Second attempt: Improve our type feedback by recogizining never-executed IC calls for binary operations.

This is an improved version of my earlier change r5970. It avoids degrading the
non-optimized code.

Initially we emit a conditional branch that is either always- or never-taken
after a smi-check (depending on whether we test for smi for for non-smi)
Since test-eax always sets the carry-flag to 0 we use jump-if-carry and
jump-if-not-carry.

The first invocation of the stub patches a jc with a jz and
jnc with a jnz-instruction so that the code looks exactly as it was
without patching. The only difference is the test- or nop-instruction
after the IC-call.

Review URL: http://codereview.chromium.org/5763004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6030 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/5717005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Original change: http://codereview.chromium.org/5733004/

When we have inlined smi code can transition to heap number state before going to the generic state. Without inlined smi code the behaviour is unchanged.

Review URL: http://codereview.chromium.org/5689005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5975 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In the case of inlined smi code in non-optimzied code we could not 
distinguish between the smi-only case and the case that the operation was
never executed.

With this change the first execution of a binary operation always jumps
to the stub which in turn patches the smi-check into the correct
conditional branch, so that we benefit from inlined smi code after the
first invocation.

A nop instruction after the call to the BinaryOpIC indicates that no
smi code was inlined. A "test eax" instruction says that there was smi
code inlined and encodes the delta to the patch site and the condition
code of the branch at the patch site to restore the original jump.

Review URL: http://codereview.chromium.org/5714001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5970 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5922 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5921 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The code in utils.h can be reused outside of v8 propert, as long as the
propert ASSERT macros are defined.

Review URL: http://codereview.chromium.org/4485001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5772 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3537003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5569 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=https://bugs.webkit.org/show_bug.cgi?id=46689

Review URL: http://codereview.chromium.org/3520006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5553 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Contextual load requires only a map check followed by a cell hole
check so we can generate pretty compact code for that. The fact that
we have inlined code is marked by mov ecx, offset instruction after
the IC call. Inlining is only enabled inside loops and in non-builtin
functions.

The generated code size increase is about 3%. This descreased the
pc-to-code cache hit rate in some of the benchmarks that trigger
GC. To compensate we now have 4 times as much entries in the cache.

Review URL: http://codereview.chromium.org/3402014

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5497 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Loading from out-of-range has to go to the runtime system to check if there
exists a property with that index in the prototype.

Review URL: http://codereview.chromium.org/3410011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5471 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3141022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5362 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Object model changes
----------------------------------------
New fixed_cow_array_map is used for the elements array of a JSObject
to mark it as COW. The JSObject's map and other fields are not
affected. The JSObject's map still has the "fast elements" bit set. It
means we can do only the receiver map check in keyed loads and the
receiver and the elements map checks in keyed stores. So introducing
COW arrays doesn't hurt performance of these operations. But note that
the elements map check is necessary in all mutating operations because
the "has fast elements" bit now means "has fast elements for reading".
EnsureWritableFastElements can be used in runtime functions to perform
the necessary lazy copying.

Generated code changes
----------------------------------------
Generic keyed load is updated to only do the receiver map check (this
could have been done earlier). FastCloneShallowArrayStub now has two
modes: clone elements and use COW elements. AssertFastElements macro
is added to check the elements when necessary. The custom call IC
generators for Array.prototype.{push,pop} are updated to avoid going
to the slow case (and patching the IC) when calling the builtin should
work.

COW enablement
----------------------------------------
Currently we only put shallow and simple literal arrays in the COW
mode. This is done by the parser.

Review URL: http://codereview.chromium.org/3144002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5275 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Modify polymorphic keyed load IC stub to load cached properties from the property array of a fast-case JSObject.
Review URL: http://codereview.chromium.org/3053042

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5175 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/3046006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5105 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The IC stub is completely generic, so there will only be one such stub
in the system.

Added a new overloaded version of the macro assembler RecordWrite
method for cases where we have the address we store to computed up
front.

Review URL: http://codereview.chromium.org/2804029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4991 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Similar or duplicate checks are scattered around the code before doing the dictionary load. 
Also the entire branch in GenerateCallNormal that handles global/builtin receiver is 
guaranteed to bail out from GenerateDictionaryLoad, so there is no point in generating it at all.

The purpose of the patch is:
- making C++ code more compact and transparent,
- not generating dead code. 

There is a tiny performance gain. The patch is ia32 only for now.

Please tell me if I am missing anything.


Review URL: http://codereview.chromium.org/2801007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4926 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also edited ic-ia32.cc for clarity and better formatting.

