We should not clobber the input registers in the codegen
of a Maglev IR.
We use a new temporary register instead.
Bug: v8:7700
Change-Id: Icacbee4e030f426001c224e25aed6ce86ad8b811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973311
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83884}
This reverts commit 9dedaaf313.
Reason for revert: crashes have been fixed:
- https://crrev.com/c/v8/v8/+/3888198
- https://crrev.com/c/v8/v8/+/3965723
Original change's description:
> Revert "Enable background merging of deserialized scripts"
>
> This reverts commit f388f96fdb.
>
> Reason for revert: Crashes in canary (https://crbug.com/1360024)
>
> Original change's description:
> > Enable background merging of deserialized scripts
> >
> > This can save memory in cases where multiple frames in a process use the
> > same script, with sufficient time between loads that the script's
> > top-level SharedFunctionInfo is no longer present in the compilation
> > cache. Merging is relatively fast; it generally takes about one tenth as
> > long as deserialization.
> >
> > Bug: v8:12808
> > Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#82920}
>
> Bug: v8:12808
> Change-Id: If160173afaab351d995ddcf4b60d6efe656cf70b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871208
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#82983}
Bug: v8:12808
Change-Id: I1d19a0e9ff4172435f4b2b9bbe3bf72a93e2411c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3972179
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83882}
This CL adds TurboFan optimizations for length and element access
of TypedArrays and DataViews that are rab/gsab-backed.
To enable this optimization, this CL builds the necessary machinery
required to allow machine operators at the front of the pipeline
(before simplified lowering). Some key changes to allow this are:
- Introduce Type::Machine() to allow the typer and the verifier to
provide a type to those machine operators in parts of the pipeline
that require nodes to be typed.
- Add EnterMachineGraph and ExitMachineGraph operators that define
the boundary between early machine graphs and the normal graph with
JS semantics.
- Give Branch operators a BranchSemantics parameter to distinguish
between machine branches (condition is a machine level value) and
JS branches (condition is a JS boolean value) and have phases that
handle branches decide on the branch's semantics based on this
parameter instead of the position in the pipeline.
- Extend SimplifiedLowering and SimplifiedLoweringVerifier to handle
machine graphs. In particular, constants required special handling,
because they are cached in the graph but they may have uses in both
a machine and the JS graph, which prevents consistent typing of
them.
- Moved lots of logic from JSCallReducerAssembler into
[JS]GraphAssembler such that functionality can be shared between
different phases (e.g. JSNativeContextSpecialization and
JSCallReducer need to generate logic to compute a TypedArray's
byte length). Extended assembler interface in general with
additional TNode<> overloads.
Bug: v8:11111, chromium:1358505
Change-Id: Ife006b8c38a83045cd3b8558acbfdcb66408891f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898690
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83881}
This removes the temporary option and sets its value to {true}
everywhere.
Bug: v8:7748
Change-Id: Icbc3071b531b130c0eb007758452d09b65491c04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974510
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83880}
Shared space is used concurrently and thus pages cannot shrink like
we do for old or code space.
Bug: v8:13267
Change-Id: I646120b1690d6fe628e524a4926e5648871b960e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974808
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83879}
Isolates need to be deserialized to run a GC. Similarly all client
isolates need to be deserialized for a shared GC.
This CL allows heap expansion during isolate deserialization.
Previously shared heap allocations could fail which would have led to a
CHECK failure in the subsequent GC.
Bug: v8:13267
Change-Id: Iae6934e9372063fcbe7de37128b7e783b09bb3c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974669
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83878}
Rolling v8/build: b8f0bc7..cb6dbd1
Rolling v8/buildtools: 10c7a0a..32851f2
Rolling v8/buildtools/third_party/libc++/trunk: 997e036..166132d
Rolling v8/third_party/depot_tools: 9879712..61ef3d8
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221021.3.1..version:10.20221023.3.1
Rolling v8/tools/clang: 7b9e2e2..bc55ae7
Change-Id: Ie718d51122809672447c1d8e7fcb2ff46ce68c01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974078
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83877}
We don't currently try the fast path if left side
is negative. See {if_lhs_negative} branch.
Change-Id: Ieea2977209902ad90c29ff3b305ca047fafbdd80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3974511
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83873}
v8::TracedReference and their underlying traced handles are not
actually phantom references but have been historically represented as
such. This patch splits off their backing implementaton into
`TracedHandles`.
As a drive-by, re-organize the free list to rely on indices instead of
pointers, saving a full word for each node. In additon, the setup also
allows for freeing fully empty node blocks after GCs.
Allocation/free of nodes is also organized in a way that avoids
jumping between handles/blocks/nodes for accounting purposes.
Removing CRTP in GlobalHandle internals is left for a follow up.
