Review URL: http://codereview.chromium.org/3970005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5698 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3446024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5538 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

There are 3 methods where early return happen before the 
miss label is bound. This is harmless in Release mode, 
in Debug an assertion fails.

Review URL: http://codereview.chromium.org/3405022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3327022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5499 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Contextual load requires only a map check followed by a cell hole
check so we can generate pretty compact code for that. The fact that
we have inlined code is marked by mov ecx, offset instruction after
the IC call. Inlining is only enabled inside loops and in non-builtin
functions.

The generated code size increase is about 3%. This descreased the
pc-to-code cache hit rate in some of the benchmarks that trigger
GC. To compensate we now have 4 times as much entries in the cache.

Review URL: http://codereview.chromium.org/3402014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

We must also check the current context has not changed.

The bug reported by Florian.

Review URL: http://codereview.chromium.org/3410014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3291015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5433 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3143038

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5331 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Object model changes
----------------------------------------
New fixed_cow_array_map is used for the elements array of a JSObject
to mark it as COW. The JSObject's map and other fields are not
affected. The JSObject's map still has the "fast elements" bit set. It
means we can do only the receiver map check in keyed loads and the
receiver and the elements map checks in keyed stores. So introducing
COW arrays doesn't hurt performance of these operations. But note that
the elements map check is necessary in all mutating operations because
the "has fast elements" bit now means "has fast elements for reading".
EnsureWritableFastElements can be used in runtime functions to perform
the necessary lazy copying.

Generated code changes
----------------------------------------
Generic keyed load is updated to only do the receiver map check (this
could have been done earlier). FastCloneShallowArrayStub now has two
modes: clone elements and use COW elements. AssertFastElements macro
is added to check the elements when necessary. The custom call IC
generators for Array.prototype.{push,pop} are updated to avoid going
to the slow case (and patching the IC) when calling the builtin should
work.

COW enablement
----------------------------------------
Currently we only put shallow and simple literal arrays in the COW
mode. This is done by the parser.

Review URL: http://codereview.chromium.org/3144002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This change changes the lazy compilation stub to a builtin and
eliminates the argc (argument count for the function for which to
create a lazy stub) parameter.

Review URL: http://codereview.chromium.org/3146008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

I could not find a way to introduce simple yet useful assertions,
so I removed the assertions that broke tests.

The new patch just fixes the actual problem (GC triggered while raw pointers
are held in LookupResult).

Review URL: http://codereview.chromium.org/3030049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5196 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2868108

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In rare cases GC could be called from ComputeCallMiss function thus
breaking CallIC::LoadFunction.

Review URL: http://codereview.chromium.org/3047027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2928009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5071 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2982001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5049 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2860049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5044 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This change allows generating call-stubs for objects with normal (non-fast) objects in the prototype chain. StubCompiler::CheckPrototypes does ne

If the top level object is a normal object the stub is stored in its prototype map.

Lookup result of type NORMAL is not covered (since the normal stub currently doesn't check the prototype chain).
Review URL: http://codereview.chromium.org/2801018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5010 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

be in a register anymore. Code also updated to use the bitfield
instructions when available.  This is a commit of
http://codereview.chromium.org/2845003/show for Rodolph Perfetta.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also edited ic-ia32.cc for clarity and better formatting.

Review URL: http://codereview.chromium.org/2853003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This speeds up constructs like this: 
var zz='replace'; '123'[zz]('3','4');

Review URL: http://codereview.chromium.org/2280007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

As most of call IC code is tied to a context anyway we can save a few dependent loads by having a direct reference to an initial map of a global function.

Review URL: http://codereview.chromium.org/2239009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4802 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Refactor GenerateLoadInterceptor, removing LoadInterceptorCompiler class and CompileLoadInterceptor static function.
All platforms (x64, ia32, and ARM) changed.
Review URL: http://codereview.chromium.org/2251003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4747 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2279005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4740 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

These string methods can be composed from two basic blocks: charCodeAt
and fromCharCode, both of which have fast cases for certain types of
inputs. In this patch these two blocks are refactored to allow
generating the fast cases without having to jump around the slow
cases. In the slow cases since they can now be invoked both from
inline runtime functions and from IC stubs we either have to
save/restore state of the current frame or enter/leave a new internal
frame. This is handled by new RuntimeCallHelper interface. Its
implementation for virtual frame is based on FrameRegisterState class
extracted from DeferredCode class.