Review URL: http://codereview.chromium.org/2853003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4873 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This should make access faster for arrays of functions.

Review URL: http://codereview.chromium.org/2754003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2701003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4806 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This speeds up constructs like this: 
var zz='replace'; '123'[zz]('3','4');

Review URL: http://codereview.chromium.org/2280007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4804 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Add test_b(Operand, immediate) to ia32 assembler, and use it where possible.  Improve comparison to a constant one-character string.  Use CmpInstanceType in more places on ia32.  Add IsObjectJSObjectType and IsInstanceJSObjectType to ia32 macro assembler, using a single branch for a range test.
Review URL: http://codereview.chromium.org/2586001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4795 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2470001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4787 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

The generic keyed load stub was missing converting string keys to numberign keys and lookup in the keyed lookup cache. This is now added together with an additional counter on all platforms.
Review URL: http://codereview.chromium.org/2441002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/2330003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4759 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reapply r4715 with fixes reviewed in http://codereview.chromium.org/2276002.

Review URL: http://codereview.chromium.org/2255004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

These string methods can be composed from two basic blocks: charCodeAt
and fromCharCode, both of which have fast cases for certain types of
inputs. In this patch these two blocks are refactored to allow
generating the fast cases without having to jump around the slow
cases. In the slow cases since they can now be invoked both from
inline runtime functions and from IC stubs we either have to
save/restore state of the current frame or enter/leave a new internal
frame. This is handled by new RuntimeCallHelper interface. Its
implementation for virtual frame is based on FrameRegisterState class
extracted from DeferredCode class.

Review URL: http://codereview.chromium.org/2087009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2274001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4723 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

- New сardmarking write barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).
- Changes to enable oldspaces iteration without maps decoding:
-- layout change for FixedArrays: length is stored as a smis (initial patch by
Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on
arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not
computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special
way.

Review URL: http://codereview.chromium.org/2144006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2073018

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4704 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reapplication of r4685 (reviewed http://codereview.chromium.org/2101002) with minor modifications:

- Fix compilation problems on Win64.
- Improve heap verification pass: search for garbage pointers to new space not only in dirty regions but in all regions.

Review URL: http://codereview.chromium.org/2114015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4703 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=ager@chromium.org
Review URL: http://codereview.chromium.org/2071020

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4688 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

-- layout change for FixedArrays: length is stored as a smis (initial patch by Kevin Millikin)
-- layout change for SharedFunctionInfo: integer fields are stored as smi on arm, ia32 and rearranged on x64.
-- layout change for String: meaning of LSB bit is fliped (1 now means hash not computed); on x64 padding is added.
-- layout of maps is _not_ changed. Map space is currently iterated in a special way.
- Cardmarking write barrier. New barrier handles large objects and normal objects in a similar fashion (no more additional space for pointer tracking is required, no conditional branches in WB code).

Review URL: http://codereview.chromium.org/2101002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4685 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Chromium build.

v8.gyp no longer sets any V8_TARGET_ARCH_* macro on the Mac. Instead, the
proper V8_TARGET_ARCH_* macro will be set by src/globals.h in the same way as
the V8_HOST_ARCH_* macro when it detects that no target macro is currently
defined. The Mac build will attempt to compile all ia32 and x86_64 .cc files.
#ifdef guards in each of these target-specific source files prevent their
compilation when the associated target is not selected. For completeness,
these #ifdef guards are also provided for the arm and mips .cc files.

BUG=706
TEST=x86_64 Mac GYP/Xcode-based Chromium build (still depends on other changes)
Review URL: http://codereview.chromium.org/2133003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4666 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/1990012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

http://compute1.aar:9013/golem/r4502-v8-podivilov-string-char-at2-x64-vs-4502-v8-x64.html
Review URL: http://codereview.chromium.org/1750017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4542 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

(Fixed handling of out-of-bounds keys.)

String keyed load used to call STRING_CHAR_AT builtin that performs
two steps (get a char code, construct a one-char string from the
code), both of which have fast cases implemented as inline runtime
functions. In this chage most of the code from these functions is
extracted to a set of common generator functions in StringStubBase and
the fast cases are grouped together in the IC code.

Review URL: http://codereview.chromium.org/1582041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/1633024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4445 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

String keyed load used to call STRING_CHAR_AT builtin that performs
two steps (get a char code, construct a one-char string from the
code), both of which have fast cases implemented as inline runtime
functions. In this chage most of the code from these functions is
extracted to a set of common generator functions in StringStubBase and
the fast cases are grouped together in the IC code.

Review URL: http://codereview.chromium.org/1539039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00