This patch much improves our tracking of whether function is...

src/ic.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 20 matching lines @@
 #include "api.h"
 #include "arguments.h"
 #include "execution.h"
 #include "ic-inl.h"
 #include "runtime.h"
 #include "stub-cache.h"
 
 namespace v8 { namespace internal {
 
 #ifdef DEBUG
-static char TransitionMarkFromState(IC::State state) {
+static const char TransitionMarkFromState(IC::State state) {
   switch (state) {
     case UNINITIALIZED: return '0';
-    case UNINITIALIZED_IN_LOOP: return 'L';
     case PREMONOMORPHIC: return 'P';
     case MONOMORPHIC: return '1';
     case MONOMORPHIC_PROTOTYPE_FAILURE: return '^';
     case MEGAMORPHIC: return 'N';
 
     // We never see the debugger states here, because the state is
     // computed from the original code - not the patched code. Let
     // these cases fall through to the unreachable code below.
     case DEBUG_BREAK: break;
     case DEBUG_PREPARE_STEP_IN: break;
   }
   UNREACHABLE();
   return 0;
 }
 
 void IC::TraceIC(const char* type,
                  Handle<String> name,
                  State old_state,
-                 Code* new_target) {
+                 Code* new_target,
+                 const char* extra_info) {
   if (FLAG_trace_ic) {
     State new_state = StateFrom(new_target, Heap::undefined_value());
-    PrintF("[%s (%c->%c) ", type,
+    PrintF("[%s (%c->%c)%s", type,
            TransitionMarkFromState(old_state),
-           TransitionMarkFromState(new_state));
+           TransitionMarkFromState(new_state),
+           extra_info);
     name->Print();
     PrintF("]\n");
   }
 }
 #endif
 
 
 IC::IC(FrameDepth depth) {
   // To improve the performance of the (much used) IC code, we unfold
   // a few levels of the stack frame iteration code. This yields a
@@ skipping 140 matching lines @@
     case Code::STORE_IC: return StoreIC::Clear(address, target);
     case Code::KEYED_STORE_IC: return KeyedStoreIC::Clear(address, target);
     case Code::CALL_IC: return CallIC::Clear(address, target);
     default: UNREACHABLE();
   }
 }
 
 
 void CallIC::Clear(Address address, Code* target) {
   State state = target->ic_state();
-  if (state == UNINITIALIZED || state == UNINITIALIZED_IN_LOOP) return;
-  Code* code = StubCache::FindCallInitialize(target->arguments_count());
+  InlineCacheInLoop in_loop = target->ic_in_loop();
+  if (state == UNINITIALIZED) return;
+  Code* code =
+      StubCache::FindCallInitialize(target->arguments_count(), in_loop);
   SetTargetAtAddress(address, code);
 }
 
 
 void KeyedLoadIC::Clear(Address address, Code* target) {
   if (target->ic_state() == UNINITIALIZED) return;
   // Make sure to also clear the map used in inline fast cases.  If we
   // do not clear these maps, cached code can keep objects alive
   // through the embedded maps.
   ClearInlinedVersion(address);
@@ skipping 142 matching lines @@
 void CallIC::UpdateCaches(LookupResult* lookup,
                           State state,
                           Handle<Object> object,
                           Handle<String> name) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   // Compute the number of arguments.
   int argc = target()->arguments_count();
+  InlineCacheInLoop in_loop = target()->ic_in_loop();
   Object* code = NULL;
 