Review URL: http://codereview.chromium.org/2087009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

1) do not push receiver early---that simplifies tail call preparation
on ia32/x64 and renders special cleanup unnecessary;
2) do not do second map check if interceptor's and cached holder
are the same;
3) do not push/pop receiver if receiver and holder registers are the same
(means that receiver is interceptor's holder);
4) do batch pushes on arm;
5) minor cosmetic improvements.

Review URL: http://codereview.chromium.org/2282001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4732 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2124021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4717 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Previously the receier was passed in both r0 and on the stack for a load IC. With this change the receiver is in r0 only.
Review URL: http://codereview.chromium.org/2119007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4681 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The port to ARM of a tail call wrongly kept the scheme of pushing below the return address.

TBR=antonm@chromium.org
Review URL: http://codereview.chromium.org/2091013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4679 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The calling convention for keyed store IC on ARM is changed to receive the arguments value, key and receiver in registers r0, r1 and r2 instead of on the stack. When calling keyed store IC with a virtual frame the arguments are passed through the virtual frame and consumed by the call.

Changed the register usage in the IC code to postpone spilling the registers holding value, key and receiver to the stack until making  a call into the runtime system.

Runs all the tests with: 

  --special-command="@ --nofull-compiler"
  --special-command="@ --always-full-compiler"
  --special-command="@ --noenable-vfp3"
Review URL: http://codereview.chromium.org/2116003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4668 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Chromium build.

v8.gyp no longer sets any V8_TARGET_ARCH_* macro on the Mac. Instead, the
proper V8_TARGET_ARCH_* macro will be set by src/globals.h in the same way as
the V8_HOST_ARCH_* macro when it detects that no target macro is currently
defined. The Mac build will attempt to compile all ia32 and x86_64 .cc files.
#ifdef guards in each of these target-specific source files prevent their
compilation when the associated target is not selected. For completeness,
these #ifdef guards are also provided for the arm and mips .cc files.

BUG=706
TEST=x86_64 Mac GYP/Xcode-based Chromium build (still depends on other changes)
Review URL: http://codereview.chromium.org/2133003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The flag SIZE_IN_WORDS indicate that the requested size is in words and not in bytes, The default is to specify the size in bytes.
Review URL: http://codereview.chromium.org/2047002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The calling convention for keyed load IC's on ARM now passes the key and receiver in registers r0 and r1.

The code path in the ARM full compiler for handling keyed property load now has the same structure as for ia32 where the keyed load IC is also called with key end receiver in registers.

This change have been tested with an exhaustive combinations of the flags

  --special-command="@ --nofull-compiler"
  --special-command="@ --always-full-compiler"
  --special-command="@ --noenable-vfp3"

to the test runner.
Review URL: http://codereview.chromium.org/2024002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

 * All generators are listed in a single place.
 * Generators are installed as a separate pass in the bootstrapper.
 * Replaced pointers to generator functions with integer ids.

Review URL: http://codereview.chromium.org/1981002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4606 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The calling convention for keyed load IC is changed to have the key passed both in a register (r0) and on the stack.

Next steps will be first to remove the key from the stack and then pass the receiver in a register (r1).
Review URL: http://codereview.chromium.org/1937003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Changing string length field  type from int to SMI. It will make it be a regular field. Code generated in EmitNamedLoad could be patched for faster access to string.length.

Review URL: http://codereview.chromium.org/1706013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4581 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

http://code.google.com/p/v8/source/detail?r=4503 added this functionality to ia32.

Review URL: http://codereview.chromium.org/1694018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4549 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/1650011


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

is both on top of the stack and also in r0.  This makes
sense because the receiver is usually in r0 anyway.  We may
remove it from the stack later.  Also removes some spilled
scopes from the code generator allowing it to keep expression
temporaries in registers more.
Review URL: http://codereview.chromium.org/1751019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4518 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When flag --naive-counters was used this code trashed r1 which is actually live.
Review URL: http://codereview.chromium.org/1725009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4508 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/1694016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4501 ce2b1a6d-e550-0410-aec6-3dcde31c8c00