This patch adds a new assign type `PRIVATE_METHOD`. We now use this
for private method references in the form `obj.#key` when `#key`
resolves to a private method.
To obtain the type of the key variables after scope analysis, this
patch add a bit to Variable to recognize private method variables
whose load requires a brand check.
Also renamed `PropertyExpressionWithPrivateFieldKey` in ExpressionType
to `PrivateReference` and added `PRIVATE_CALL` to `CallType` - we'll
use the new types later when we implement private methods, which
require special brand checking semantics to load methods directly
from the context instead of from the object in order to save memory.
Bug: v8:8330
Change-Id: Idc1dcd4d514c1b3f8a31c99e49e34249449f0677
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1642772
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62255}
kOwnerOffset is redundant after 8a437788b9
since we check the READ_ONLY_HEAP bit instead of MemoryChunk::owner_ in
heap-write-barrier-inl.h
Bug: v8:9183
Change-Id: Ia0fbb530c088b8a87c551a99cc29d8cf7bd118f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664341
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Auto-Submit: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62253}
HeapControllerTest no longer exists while the other HeapTests use
IsolateData instead of Heap.
Bug: v8:9183
Change-Id: I1d17dfb9edb167147e2434bc4097147cea7e277b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664339
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62252}
Having O(1) access to the length of the free lists on a given Page
will be useful to compute fragmentation and to implement efficient
heuristics to select evacuation candidates.
Bug: v8:9329
Change-Id: I92c7fcc38c89dcb18fef4ce7cc9ebf0b83d03dc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664065
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#62251}
Previously the ReadOnlyHeap simply discarded all but the first
ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
new ReadOnlyDeserializer (this might change in the future).
Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
to test Map::WeakCellForMap which doesn't exist anymore and was
difficult to adapt to a shared read-only heap.
Bug: v8:7464
Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62250}
The modules generated by translation from asm.js to WebAssembly are
valid by construction, an eager sequential validation is not required.
This behavior has been the default and recently broke by a refactoring,
hence this just re-enables the path in question.
R=ahaas@chromium.org
BUG=chromium:969368
Change-Id: I29811a7f278aed0f34c09483394a60b4b865ab6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664335
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62248}
We previously only optimized cases like
Parent <- Decompression <- Compression <- Child
to
Parent <- Child
This CL also adds the complementary optimization, namely, it reduces
Parent <- Compression <- Decompression <- Child
as above.
Such a cases became apparent after a recent extension of CSA load elimination (see https://chromium-review.googlesource.com/c/v8/v8/+/1660626), breaking a load elimination test case and thus the pointer compression build.
R=jarin@chromium.org, solanes@chromium.org
Change-Id: Ic730d05175f214e7055f94704141744ca44fefe5
Bug: v8:9353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664070
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62246}
What it says is can be summarized as "follow the style guide" plus some
notes about TODOs that don't reflect reality.
Change-Id: I058a2d11a505c4f9a57f518daa142cc1240109d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649354
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62245}
We don't want to handle even non-growing stores when there are TypedArrays
in the prototype chain. Typed arrays handle the out-of-bounds accesses by
ignoring the stores unlike the regular array writes. We just let runtime
handle these cases instead of making ICs more complex.
There was an earlier cl (https://chromium-review.googlesource.com/c/v8/v8/+/1609790)
that fixed it for growing stores. This cl extends it for non-growing stores
as well to handle more cases.
Bug: chromium:961709
Change-Id: I65e079b88c10d2ba343f69a67134893319cd8f8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662305
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62243}
Move this straggler to its use-site in regexp-compiler.cc.
Bug: v8:9359
Change-Id: Ia5393140de5a1c8d70ac410ef6239eabfec130b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662303
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62241}
This CL renames jsregexp.{h,cc} to regexp.{h,cc}, hides all non-public
functions of RegExpImpl in the .cc file, and renames the public parts
of RegExpImpl to just RegExp. Include directives from outside the
src/regexp directory are limited to regexp.h, regexp-stack.h, and
regexp-utils.h. We also expose all result codes that can be returned
by irregexp code (including RETRY) on the public header since they
are needed elsewhere, e.g. in builtins.
