The number of inobject properties used to be derived from the number
of this property assignments in the constructor (and increased by 2 to
allow for properties added later). This very often leads to wasted inobject 
slots.

This patch reclaims some of the unused inobject space by the following method:
 - for each constructor function the first several objects are allocated using the initial 
   ("generous) instance size estimation (this is called 'tracking phase').
 - during the tracking phase map transitions are tracked and actual property counts are collected.
 - at the end of the tracking phase instance sizes in the maps are decreased if necessary
   (starting with the function's initial map and traversing the transition tree).
 - all further allocation use more realistic instance size estimation.

Shrinking generously allocated objects without costly heap traversal is made possible 
by initializing their inobject properties with one_pointer_filler_map (instead of undefined). 

The initial slack for the generous allocation is increased from 2 to 6 which really helps some tests.

Review URL: http://codereview.chromium.org/3329019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Remove dependence of code-stubs on codegen, the virtual frame code generator.  Move some functions used by code-stubs and full-codegen from codegen to macro-assembler.
Review URL: http://codereview.chromium.org/3169049

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5370 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3211002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5357 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

a dummy receiver that we end up ignoring anyway.
Review URL: http://codereview.chromium.org/3136032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5335 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

instruction.

By changing the pointer to the code object to a pointer to the first
instruction we can call directly this instruction directly instead of
looking up the address through the code object.

Review URL: http://codereview.chromium.org/3156028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5309 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This change changes the lazy compilation stub to a builtin and
eliminates the argc (argument count for the function for which to
create a lazy stub) parameter.

Review URL: http://codereview.chromium.org/3146008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

in allowing more flexible compilation and to simplify builtins lookup. 

This changes a number of places where code objects are assigned to
SharedFunctionInfo objects to also assign this code object to the
JSFunction. In addition, the code flushing is changed slightly to
accomodate this (we need to flush the code from functions pointing to
SharedFunctionInfo objects that has already been flushed).


Review URL: http://codereview.chromium.org/3120006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5233 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add test_b(Operand, immediate) to ia32 assembler, and use it where possible.  Improve comparison to a constant one-character string.  Use CmpInstanceType in more places on ia32.  Add IsObjectJSObjectType and IsInstanceJSObjectType to ia32 macro assembler, using a single branch for a range test.
Review URL: http://codereview.chromium.org/2586001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reapply r4715 with fixes reviewed in http://codereview.chromium.org/2276002.

Review URL: http://codereview.chromium.org/2255004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2274001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

- New сardmarking write barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).
- Changes to enable oldspaces iteration without maps decoding:
-- layout change for FixedArrays: length is stored as a smis (initial patch by
Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on
arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not
computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special
way.

Review URL: http://codereview.chromium.org/2144006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2073018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reapplication of r4685 (reviewed http://codereview.chromium.org/2101002) with minor modifications:

- Fix compilation problems on Win64.
- Improve heap verification pass: search for garbage pointers to new space not only in dirty regions but in all regions.

Review URL: http://codereview.chromium.org/2114015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2071020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

-- layout change for FixedArrays: length is stored as a smis (initial patch by Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special way.
- Cardmarking write barrier. New barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).

Review URL: http://codereview.chromium.org/2101002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Chromium build.

v8.gyp no longer sets any V8_TARGET_ARCH_* macro on the Mac. Instead, the
proper V8_TARGET_ARCH_* macro will be set by src/globals.h in the same way as
the V8_HOST_ARCH_* macro when it detects that no target macro is currently
defined. The Mac build will attempt to compile all ia32 and x86_64 .cc files.
#ifdef guards in each of these target-specific source files prevent their
compilation when the associated target is not selected. For completeness,
these #ifdef guards are also provided for the arm and mips .cc files.

BUG=706
TEST=x86_64 Mac GYP/Xcode-based Chromium build (still depends on other changes)
Review URL: http://codereview.chromium.org/2133003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

r3995 (http://code.google.com/p/v8/source/detail?r=3995) introduce performance
regression for the case when arrat size is small (think new Array(4)).

It turns out that in those cases rep stos is slower than plain loop (apprently
due to ecx increment, but I didn't check this hypothesis.)  The next thing
to try could be direct jump into right place of long sequence of stos'es.

Review URL: http://codereview.chromium.org/2082006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4664 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=sgjesse@chromium.org

Review URL: http://codereview.chromium.org/2033009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

When Array(0) or new Array(0) is handled by the generated code it is handled
by the same code as Array() and new Array(). For this to work the stack is
tweaked to remove the argument of value 0. However the argc was still passed
as 1 if a call to the runtime system was made.