   if (state == UNINITIALIZED) {
     // This is the first time we execute this inline cache.
     // Set the target to the pre monomorphic stub to delay
     // setting the monomorphic state.
-    code = StubCache::ComputeCallPreMonomorphic(argc);
+    code = StubCache::ComputeCallPreMonomorphic(argc, in_loop);
   } else if (state == MONOMORPHIC) {
-    code = StubCache::ComputeCallMegamorphic(argc);
+    code = StubCache::ComputeCallMegamorphic(argc, in_loop);
   } else {
     // Compute monomorphic stub.
     switch (lookup->type()) {
       case FIELD: {
         int index = lookup->GetFieldIndex();
-        code = StubCache::ComputeCallField(argc, *name, *object,
+        code = StubCache::ComputeCallField(argc, in_loop, *name, *object,
                                            lookup->holder(), index);
         break;
       }
       case CONSTANT_FUNCTION: {
         // Get the constant function and compute the code stub for this
         // call; used for rewriting to monomorphic state and making sure
         // that the code stub is in the stub cache.
         JSFunction* function = lookup->GetConstantFunction();
-        code = StubCache::ComputeCallConstant(argc, *name, *object,
+        code = StubCache::ComputeCallConstant(argc, in_loop, *name, *object,
                                               lookup->holder(), function);
         break;
       }
       case NORMAL: {
         // There is only one shared stub for calling normalized
         // properties. It does not traverse the prototype chain, so the
         // property must be found in the receiver for the stub to be
         // applicable.
         if (!object->IsJSObject()) return;
         Handle<JSObject> receiver = Handle<JSObject>::cast(object);
         if (lookup->holder() != *receiver) return;
-        code = StubCache::ComputeCallNormal(argc, *name, *receiver);
+        code = StubCache::ComputeCallNormal(argc, in_loop, *name, *receiver);
         break;
       }
       case INTERCEPTOR: {
         code = StubCache::ComputeCallInterceptor(argc, *name, *object,
                                                  lookup->holder());
         break;
       }
       default:
         return;
     }
   }
 
   // If we're unable to compute the stub (not enough memory left), we
   // simply avoid updating the caches.
   if (code->IsFailure()) return;
 
   // Patch the call site depending on the state of the cache.
-  if (state == UNINITIALIZED || state == UNINITIALIZED_IN_LOOP ||
+  if (state == UNINITIALIZED ||
       state == PREMONOMORPHIC || state == MONOMORPHIC ||

[Kevin Millikin (Chromium), 2009/05/25 11:00:42]

One disjunct per line?

       state == MONOMORPHIC_PROTOTYPE_FAILURE) {
     set_target(Code::cast(code));
   }
 
 #ifdef DEBUG
-  TraceIC("CallIC", name, state, target());
+  TraceIC("CallIC", name, state, target(), in_loop ? " (in-loop)" : "");
 #endif
 }
 
 
 Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) {
   // If the object is undefined or null it's illegal to try to get any
   // of its properties; throw a TypeError in that case.
   if (object->IsUndefined() || object->IsNull()) {
     return TypeError("non_object_property_load", object, name);
   }
@@ skipping 617 matching lines @@
 //
 
 // Used from ic_<arch>.cc.
 Object* CallIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 2);
   CallIC ic;
   IC::State state = IC::StateFrom(ic.target(), args[0]);
   Object* result =
       ic.LoadFunction(state, args.at<Object>(0), args.at<String>(1));
-  if (state != UNINITIALIZED_IN_LOOP || !result->IsJSFunction())
+
+  // The first time the inline cache is updated may be the first time the
+  // function it references gets called.  If the function was lazily compiled
+  // then the first call will trigger a compilation.  We check for this case
+  // and we do the compilation immediately, instead of waiting for the stub
+  // currently attached to the JSFunction object to trigger compilation.  We
+  // do this in the case where we know that the inline cache is inside a loop,
+  // because then we know that we want to optimize the function.
+  if (!result->IsJSFunction() || JSFunction::cast(result)->is_compiled()) {
     return result;
+  }
 
-  // Compile the function with the knowledge that it's called from
-  // within a loop. This enables further optimization of the function.
+  // Compile now with optimization.
   HandleScope scope;
   Handle<JSFunction> function = Handle<JSFunction>(JSFunction::cast(result));
-  if (!function->is_compiled()) CompileLazyInLoop(function, CLEAR_EXCEPTION);
+  InlineCacheInLoop in_loop = ic.target()->ic_in_loop();
+  if (in_loop) {

[Kevin Millikin (Chromium), 2009/05/25 11:00:42]

if (in_loop == IN_LOOP) ....

+    CompileLazyInLoop(function, CLEAR_EXCEPTION);
+  } else {
+    CompileLazy(function, CLEAR_EXCEPTION);
+  }
   return *function;
 }
 
 
 void CallIC::GenerateInitialize(MacroAssembler* masm, int argc) {
   Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
 }
 
 
 void CallIC::GeneratePreMonomorphic(MacroAssembler* masm, int argc) {
@@ skipping 129 matching lines @@
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal