version did not work.

TBR=kbr@chromium.org
Review URL: http://codereview.chromium.org/6295013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6381 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

conversions for external array types, which implement the Typed Array
spec. The new code paths are for SSE3 and SSE2 capable processors.
The code for non-SSE2 processors is unchanged for now. The ARM port
appears to already be correct.

Moved the generation of the external array load and store intrinsics
to the stub cache (on all platforms) so that they are generated at run
time and can take advantage of CPU features.

This functionality is covered by the array-unit-tests.html test in the
WebGL conformance test suite:
http://khronos.org/webgl/wiki/Testing/Conformance
https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/sdk/tests/conformance/array-unit-tests.html

Manually verified all of the SSE3/SSE2/non-SSE2 code paths by enabling
each in turn. Tested in Chromium on 32-bit Mac OS X and 64-bit Linux.

BUG=http://code.google.com/p/chromium/issues/detail?id=50972
TEST=none (see above)

Review URL: http://codereview.chromium.org/6315004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6373 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Extra IC state is only two bits and only supported for call IC-s for
now. To change its extra state an IC stub jumps to a new miss stub
that goes to runtime as usual but then instead of going megamorphic
generates a monomorphic stub with the updated state.

Review URL: http://codereview.chromium.org/6344005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Second attempt: Improve our type feedback by recogizining never-executed IC calls for binary operations.

This is an improved version of my earlier change r5970. It avoids degrading the
non-optimized code.

Initially we emit a conditional branch that is either always- or never-taken
after a smi-check (depending on whether we test for smi for for non-smi)
Since test-eax always sets the carry-flag to 0 we use jump-if-carry and
jump-if-not-carry.

The first invocation of the stub patches a jc with a jz and
jnc with a jnz-instruction so that the code looks exactly as it was
without patching. The only difference is the test- or nop-instruction
after the IC-call.

Review URL: http://codereview.chromium.org/5763004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/5717005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Original change: http://codereview.chromium.org/5733004/

When we have inlined smi code can transition to heap number state before going to the generic state. Without inlined smi code the behaviour is unchanged.

Review URL: http://codereview.chromium.org/5689005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In the case of inlined smi code in non-optimzied code we could not 
distinguish between the smi-only case and the case that the operation was
never executed.

With this change the first execution of a binary operation always jumps
to the stub which in turn patches the smi-check into the correct
conditional branch, so that we benefit from inlined smi code after the
first invocation.

A nop instruction after the call to the BinaryOpIC indicates that no
smi code was inlined. A "test eax" instruction says that there was smi
code inlined and encodes the delta to the patch site and the condition
code of the branch at the patch site to restore the original jump.

Review URL: http://codereview.chromium.org/5714001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3970005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3537003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Contextual load requires only a map check followed by a cell hole
check so we can generate pretty compact code for that. The fact that
we have inlined code is marked by mov ecx, offset instruction after
the IC call. Inlining is only enabled inside loops and in non-builtin
functions.

The generated code size increase is about 3%. This descreased the
pc-to-code cache hit rate in some of the benchmarks that trigger
GC. To compensate we now have 4 times as much entries in the cache.

Review URL: http://codereview.chromium.org/3402014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

r5147 wrongly assumed that a code cache for a slow case map is always empty.
This patch solves this: whenever we attempt to add a stub to a map's code cache 
we check that this map is cached. If it is we give the object its own copy
of the map and only then modify the map.

Review URL: http://codereview.chromium.org/3134027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5342 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3046006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5105 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This change allows generating call-stubs for objects with normal (non-fast) objects in the prototype chain. StubCompiler::CheckPrototypes does ne

If the top level object is a normal object the stub is stored in its prototype map.

Lookup result of type NORMAL is not covered (since the normal stub currently doesn't check the prototype chain).
Review URL: http://codereview.chromium.org/2801018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The IC stub is completely generic, so there will only be one such stub
in the system.

Added a new overloaded version of the macro assembler RecordWrite
method for cases where we have the address we store to computed up
front.

Review URL: http://codereview.chromium.org/2804029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Similar or duplicate checks are scattered around the code before doing the dictionary load. 
Also the entire branch in GenerateCallNormal that handles global/builtin receiver is 
guaranteed to bail out from GenerateDictionaryLoad, so there is no point in generating it at all.

The purpose of the patch is:
- making C++ code more compact and transparent,
- not generating dead code. 

There is a tiny performance gain. The patch is ia32 only for now.

Please tell me if I am missing anything.


Review URL: http://codereview.chromium.org/2801007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This should make access faster for arrays of functions.

