This avoid leaking memory because optimized code may hold on to maps
from different tabs otherwise.

BUG=v8:1823, 102895
Review URL: http://codereview.chromium.org/8892002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10257 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/8111006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8399032

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9837 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Also, handlify functions for loading with interceptors and callbacks.
Remove some unneeded code.  Rename Foreign::address() because it
confusingly shadows HeapObject::address() which does something quite
different.

R=vegorov@chromium.org,ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8391045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8390045

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9803 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Handlified functions: CompileStoreField, CompileStoreGlobal, CompileStoreElement, CompileStorePolymorphic.

Based on 8375053.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8393003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9791 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8375053

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Handlified functions: CompileLoadNonexistent, CompileLoadField,
CompileLoadConstant, CompileLoadArrayLength, CompileLoadStringLength,
CompileLoadFunctionPrototype.

R=kmillikin@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8383033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9773 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This function relies on a number of helpers for checking prototypes and
probing dictionaries.  It is not possible to wrap these helpers to retry
after allocation failure in a safe way---the assembler has no way to undo
what it has already assembled.

These functions have all been duplicated with handle and raw versions.  The
raw versions will eventually be removed completely.

R=ulan@chromium.org,vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8332003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9769 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Handlify StubCompiler functions for CallIC and KeyedCallIC cases
Megamorphic, Arguments, DebugBreak, and DebugPrepareStepIn.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8372029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9750 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

These cases turn out to be easy.  There is a lingering raw pointer
implementation of TryCompileCallMiss because it's need by some of the
unconverted call stubs.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8366036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9749 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: http://codereview.chromium.org/8356041

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9741 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

CallIC::GenerateInitialize and KeyedCallIC::GenerateInitialize are
verified safe for GC.

R=ulan@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8361028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org,vegorov@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/8357010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9729 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: http://codereview.chromium.org/8356039

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9727 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: http://codereview.chromium.org/8352003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: http://codereview.chromium.org/8341008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9692 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

BUG=
TEST=

Review URL: http://codereview.chromium.org/8337008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9680 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/8233011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/8166017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9577 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Activated by the flag --smi-only-arrays

Currently not crankshaft support, using flag on non-ia32 platforms will lead to write barrier misses and crashes.

BUG=none
TEST=elements_kind.js

Review URL: http://codereview.chromium.org/7901016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9392 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

We passed this flag around in a lot of places and had differenc call
ICs based on it, but never did any real specialization based on its
value.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7869009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9260 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Use the BitField helper class for the code flags, so that we do not have to
define both a shift and a mask explicitly.  This makes changing the flags
layout simpler.

Also, make the 'mask' and 'max' members of BitField into constants, because
they are constant and so that they can be used as constant expressions.
E.g., so they can be used in declaring other const members or in static
asserts.

R=fschneider@chromium.org
BUG=
TEST=

Review URL: http://codereview.chromium.org/7787028

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9232 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=svenpanne@chromium.org
BUG=none
TEST=all

Review URL: http://codereview.chromium.org/7849017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9208 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

making our debug binaries ever so slightly faster

Review URL: http://codereview.chromium.org/7776010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9057 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Some AST nodes (Property, Call, etc.) store either a list of receiver
types or a monomorphic receiver type. This patch merges the two fields
using a small pointer list. GetMonomorphicReceiverType() is now a
purely convenience function returning the first and only recorded
type.

This saves about 500K (of about 39M) on average when compiling V8
benchmark as measured by a simple patch adding a zone allocation
counter (https://gist.github.com/1149397).

R=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/7655017

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Implemented on ia32, x64, ARM. Stubbed out with UNIMPLEMENTED on MIPS.

BUG=none
TEST=unbox-double-arrays.js

Review URL: http://codereview.chromium.org/7307030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

In the process, add shared stubs for DictionaryValue lookups that are handled in the same way as fast elements and external array elements.

Includes code for MIPS, which compiles and run polymorph-arrays.js successfully.

R=jkummerow@chromium.org
BUG=none
TEST=test/mjsunit/polymorph-arrays.js

Review URL: http://codereview.chromium.org/7227010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8579 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/7187007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8315 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This reverts commit ceb31498b9d69edca3260820fb4047045891ce6d.

TBR=kmillikin@chromium.org

Review URL: http://codereview.chromium.org/7172030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8308 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/7167006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8300 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ager@chromium.org
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7044083

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8253 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Dispatch on ElementsKind rather than ExternalArrayType when generating ICs and Crankshaft code for many element operations. This is preparation to be able to share more code in the various element accessor implementations.

Merge logic to maintain external array and fast element stub caches.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7112010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8244 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Make the call kind and call wrapper arguments explicit to force
developers to make a choice. This would have avoided the bug in the
first case.

R=fschneider@chromium.org
TEST=mjsunit/strict-mode-implicit-receiver.js

Review URL: http://codereview.chromium.org/7086029

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8109 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Only IA32 version for now. I'll start porting.

Strict mode functions are to get 'undefined' as the receiver when
called with an implicit receiver. Modes are bad! It forces us to have
checks on all function calls.

This change attempts to limit the cost by passing information about
whether or not a call is with an implicit or explicit receiver in ecx
as part of the calling convention. The cost is setting ecx on all
calls and checking ecx on entry to strict mode functions.

Implicit/explicit receiver state has to be maintained by ICs. Various
stubs have to not clobber ecx or save and restore it.

CallFunction stub needs to check if the receiver is implicit when it
doesn't know from the context.

Review URL: http://codereview.chromium.org/7039036

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8040 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Review URL: http://codereview.chromium.org/7062003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7993 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Better support for 'polymorphic' JS and external arrays

Allow  keyed store/load stubs to switch between external array and fast JS arrays without forcing a state transition to the generic stub.

There CL consists of two pieces of functionality. First, code stubs for fast element arrays don't immediately transition to the MEGAMORPHIC state when there's a map mismatch. Second, two ICs are cached per map for fast elements, the MONOMORPHIC version, and a new MEGAMORPHIC version that handles two or more different maps and dispatches to shared stubs to perform the array operation.

Review URL: http://codereview.chromium.org/7036016

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7935 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

TBR=danno@chromium.org

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7918 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Allow  keyed store/load stubs to switch between external array and fast JS arrays without forcing a state transition to the generic stub.

There CL consists of two pieces of functionality. First, code stubs for fast element arrays don't immediately transition to the MEGAMORPHIC state when there's a map mismatch. Second, two ICs are cached per map for fast elements, the MONOMORPHIC version, and a new MEGAMORPHIC version that handles two or more different maps. Currently, the only array types supported by the MEGAMORPHIC stub are fast elements for objects and JSArrays.

BUG=
TEST=

Review URL: http://codereview.chromium.org/6894003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7917 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

header which uses BASE_EMBEDDED and/or AllStatic. Note that still only
45 out of 135 headers in src/ can be used stand-alone, but at least
this is a little bit more than before...
Review URL: http://codereview.chromium.org/6931031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7798 ce2b1a6d-e550-0410-aec6-3dcde31c8c00