Bug: v8:13372
Change-Id: Ib55aa9ba71202d5918b486c161fe6f747d31c719
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966952
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83872}
Map space is gone now so we can use SnapshotSpace::kOld instead.
Bug: v8:12578
Change-Id: If7509ee6bea04fed263a6d8b15597fd051697e4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968480
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83869}
... and prepare for using PGO profiles for arm builds.
Bug: v8:10470
Change-Id: If71d363195c60277a59dc68d0c18e361e24209c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3970665
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83867}
The feature has been enabled since M106 so we can safely remove the
flag with M109.
R=bmeurer@chromium.org
Bug: chromium:1334585
Change-Id: Iefe0b10e3be59d6dde54d676b5f1e0cf938851ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959659
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83865}
Fix by disabling the use of the trap handler in the "ARM64 simulator
running on x64" case. (Note that the ARM64-simulator-on-x64 case gets
built for mksnapshot as a host tool even if we didn't specifically
want the simulator case.)
Using the trap handler in that case currently uses some inline
assembly (the top-level asm() statements in
src/trap-handler/handler-outside-simulator.cc), but MSVC does not
support that type of asm() statement.
Disable using that asm() code by conditionalising it on "#if
V8_TRAP_HANDLER_SUPPORTED". Note that we're not putting this
condition into the GN build because it's complicated to keep the two
sets of conditions totally in sync.
Put the "#if V8_TRAP_HANDLER_SUPPORTED" into handler-inside-win.cc to
match the same #if in handler-inside.cc, otherwise we would get a link
error when the former refers to TryFindLandingPad(), which is defined
behind the #if in the latter.
Do the same in handler-inside-posix.cc for consistency.
Remove the earlier attempt at doing the fix by implementing
ProbeMemory in C++, which won't necessarily work. This reverts:
https://chromium-review.googlesource.com/c/v8/v8/+/3913036
Change-Id: If8e1720a90f89175d730cf32ee5ac42451b9b5be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3964232
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Mark Seaborn <mseaborn@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83864}
It's been enabled by default since Chrome 91.
Bug: v8:6020
Change-Id: Id26b7fb0b7dffe19a88a6f0071dd59203b06415a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3957636
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83862}
Port a02c56694f
Original Commit Message:
This is a reland of commit 4804c4de31.
There are major changes since the previous attempt:
- The WasmLiftoffFrameSetup (formerly WasmGetFeedbackVector) builtin
now performs as much of the frame setup work as possible, to reduce
generated code size for each function.
- The WasmLazyCompile builtin/runtime function no longer allocates,
hence gets frame type INTERNAL, and is un-handlified.
Original change's description:
> [wasm] Allocate feedback vectors on demand
>
> We previously allocated feedback vectors when instantiating the module,
> or when lazily compiling a function. That's not sufficient when there
> are multiple instances of the same NativeModule, or when we eagerly
> tier-down all code for debugging. This patch changes the "get vector from
> instance" sequence at the beginning of every Liftoff function to "get
> or allocate vector"; factored into a builtin call to avoid generating
> more code for every function.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3939667
> Cr-Commit-Position: refs/heads/main@{#83610}
R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I7d7e65a32e89285cb583216455ea1b9a490cb16b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968705
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83861}
We pass the *declared* function index on the stack now, so we must
convert it to a regular function index before using it to look up
the function's signature.
Change-Id: Ib98d71a02ba8ca885136c010cf7dbb6ef7f62950
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971365
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83860}
This enriches KnownNodeAspects to use a map from Node to a set of
Maps, instead of a single map. We update known maps with set
intersection. We recompute the set from scratch, since set removal
is expensive.
It also adapts CheckMaps and CheckMapsWithTransition to support
a set of maps.
Bug: v8:7700
Change-Id: I0c16a456a1a186aaedcbacf2491ec4f0cb8b0682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966441
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83859}
Similar to how `time COMMAND` measures time, `rss.py COMMAND` measures
memory consumption, by sampling RSS (Resident Set Size) for the child
process in /proc at a configurable interval (default: every 1ms).
No-Try: true
Change-Id: I381cdd6325fae67944ee96e44ba09dd948d432cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971360
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83858}
Make maglev less aggressive, and TF a little more again. Maglev deopts
will ensure that we'll back off on TF as long as feedback changes.
Bug: v8:7700
Change-Id: I98b4c339de598d96329b79d7b6862605f9bfd87c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968703
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83856}
PagedSpaceIterator just bailed out on first optional space.
Bug: v8:13267
Change-Id: I6f8dba6c510a641930b364698dc91529b2db1146
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971361
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83855}
%OptimizeFunctionOnNextCall could be called while compilation (Maglev or
Turbofan) was still on-going -- this would make DCHECKs fail when
attempting to save the compiled code on the feedback vector. This is not
an issue normally when tests are carefully crafted, but can easily
happen during fuzzing.