When the stack is tweaked argc is also changed to 0.

BUG=634
TEST=test/mjsunittest/mjsunit/regress/regress-634.js
Review URL: http://codereview.chromium.org/668155

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/661245

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/601080

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3895 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix for issue 603.

Revision r3484 removed the property name from the call stack for
call ICs.  When a non-function was called via a call IC and
Function.prototype.call, an extra value was left on the stack that the
caller could not know to clean up.

Fix is to change the JS builtin used for calling non-functions.  It
now gets the callee as receiver, rather than iterating stack frames
and finding it on the expression stack of its JS caller.

Review URL: http://codereview.chromium.org/604064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

in particular).

  * Called function is passed on the stack instead of
    using a static variable.

  * Builtins that don't need the called function don't
    get it.

  * Made is_construct statically known to HandleApiCall
    by setting custom construct stub for API functions.

Review URL: http://codereview.chromium.org/536065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/501113

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3493 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

property name in a register rather than on the stack below the
receiver and arguments.

Implemented only for IA32, passing the name in the ecx register to
match the calling convention of the load ICs.

Review URL: http://codereview.chromium.org/502028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3484 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also move a function into the macro assembler.
Fix some *& placement errors that had accumulated.
Review URL: http://codereview.chromium.org/385069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3293 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In the generated code for function.apply there was a loop checking the stack limit for interruption. This loop would call into the runtime system to handle interuption and keep running until there was no interruption. However if the interuption was debug break the runtime system would never clear the interruption as debug break is prevented in builtins are prevented and the assumption here was that returning with the debug break flag set would move execution forward.

Renamed initial_jslimit and initial_climit to real_jslimit and real_climit. Renamed a few external references related to the stack limit as well.

Exposed the real stack limit to generated code to make the stack check when entering function.apply use the real stack limit and not the stack limit which is changed to signal interruption.

Added the real stack limit to the roots array.

BUG=http://code.google.com/p/v8/issues/detail?id=493
TEST=cctest/test-debug/DebugBreakFunctionApply
Review URL: http://codereview.chromium.org/345048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3229 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/345007


git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3164 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/338017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

These functions just moves forward the new space allocation top, and in some situations they are used to reserve space for several objects.
Review URL: http://codereview.chromium.org/219030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/218025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2979 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Ported the handle array construction in native code to x64. See http://codereview.chromium.org/193125 for details.

Please take a closer look of my use of the macro assembler Smi abstractions.
Review URL: http://codereview.chromium.org/209048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2960 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Named a constant and added an assert to get notified when related constants
change.

Removed reloading of the Array function when Array is called as a constructor as
the Array function is preserved in edi.

This - unlike r2908 and r2909 - both compiles and passes the tests.
Review URL: http://codereview.chromium.org/209012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2940 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2910 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Why even compile simple changes?

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/209011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2909 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Named a constant and added an assert to get notified when related constants change.

Removed reloading of the Array function when Array is called as a constructor as the Array function is preserved in edi.
Review URL: http://codereview.chromium.org/207010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2908 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The construction of arrays when using the the Array function either as a constructor or a normal function is now handled fully in generated code in most cases. Only when Array is called with one argument which is either negative or abowe JSObject::kInitialMaxFastElementArray (which is currently 1000) or if the allocated object cannot fit in the room left in new space is the runtime system entered.

Two new native code built-in functions are added one for normal invocation and one for the construct call. The existing C++ builtin is renamed, but kept. When the normal invocation cannot be handled in generated code the C++ builtin is called. When the construct invocation cannot be handled in native code the generic construct stub is called (which will end up in the C++ builtin through a construct trampoline).

One thing that might be changed is preserving esi (constructor function) during the handling of a construct call. We know precisily what function we where calling anyway and can just reload it. This could remove the parameter construct_call to ArrayNativeCode and remove the handling of this from that function.

The X64 and ARM implementations are not part of this changelist.
Review URL: http://codereview.chromium.org/193125

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2899 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Removed bogus ASSERTs from Intel macro assemblers.

Added a debug mode generated code assert to allocation code.
Review URL: http://codereview.chromium.org/199044

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Objects which require an additional fixed array to be allocated now have this allocated in generated code as well. Added allocation flags to the macro assembler new space allocation routines.

Changed the ia32 and x64 macro assemblers to take allocation flags to the allocation routines instead of boolean flag.
Review URL: http://codereview.chromium.org/201015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2832 ce2b1a6d-e550-0410-aec6-3dcde31c8c00