This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.
Bug: v8:7424
Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
Reviewed-on: https://chromium-review.googlesource.com/958520
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52361}
We sometimes allow allocation to fail and return a null Handle in that
case (e.g. for grow_memory). This refactors this code to return a
MaybeHandle instead, to document that allocation might fail and to force
the caller to handle this.
R=mstarzinger@chromium.org
Change-Id: Ia3ba65f840cfb1cf93e8dbd508a17375c19bae58
Reviewed-on: https://chromium-review.googlesource.com/995438
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52358}
The first GC will collect dead JSArrayBuffers, but the release of the
underlying JSArrayBuffer::Allocations might be delayed. Hence, a second
GC might be needed.
R=ulan@chromium.org
Bug: v8:7621
Change-Id: Iee714f05cb939bb084d064be6d31dfbab32ff4ba
Reviewed-on: https://chromium-review.googlesource.com/995533
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52357}
This is a reland of 12420537c8
Original change's description:
> [heap] fix Sweeper::kNumberOfSweepingSpaces
>
> When indexing into vectors of sweeping spaces, convert the
> AllocationSpace to an index (by subtracting FIRST_GROWABLE_PAGED_SPACE)
> to avoid wasted space at the start.
>
> Change-Id: Ia23fe6dae42d5accea9f7fe7ec5c3b303ef857b4
> Reviewed-on: https://chromium-review.googlesource.com/978242
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52320}
Change-Id: Ic8ea2d58b9d4cfe97eb8efec93df101b734d5ddd
Reviewed-on: https://chromium-review.googlesource.com/994214
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52354}
Code targets are not PC relative encoded on MIPS and are
removed from RelocInfo::kApplyMask.
Change-Id: Ie893626f38bfb7457693df34a22f5cb6bca2cd4c
Reviewed-on: https://chromium-review.googlesource.com/995435
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52353}
Before reporting coverage data, we attempt to reduce clutter by
merging nested and consecutive ranges. Nested ranges are merged, if
the child range has the same execution count as the parent range.
Sibling ranges are merged, if one sibling begins where the other ends
and execution counts are identical.
This allowed an invalid transformation in which a range with an
execution count of 1 would be merged into the parent change, but the
sibling range with identical start and end points and a count of 0
would remain, effectively deleting the covered range.
For example:
{start: 0, end: 10, count: 1},
{start: 5, end: 8, count: 1}, // It's invalid to remove this.
{start: 5, end: 8, count: 0}
The fix is to separate the parent and sibling merge passes, and
removing duplicate ranges in-between.
Bug: chromium:827530
Change-Id: Ic35eae1d4a106746570ce9cb412ed6710ef6da53
Reviewed-on: https://chromium-review.googlesource.com/992114
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52352}
This adds support for i64 addition and subtraction.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: If7ed762091b0ebd688eb2a8cac84e59b91c8a322
Reviewed-on: https://chromium-review.googlesource.com/992316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52351}
Drive-by cleanup: remove megamorphic stub cache lookup support from generic property
store code. This lookup is no longer necessary because
1) fast stores to existing properties get all the information from the map,
2) transitioning store targets are taken directly from the transition array,
so in both cases there's no point in doing a store handler lookup.
Bug: v8:5988
Change-Id: I95c0a08e7d1a76bb0f4475a9bd685e4e11e16a48
Reviewed-on: https://chromium-review.googlesource.com/983921
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52349}
This removes the redundant weak link to the {WasmCompiledModule} from
the {CompilationState} class and instead replaces it with a normal C++
pointer back to the associated {NativeModule}. This reduces the number
of weak links back into the garbage collected heap, such links are
costly for the GC, hard to understand and maintain, and should be kept
at a minimum. Simply explicitly encoding the one-to-one relationship
between the {NativeModule} and the {CompilationState} is easier.
R=clemensh@chromium.org
Change-Id: Ib7f79bc3a89fe463f548615a918f3fa4c9feea59
Reviewed-on: https://chromium-review.googlesource.com/995274
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52348}
This reverts commit 63ecddc814.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/14773
Original change's description:
> [runtime] Remove the construct_stub field of the SFI
>
> Don't dispatch based on the construct_stub field anymore. Rather than
> read it out and jump to the construct stub, we can switch on the
> builtin_id.
>
> Builtins will always have builtin_id as a Smi, so this signals we need
> to jump to JSBuiltinsConstructStub. The only exception is for uncompiled
> functions, which will have kCompileLazy as the builtin_id, but need to
> jump to the generic stub instead.
>
> API function calls will have a FunctionTemplateInfo in the SFI
> function_data field, and need to go to the builtins stub as well.
>
> The final case is everything else, which should go to the generic stub.
>
> Bug: v8:7503
> Change-Id: I14790a5f9784dc0d940bf10a05f5310026e1d482
> Reviewed-on: https://chromium-review.googlesource.com/980941
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52345}
TBR=petermarshall@chromium.org,leszeks@chromium.org,bmeurer@chromium.org
Change-Id: I2031913ab5a12018ad932f920792aa1f6faa5e22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7503
Reviewed-on: https://chromium-review.googlesource.com/995293
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52346}
Don't dispatch based on the construct_stub field anymore. Rather than
read it out and jump to the construct stub, we can switch on the
builtin_id.
Builtins will always have builtin_id as a Smi, so this signals we need
to jump to JSBuiltinsConstructStub. The only exception is for uncompiled
functions, which will have kCompileLazy as the builtin_id, but need to
jump to the generic stub instead.
API function calls will have a FunctionTemplateInfo in the SFI
function_data field, and need to go to the builtins stub as well.
The final case is everything else, which should go to the generic stub.
Bug: v8:7503
Change-Id: I14790a5f9784dc0d940bf10a05f5310026e1d482
Reviewed-on: https://chromium-review.googlesource.com/980941
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52345}
This CL allows builtin continuations to handle pending exceptions.
This implements exception handling for the promise constructor in
case of deoptimization.
Bug: v8:7584
Change-Id: Ib5df5eb6606abb3f9690f294397981858dbdbf25
Reviewed-on: https://chromium-review.googlesource.com/983912
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52340}
This patch teaches Runtime.callFunctionOn to run evals inside its
task. This is aligned with how Runtime.evaluate works.
R=kozy
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3189beebc9020703d2b2e23a7c828a2394d43910
Reviewed-on: https://chromium-review.googlesource.com/994070
Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52339}
This reverts commit dbdede0101.
Reason for revert: Fails webkit_tests, blocks roll: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064
Original change's description:
> Implement a new spec for timezone offset calculation
>
> https://github.com/tc39/ecma262/pull/778 was recently merged
> to Ecma 262.
>
> It changes the way to convert between "local time" and UTC in such
> a way that it'd work for all timezones whether or not there has
> been any change in the timezone offset of the standard time. For
> instance, Europe/Moscow and some parts of US state of Indiana have
> changed the standard (non-DST) timezone offset a few times. The
> previous spec assumes that the the standard timezone offset is
> constant, but the new spec take into account the offset change
> history.
>
> In addition, it specifies a new way to calculate the timezone
> offset during a timezone transition (either in and
> out of DST or timezone offset shift).
>
> During a negative transition (e.g. fall backward / getting
> out of DST), repeated times are to be interpreted as if the
> offset before the transition is in effect.
>
> During a positive transition (e.g. spring forward / getting
> into DST), skipped times are to be treated similarly. That
> is, they are to be interpreted as if the offset before the
> transition is in effect.
>
> With icu-timezone-data, v8 is compliant to the new spec for the
> past and the future as well as now whether or not the standard
> timezone offset of a given timezone has changed over time
> (e.g. Europe/Moscow, Pacific/Apia). With icu-timezone-data,
> Australia/Lord_Howe (30 minute DST change) also works per spec.
>
> Without icu-timezone-data, it works only for timezones of which
> the standard timezone offset is the same as the current offset
> (e.g. most North American timezones other than parts of Indiana)
> and of which the DST shift is an hour. For instance, it doesn't work
> for Europe/Moscow in 2010 when the standard timezone offset was
> +4h because the current (2018) standard timezone offset is +3h. Neither
> does it for Lord Howe in Australia with the DST shift of 0.5 hr.
>
> This CL used to require one of the two ICU CLs below, but not
> any more.
>
> https://chromium-review.googlesource.com/c/chromium/deps/icu/+/572652
> https://chromium-review.googlesource.com/851265 (a proposed CL to the
> upstream ICU).
