yangguo@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://chromiumcodereview.appspot.com/10703005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11940 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 14 Jun, 2012 1 commit
-
-
fschneider@chromium.org authored
Each SharedFunctionInfo gets an optimized code map to store one optimized code object per context. When allocating a new closure we consult this map and check if there is optimized code that can be shared. This patch is based on an original patch by Anton Muhin (http://codereview.chromium.org/6793013/). BUG=v8:2087, v8:2094 TEST=test/mjsunit/compiler/optimized-closures.js Review URL: https://chromiumcodereview.appspot.com/10103035 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 04 May, 2012 1 commit
-
-
mstarzinger@chromium.org authored
R=danno@chromium.org TEST=mjsunit/compiler/inline-construct Review URL: https://chromiumcodereview.appspot.com/10332010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 20 Apr, 2012 1 commit
-
-
svenpanne@chromium.org authored
This change makes experiments with inlining limits much easier. Note that the default values for the limits keep their old values for now. Renamed things a bit for more consistency. Review URL: https://chromiumcodereview.appspot.com/10162001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11397 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 19 Apr, 2012 1 commit
-
-
fschneider@chromium.org authored
~~ is commonly used to truncate a value to int32 (ToInt32). This change avoid actually emitting the bitwise operations, and just truncates the subexpression of ~~. BUG=v8:2037 TEST=test/mjsunit/compiler/optimize-bitnot.js Review URL: https://chromiumcodereview.appspot.com/10123007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11390 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 16 Apr, 2012 1 commit
-
-
mstarzinger@chromium.org authored
R=erik.corry@gmail.com TEST=test262/S7.8.4_A6.*,test262/S7.8.4_A7.* Review URL: https://chromiumcodereview.appspot.com/9490006 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11340 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 11 Apr, 2012 1 commit
-
-
vegorov@chromium.org authored
When pushing arguments use correct initial values instead of fetching them from the environment which can be modified. R=fschneider@chromium.org TEST=test/mjsunit/compiler/inline-arguments.js Review URL: https://chromiumcodereview.appspot.com/10033028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11274 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 23 Mar, 2012 1 commit
-
-
vegorov@chromium.org authored
We are inserting HPushArgument instructions after HEnterInlined based on the environment at the point of the first arguments access. Which might create use before def if there are redundant phis in the environment. Review URL: https://chromiumcodereview.appspot.com/9837041 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11128 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 22 Mar, 2012 1 commit
-
-
vegorov@chromium.org authored
R=fschneider@chromium.org TEST=test/mjsunit/compiler/inline-arguments.js Review URL: https://chromiumcodereview.appspot.com/9837002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 20 Mar, 2012 1 commit
-
-
vegorov@chromium.org authored
R=mstarzinger@google.com BUG=V8:2014 TEST=test/mjsunit/compile/inline-arguments.js Review URL: https://chromiumcodereview.appspot.com/9750007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11098 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 13 Mar, 2012 1 commit
-
-
vegorov@chromium.org authored
We do not know if we are going to need it and creating it lazyly might cause us to insert it at the block that does not dominate all uses. R=mstarzinger@chromium.org TEST=mjsunit/compiler/inline-arguments.js Review URL: https://chromiumcodereview.appspot.com/9692046 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11024 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 12 Mar, 2012 1 commit
-
-
vegorov@chromium.org authored
Support arguments materialization after deoptimization in all frames (not only in topmost one). R=fschneider@chromium.org Review URL: https://chromiumcodereview.appspot.com/9643001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11008 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 05 Mar, 2012 1 commit
-
-
mstarzinger@chromium.org authored
Inlined strict mode functions (that are not called as methods) will get their receiver reset to undefined. This should not happen when inlining constructors. This change also simplifies the test suite to reuse the same closures into which constructors get inlined and use gc() to force V8 to forget collected type feedback. R=vegorov@chromium.org TEST=mjsunit/compiler/inline-construct Review URL: https://chromiumcodereview.appspot.com/9597017 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 01 Mar, 2012 2 commits
-
-
fschneider@chromium.org authored
The old code used a separate HToInt32 instruction which had a wrong register constraint for the input register which caused wrong result when the stored value is used after a typed array store. (UseRegister instead of UseTempRegister) when no SSE3 is available. This change fixes it by replacing HToInt32 with the corresponding HChange instruction which has correct register contraints. TEST=mjsunit/compiler/regress-toint32.js Review URL: https://chromiumcodereview.appspot.com/9565007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10891 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mstarzinger@chromium.org authored