Review URL: http://codereview.chromium.org/2754003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This speeds up constructs like this: 
var zz='replace'; '123'[zz]('3','4');

Review URL: http://codereview.chromium.org/2280007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

http://compute1.aar:9013/golem/r4583-v8-serya-length-inlined-vs-4583-v8.html

Review URL: http://codereview.chromium.org/1917006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Keyed store stub sits high in sorting profiles.

Swapping allows to save us additional type checks as we could both read and
write elmenets (on fast path) without them.

Review URL: http://codereview.chromium.org/1709008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4551 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

A separate object type for the code cache have been added. This object has two different code caches. The first one (default_cache) is a fixed array organized in the same way as the as the code cache was before. The second cache (global_access_cache) is for code stubs to access the global object. This cache is organized as a hash table taking the property name and code flags as the key.

The reason for separating the global access stubs into a hash table representation is that the number of these is not bounded in the same was as the other types.

This is a remake of r3952 (http://codereview.chromium.org/652119) which have the additional ability to look for the index of code stubs for access to the global object.

BUG=http://code.google.com/p/v8/issues/detail?id=613

Review URL: http://codereview.chromium.org/717001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4066 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This is a subset of a CL reviewed earlier(http://codereview.chromium.org/551093).
The register usage optimisation part has been reviewed and submitted separately.
Two fast cases supported: HeapNumber operands and String operands for ADD.


Review URL: http://codereview.chromium.org/553117

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/647013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3902 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/603028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3847 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Eliminate unused function KeyedStoreIC::GenerateExtendStorage, and unused parameter from StubCompiler::GenerateStoreField.
Review URL: http://codereview.chromium.org/575022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/583008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3817 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/558067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3754 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=589,27967.

Review URL: http://codereview.chromium.org/555048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The patching of the receiver added in r3616 was not GC-safe and could leave a failure object in place of the receiver if allocation of the wrapper JS object failed.
Review URL: http://codereview.chromium.org/546068

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When a function is called with a value type as the receiver this is now boxed as an object.

This is a low-impact solution where the receiver is only boxed when required. For IC calls to the V8 builtins values are not boxed and as most of the functions on String.prototype, Number.prototype and Boolean.prototype are sitting there most IC calls on values will not need any boxing of the receiver.

For calls which are not IC calls but calls through the CallFunctionStub a flag is used to determine whether the receiver might be a value and only when that is the case will the receiver be boxed.

No changtes to Function.call and Function.apply - they already boxed values. According to the ES5 spec the receiver should not be boxed for these functions, but current browsers have not adopted that change yet.

BUG=223
TEST=test/mjsunit/value-wrapper.js
TEST=test/mjsunit/regress/regress-crbug-3184.js
Review URL: http://codereview.chromium.org/542087

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Instead of going through a runtime function for keyed loads
on strings we invoke a separate specialized stub that
assumes string as receiver type and the key to be a number.

The stub calls a JS builtin function to return the corresponding one-character string.


Review URL: http://codereview.chromium.org/521041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

property name in a register rather than on the stack below the
receiver and arguments.

Implemented only for IA32, passing the name in the ecx register to
match the calling convention of the load ICs.

Review URL: http://codereview.chromium.org/502028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

by checking if the receiver is a global object before diving
into traversing reloc info.
Review URL: http://codereview.chromium.org/491075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3459 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

bug just before committing which broke snapshot builds.  The code is
nearly identical to the previous submit.

TBR=erik.corry@gmail.com
Review URL: http://codereview.chromium.org/491004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3449 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Crashes on Windows.

TBR=erik.corry@gmail.com
Review URL: http://codereview.chromium.org/488006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3446 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Only implemented on ia32 and x64 for now.  The generic keyed load stub
on arm is falling behind and it is time to fix that, but that will be
a separate change.


Review URL: http://codereview.chromium.org/460142

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

specification under development. The optimizations are patterned after
those previously done for CanvasPixelArray. This CL adds all of the
necessary framework but continues to use the generic KeyedLoadIC and
KeyedStoreIC code, to create a baseline for benchmarking purposes. The
next CL will add the optimized ICs to ic-ia32.cc and ic-x64.cc.

These new CanvasArray types have different semantics than
CanvasPixelArray; out-of-range values are clamped via C cast
semantics, which is cheaper than the clamping behavior specified by
CanvasPixelArray. Out-of-range indices raise exceptions instead of
being silently ignored.

As part of this work, pulled FloatingPointHelper::AllocateHeapNumber
up to MacroAssembler on ia32 and x64 platforms. Slightly refactored
KeyedLoadIC and KeyedStoreIC. Fixed encoding for fistp_d on x64 and
added a few more instructions that are needed for the new ICs. The
test cases in test-api.cc have been verified by hand to exercise all
of the generated code paths in the forthcoming specialized ICs.

Review URL: http://codereview.chromium.org/293023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/192075

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2876 ce2b1a6d-e550-0410-aec6-3dcde31c8c00