>
> Bug: v8:3547,chromium:417640,v8:5714
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ib162295da5bee31b2390bd0918157014aebd3e33
> Reviewed-on: https://chromium-review.googlesource.com/572148
> Commit-Queue: Jungshik Shin <jshin@chromium.org>
> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52332}
TBR=adamk@chromium.org,littledan@chromium.org,mlippautz@chromium.org,jshin@chromium.org
Change-Id: I6b3bf4427c761b106280d565a3912cd8e25cf87e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:3547, chromium:417640, v8:5714
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/994192
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52338}
This reverts commit cd1dd34f20.
Patchset 1 is the original CL that was reverted. Patchset 2 has the
fix.
TBR=bmeurer@chromium.org
Bug: v8:7611
Change-Id: I15291175ab894ef667c001e1b21b8b220e1f9b48
Reviewed-on: https://chromium-review.googlesource.com/993995
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52337}
This instance of `pragma optimize` was from long ago when we built with
frame pointers disabled. We always build with frame pointers on these
days.
(Also, clang-cl ignores this pragma and will warn about it.)
Bug: chromium:505314
Change-Id: Ia125c9c54e6ec486247241102de1cb62c72d268b
Reviewed-on: https://chromium-review.googlesource.com/993423
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52336}
This change implements the WebAssembly.Global object and constructor,
but none of the accessors or functions.
There is a new flag to enable this: --experimental-wasm-mut-global.
Change-Id: Ifeb270d57392d7ca0900c80c0038932c96ee8b61
Reviewed-on: https://chromium-review.googlesource.com/989296
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52335}
This reverts commit 0cd7468b86.
Reason for revert: Blocks v8 roll into chromium: https://crbug.com/828499
Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
>
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
>
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
>
> R=gdeepti@chromium.org
>
> Change-Id: Idf3fbcc11ac70ea2ee7eb88c2173d6a1410395e1
> Reviewed-on: https://chromium-review.googlesource.com/985142
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52310}
TBR=bradnelson@chromium.org,gdeepti@chromium.org,eholk@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I126b5afe283a4fe08adfa301e637d2641c29cccd
Reviewed-on: https://chromium-review.googlesource.com/993160
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52334}
This patch enables ShouldOptimizeForMemoryUsage if the old generation
size is within 1/8th of the max old generation size.
This patch also passes the reduce-memory flag to incremental marking
whenever ShouldOptimizeForMemoryUsage is enabled.
Bug: chromium:824214
Change-Id: I5cfc0566ca0e23dfa1b8c0439a4e67424ddc852d
Reviewed-on: https://chromium-review.googlesource.com/973524
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52333}
https://github.com/tc39/ecma262/pull/778 was recently merged
to Ecma 262.
It changes the way to convert between "local time" and UTC in such
a way that it'd work for all timezones whether or not there has
been any change in the timezone offset of the standard time. For
instance, Europe/Moscow and some parts of US state of Indiana have
changed the standard (non-DST) timezone offset a few times. The
previous spec assumes that the the standard timezone offset is
constant, but the new spec take into account the offset change
history.
In addition, it specifies a new way to calculate the timezone
offset during a timezone transition (either in and
out of DST or timezone offset shift).
During a negative transition (e.g. fall backward / getting
out of DST), repeated times are to be interpreted as if the
offset before the transition is in effect.
During a positive transition (e.g. spring forward / getting
into DST), skipped times are to be treated similarly. That
is, they are to be interpreted as if the offset before the
transition is in effect.
With icu-timezone-data, v8 is compliant to the new spec for the
past and the future as well as now whether or not the standard
timezone offset of a given timezone has changed over time
(e.g. Europe/Moscow, Pacific/Apia). With icu-timezone-data,
Australia/Lord_Howe (30 minute DST change) also works per spec.
Without icu-timezone-data, it works only for timezones of which
the standard timezone offset is the same as the current offset
(e.g. most North American timezones other than parts of Indiana)
and of which the DST shift is an hour. For instance, it doesn't work
for Europe/Moscow in 2010 when the standard timezone offset was
+4h because the current (2018) standard timezone offset is +3h. Neither
does it for Lord Howe in Australia with the DST shift of 0.5 hr.
This CL used to require one of the two ICU CLs below, but not
any more.
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/572652https://chromium-review.googlesource.com/851265 (a proposed CL to the
upstream ICU).
Bug: v8:3547,chromium:417640,v8:5714
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ib162295da5bee31b2390bd0918157014aebd3e33
Reviewed-on: https://chromium-review.googlesource.com/572148
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52332}
This is a follow-up to https://chromium-review.googlesource.com/981687.