Generates inlined code for object allocation specific to the initial map of the given constructor function. Also forces completion of inobject slack tracking while crankshafting to finalize instance size of these objects. R=vegorov@chromium.org TEST=mjsunit/compiler/alloc-object Review URL: https://chromiumcodereview.appspot.com/9370019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10881 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 28 Feb, 2012 1 commit
-
-
mstarzinger@chromium.org authored
R=vegorov@chromium.org,kmillikin@chromium.org Review URL: https://chromiumcodereview.appspot.com/9304001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 27 Feb, 2012 1 commit
-
-
vegorov@chromium.org authored
Additionally force increment instruction to use int32 representation. R=fschneider@google.com BUG=http://crbug.com/115646 TEST=test/mjsunit/compiler/optimized-for-in.js Review URL: https://chromiumcodereview.appspot.com/9463052 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10844 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 23 Feb, 2012 2 commits
-
-
mstarzinger@chromium.org authored
TBR=vegorov@chromium.org BUG=v8:1322 Review URL: https://chromiumcodereview.appspot.com/9453012 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10813 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mstarzinger@chromium.org authored
R=fschneider@chromium.org,vegorov@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://chromiumcodereview.appspot.com/9453007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 22 Feb, 2012 2 commits
-
-
vegorov@chromium.org authored
Modify PreProcessOsrEntry to work with OSR entries that have non-empty expression stack. Modify graph builder to take for-in state from environment instead of directly referencing emitted instructions. Extend %OptimizeFunctionOnNextCall with an argument to force OSR to make writing OSR tests easier: %OptimizeFunctionOnNextCall(f, "osr"). R=fschneider@chromium.org TEST=test/mjsunit/compiler/optimized-for-in.js Review URL: https://chromiumcodereview.appspot.com/9431030 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10796 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
vegorov@chromium.org authored
Only JSObject enumerables with enum cache (fast case properties, no interceptors, no enumerable properties on the prototype) are supported. HLoadKeyedGeneric with keys produced by for-in enumeration are recognized and rewritten into direct property load by index. For this enum-cache was extended to store property indices in a separate array (see handles.cc). New hydrogen instructions: - HForInPrepareMap: checks for-in fast case preconditions and returns map that contains enum-cache; - HForInCacheArray: extracts enum-cache array from the map; - HCheckMapValue: map check with HValue map instead of immediate; - HLoadFieldByIndex: load fast property by it's index, positive indexes denote in-object properties, negative - out of object properties; Changed hydrogen instructions: - HLoadKeyedFastElement: added hole check suppression for loads from internal FixedArrays that are knows to have no holes inside. R=fschneider@chromium.org BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/9425045 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 16 Feb, 2012 3 commits
-
-
mstarzinger@chromium.org authored
This extends the current support for nested object literals we already have in Crankshaft, to also support nested array literals and mixed nested literals containing arrays and objects. All three types are generated by the unified HFastLiteral instruction. All previous upper bounds on nested literal graphs remain unchanged, keeping the size of generated code in check. The main intention is to boost performance of two-dimensional array literals containing constant elements (aka. matrices). R=danno@chromium.org TEST=mjsunit/compiler/literals-optimized Review URL: https://chromiumcodereview.appspot.com/9403018 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mstarzinger@chromium.org authored
TBR=fschneider@chromium.org BUG=v8:1322 Review URL: https://chromiumcodereview.appspot.com/9417013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
mstarzinger@chromium.org authored
R=fschneider@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://chromiumcodereview.appspot.com/9419005 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10721 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 14 Feb, 2012 1 commit
-
-
mstarzinger@chromium.org authored
R=fschneider@chromium.org BUG=v8:1322 TEST=mjsunit/compiler/inline-literals Review URL: https://chromiumcodereview.appspot.com/9388007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10689 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 08 Feb, 2012 1 commit
-
-
fschneider@chromium.org authored
Until now we only could inline as specialized HIR instructions when called as a method (e.g. Math.abs) It is very common practice to abbreviate calls to those functions by defining a global or local variable like: var a = Math.abs; var x = a(123); This change allows inlining them when called as a function (global or local). Review URL: https://chromiumcodereview.appspot.com/9365013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 24 Jan, 2012 1 commit
-
-
vegorov@chromium.org authored
Review URL: https://chromiumcodereview.appspot.com/9265004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 07 Dec, 2011 1 commit
-
-
fschneider@chromium.org authored