Unify the two %Optimize*OnNextCall paths, and make sure that they check
for in-progress compilation.
Fixed: v8:13404
Change-Id: I021e1305bc2ba769b7484f9a122792aeb22060ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971122
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83854}
Code coverage tests invoke garbage collection, to test that coverage
data is not reclaimed by the garbage collector and that the native
%DebugTogglePreciseCoverage works as intended. One of them tests that
garbage collection indeed reclaims the coverage data, if the above
native is not used. When conservative stack scanning is used, this may
fail.
This CL fixes the tests, ensuring that a precise garbage collection
will be invoked, without scanning the stack. To achieve this, the
garbage collection is invoked not with %CollectGarbage but by using
--expose-gc and the asynchronous execution mode, which ensures that
it will be invoked from the event loop without a stack.
Bug: v8:13257
Change-Id: Id44ef0d442bfd0a8afda282c3345e5ebeb239356
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968708
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83851}
This reverts commit 6e4dea75e8.
Reason for revert: This is blocking HEAD import in Copybara.
Let's test this there first, then backport the change.
Original change's description:
> [bazel] Add hide symbols from release / fast builds
>
>
> Our gn build files hide non-exported symbols by default, which results
> in smaller binaries and can improve build times.
>
> This was not ported to the bazel build and causes binary size
> regressions in google 3.
>
> Change-Id: I285914b83e75bd3bf406e6401f52ddb53230219a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925698
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83514}
Change-Id: I18561cfdd8a637c100be849c4d6a668c6f3b6080
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971120
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83850}
For memory64, we modified the {consume_resizable_limits} method to
support 64-bit LEBs. This method is not only used for memory limits
though, and other limits should be unaffected (they are always 32-bit
values, even in memory64).
This CL refactors decoding such that the {has_maximum} fields are
initialized earlier, and flags are only decoded once (in particular not
again inside {consume_resizable_limits}. Instead, the caller specifies
whether values should be decoded as 32-bit or 64-bit values.
R=jkummerow@chromium.org
Bug: v8:10949, v8:13401
Change-Id: I2fb76c3efcf153d1490d88c4456de1524fd508b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968482
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83849}
This CL makes the object keeping stack information thread-local, moving
it from Heap to ThreadLocalTop. In this way, stack scanning will work
correctly when switching between threads, e.g., using v8::Locker.
It also introduces a mechanism for setting a stack marker, to be used
for scanning only the part of stack between its start and the marker
(instead of the current stack top).
Bug: v8:13257
Change-Id: I01091f5f49d9a8143d50aeef53789a98bdb29048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960991
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83848}
For some reason we overlooked shared memory64 so far. Supporting it is
trivial, we just need to fix flag parsing.
To make parsing simpler, we replace the switch by a bit-decoding logic.
R=jkummerow@chromium.org
Bug: v8:10949, v8:13401
Change-Id: I1d884a174f901ed359c1d385055c9f2d24b0e2f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967904
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83846}
This adds a new [[WeakRefTarget]] internal property to
`Runtime.getProperties` results for `JSWeakRef` results
(also included in the preview), which will be used by
DevTools to show the target of the weak reference without
having to explicitly call `deref()` on them. As part of
this we also have (temporary) strong references to the
target, slightly changing behavior, but that's consistent
with how DevTools deals with `JSWeakMap` and `JSWeakSet`.
Bug: chromium:1267690
Change-Id: I2a9ef9261996fcdee20fbd0fc728d11208c82459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3970598
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83844}
If the call target is a known constant, we don't need to check the value
stored in the feedback array dynamically. Either it matches, in which
case we just perform the call, or it's different, in which case we
unconditionally deopt so we can update the feedback.
Bug: v8:7700
Change-Id: Iacfdd9f358aac9c1d4e5cc748f323c3d90597d41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971077
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83843}
A bit of restructuring to reduce branching on RememberedSetUpdatingMode.
Bug: v8:12612
Change-Id: Ia578b2045e13698d1545d16e5a0df75ee599e24d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966190
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83842}
VerifyRememberedSetsAfterEvacuation DCHECKs that OLD_TO_SHARED
invalidated set is null. MinorMC does not filter OLD_TO_SHARED
remembered set and thus the DCHECK fails.
Bug: chromium:1376860
Change-Id: I0f17687b3c1bc74c3b1c4afa462c99de5a05f78c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968707
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83841}
When inlining a tail call node into a regular call, the tail call node
is transformed into a regular call. This new call node (or its
projections in the case of multi-return) has to be typed.
Bug: v8:13406, v8:12166
Change-Id: I39cc619e6ee4f0d16763699fe4facebe461a750f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968715
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83839}