When a wasm function has a large stack frame, the x64 code generator
performs the stack overflow check before constructing the frame. This
requires the use of the `address_of_real_stack_limit` external
reference.
This reference is thread local, so if it is not relocated the stack
overflow check will always fail.
Bug: chromium:808848
Change-Id: I0edf3fe5a006242fc50d0bff44cd9dd0e7d85bd9
Reviewed-on: https://chromium-review.googlesource.com/982906
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52330}
This adds a systematic test for binary operations on different sets of
registers. By loading a number of values from memory to locals, we
create a cache state where all registers are used to hold local
variables. We then pick two of them and perform a binary operation on
them.
R=titzer@chromium.org
Bug: v8:7589, v8:6600
Change-Id: I2a4855810bb5c39247688c43cbe9d12d64fbc181
Reviewed-on: https://chromium-review.googlesource.com/992412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52329}
Makes CallHandlerInfo its own instance type, with an additional
map to distinguish side-effect-free handlers. In a followup, we
can expose an API flag to set the map.
This CL does not support whitelisting calls to ObjectTemplates
that use SetCallAsFunctionHandler().
Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie32fe144046a9fae3e3b1ea5602b0da3db8a5616
Reviewed-on: https://chromium-review.googlesource.com/965741
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52328}
On ia32, the implementation of 64-bit shifts first moved {src} into
{dst}, then {amount} into {ecx}. This fails if {dst} overlaps {amount},
because {amount} would be overwritten before being used. Just changing
the order to these two moves would also not be correct, since {src} can
contain {ecx}.
Thus, implement this via a general parallel register move, which
resolves cycles automatically.
R=titzer@chromium.org
Bug: v8:7589, v8:6600
Change-Id: I2556b9aa66a89a067372b7713dbbb3d71d2f923f
Reviewed-on: https://chromium-review.googlesource.com/981134
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52327}
The destructor of the owner of a phantom handle must clear the phantom
handle first before calling any function that can trigger GC.
Bug: chromium:827806
Change-Id: I20141d0d710c486aec3d92e729d76a53069e16fd
Reviewed-on: https://chromium-review.googlesource.com/992093
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52325}
Summary of work done:
* Simplify complicated CompareAndBranch instructions
* Mark BC1EQZ and BC1NEZ as compact branches in simulator
* Remove unneeded nops for BC1EQZ and BC1NEZ
* Block trampolines for delay slot of BC1T and BC1F
Change-Id: I86f3a497e6e9ac73075bb51653c2d4c6ab8454b9
Reviewed-on: https://chromium-review.googlesource.com/986260
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52324}
Builtin continuation frames know their height now. This is prework
to allow UnwindAndFindHandler to reconstructor the stack pointer for
the ContinueToBuiltin trampoline.
Bug: v8:7584
Change-Id: If1361f5bbac130c284cd46c0d39cc81e2df613d3
Reviewed-on: https://chromium-review.googlesource.com/983633
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52322}
When indexing into vectors of sweeping spaces, convert the
AllocationSpace to an index (by subtracting FIRST_GROWABLE_PAGED_SPACE)
to avoid wasted space at the start.
Change-Id: Ia23fe6dae42d5accea9f7fe7ec5c3b303ef857b4
Reviewed-on: https://chromium-review.googlesource.com/978242
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52320}
This ensures that we have gatekeepers for API changes.
R=adamk@chromium.org
Change-Id: I7a78f9590dfc444a20044fe323b9470f4f9004a3
Reviewed-on: https://chromium-review.googlesource.com/986267
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52318}
When we know that the imported JavaScript function, and we cannot
generate a direct call because the parameter count does not match, then
we can call directly to the ArgumentsAdaptor instead of the Call
builtin.
R=bmeurer@chromium.org
Change-Id: I72882c2edf170d88135d12352852302d56cc54a5
Reviewed-on: https://chromium-review.googlesource.com/986095
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52316}
When peeking into descriptor arrays (for Function.prototype.bind
inlining), we need to check the number of descriptors rather than
the length of the DescriptorArray.
Bug: chromium:825045
Change-Id: I55dbe1544e5e4cb8e23d873961c71ed12294d89c
Reviewed-on: https://chromium-review.googlesource.com/991812
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52315}