We're not allowed to modify the input register and have to use a temporary instead, otherwise the result of expressions containing Math.round can be wrong. BUG=106351 TEST=test/mjsunit/compiler/regress-106351.js Review URL: http://codereview.chromium.org/8833007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10190 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 16 Nov, 2011 1 commit
-
-
fschneider@chromium.org authored
Changes the way we do lazy deoptimization: 1. For side-effect instructions, we insert the lazy-deopt call at the following LLazyBailout instruction. CALL GAP LAZY-BAILOUT ==> lazy-deopt-call 2. For other instructions (StackCheck) we insert it right after the instruction since the deopt targets an earlier deoptimization environment. STACK-CHECK GAP ==> lazy-deopt-call The pc of the lazy-deopt call that will be patched in is recorded in the deoptimization input data. Each Lithium instruction can have 0..n safepoints. All safepoints get the deoptimization index of the associated LAZY-BAILOUT instruction. On lazy deoptimization we use the return-pc to find the safepoint. The safepoint tells us the deoptimization index, which in turn finds us the PC where to insert the lazy-deopt-call. Additional changes: * RegExpLiteral marked it as having side-effects so that it gets an explicitlazy-bailout instruction (instead of treating it specially like stack-checks) * Enable target recording CallFunctionStub to achieve more inlining on optimized code. BUG=v8:1789 TEST=jslint and uglify run without crashing, mjsunit/compiler/regress-lazy-deopt.js Review URL: http://codereview.chromium.org/8492004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 14 Nov, 2011 1 commit
-
-
fschneider@chromium.org authored
This test depends on OSR being triggered. That's why I can't use %OptimizeFunctionOnNextCall. Review URL: http://codereview.chromium.org/8555004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9987 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 08 Nov, 2011 1 commit
-
-
keuchel@chromium.org authored
This reverts r9896 "Revert r9870 due to browser-test failures." See below for the diff from the previous version for the ia32 platform. The code for other platforms has been changed accordingly. TEST=mjsunit/compiler/lazy-const-lookup.js diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc index 2cbf518..1990f2f 100644 --- a/src/ia32/full-codegen-ia32.cc +++ b/src/ia32/full-codegen-ia32.cc @@ -1258,13 +1258,17 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy) { // binding is initialized: // function() { f(); let x = 1; function f() { x = 2; } } // - // Check that we always have valid source position. - ASSERT(var->initializer_position() != RelocInfo::kNoPosition); - ASSERT(proxy->position() != RelocInfo::kNoPosition); - bool skip_init_check = - var->mode() != CONST && - var->scope()->DeclarationScope() == scope()->DeclarationScope() && - var->initializer_position() < proxy->position(); + bool skip_init_check; + if (var->scope()->DeclarationScope() != scope()->DeclarationScope()) { + skip_init_check = false; + } else { + // Check that we always have valid source position. + ASSERT(var->initializer_position() != RelocInfo::kNoPosition); + ASSERT(proxy->position() != RelocInfo::kNoPosition); + skip_init_check = var->mode() != CONST && + var->initializer_position() < proxy->position(); + } + if (!skip_init_check) { // Let and const need a read barrier. Label done; Review URL: http://codereview.chromium.org/8479034 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9915 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 26 Oct, 2011 1 commit
-
-
fschneider@chromium.org authored
This change fixes a off-by-one level error when dropping the function from the environment. The function of the outermost environment was not dropped. BUG=v8:1785 TEST=test/mjsunit/compiler/regress-inline-callfunctionstub.js Review URL: http://codereview.chromium.org/8341019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9789 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 24 Oct, 2011 2 commits
-
-
fschneider@chromium.org authored
This change is based on my previous change enabling inlining calls-as-function fixing the bugs related to deoptimization. The function value on top of the environment was dropped too late in the old code. As a result we could get a wrong value on top after deoptimization. This change includes r9619. It was reverted because of test failures that are fixed with this patch. Review URL: http://codereview.chromium.org/8360001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9758 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
keuchel@chromium.org authored
Review URL: http://codereview.chromium.org/8344082 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9746 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 17 Oct, 2011 1 commit
-
-
mstarzinger@chromium.org authored
According to the ES5 spec all ">" and "<=" expressions should be be evaluated left-to-right. This obsoletes old hacks for reversing the order to be ES3 compliant. R=lrn@chromium.org BUG=v8:1752 Review URL: http://codereview.chromium.org/8275035 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 20 Sep, 2011 1 commit
-
-
fschneider@chromium.org authored
We have to check for uninitialized uses before phi-elimination. Otherwise we may miss such a use and result in using the hole value instead. This causes a NULL-dereference or assertion failure. BUG=96989 TEST=mjsunit/compiler/regress-96989.js Review URL: http://codereview.chromium.org/7974009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9337 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-