Bug: v8:9359
Change-Id: Iae1a01ac9f6e1e4dc168f3fbe8fe8679cb6b1259
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662297
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62240}
This is a reland of ac79b539ec
This CL adds a missing BlockPoolsScope to guard a RequestHeapObject
call. This fixes a latend bug that the original land flushed out.
Original change's description:
> [arm64] Refactor constant pool implementation
>
> This refactors the constant pool handling for arm64. The immediate goal
> is to allow 32bit compressed pointers in the pool. The mediate goal is
> to unify the implementation with the arm constant pool, which will be
> done in a follow-up CL.
>
> Bug: v8:8054
> Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62209}
TBR=mstarzinger@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com
Bug: v8:8054
Change-Id: I1e3ab13619a48caad33d77ed8bed86782f9d9674
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664054
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62237}
This CL is an improvement on
https://chromium-review.googlesource.com/c/v8/v8/+/1664052
which introduced unnecessary boilerplate (now reverted).
The code objects for resolve/reject handlers are builtins, and
therefore already serialized.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: I6a49110aa794d4bd380cabd40e67fba7783e642a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664055
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62236}
This adds missing support when converting a Word32 value (either in
Signed32 or Unsigned32 range) to Word64 representation, for which the
type also includes MinusZero. This conversion is fine as long as the
difference between 0 and -0 is not observable (in other words, as long
as the truncation identifies zeros).
Bug: chromium:971782, chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383
Change-Id: I9d350a25f57b1342eb7fd1279d55a8610bdaf7cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664062
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62235}
This function was functionnaly equivalent to FreeList::TryFindNodeIn.
They probably were different when FindNodeIn was iterating through
the empty FreeListCategories, but since CL 1648476, FreeListCategories
in the FreeList can't be empty, and there was therefore never more than
a single iteration of FindNodeIn's while loop.
Bug: v8:9329
Change-Id: Ief7275ef55edb46b8bb35bce0783fbfd28534925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660615
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62233}
This CL allows CsaLoadElimination to retain some information in the presence of StoreToObject nodes. Two stores to an object don't alias if either the objects or the offsets don't alias. The analysis approximates either of these two conditions conservatively as follows:
- Freshly allocated, distinct objects cannot alias.
- Two objects cannot alias if one of is freshly allocated and the other was passed as a parameter or is a heap constant.
- Two offsets cannot alias if they are both constant and distinct from each other.
R=jarin@chromium.org, tebbi@chromium.org
Change-Id: Ibec81913b413f81a3f7cbd40544a22d3711e6e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660626
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62232}
This reverts commit 0c5479df6d.
Reason for revert: Turns out there is a simpler way to do this.
Original change's description:
> [Turbofan] Make JSCallReducer::ReducePromiseConstructor concurrent
>
> The only piece missing at this point was to serialize the code
> objects for the resolve and reject handlers.
>
> Bug: v8:7790
> Change-Id: If636f9d74dfc9606cf5f45c4f02dd118fb5d8f00
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662295
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62215}
TBR=mvstanton@chromium.org,jarin@chromium.org
Change-Id: Ie67326c850623eede8a63b50c5705682db784212
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664052
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62231}
Rolling v8/build: 8ef7aaa..be684b6
Rolling v8/buildtools: 6ae683b..6f3775a
Rolling v8/buildtools/linux64: git_revision:8c7f49102234f4f4b9349dcb258554675475e596..git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9
Rolling v8/third_party/android_sdk/public: ki7EDQRAiZAUYlnTWR1XmI6cJTk65fJ-DNZUU1zrtS8C..xhyuoquVvBTcJelgRjMKZeoBVSQRjB7pLVJPt5C9saIC
Rolling v8/third_party/android_sdk/public: iIwhhDox5E-mHgwUhCz8JACWQCpUjdqt5KTY9VLugKQC..ppQ4TnqDvBHQ3lXx5KPq97egzF5X2FFyOrVHkGmiTMQC
Rolling v8/third_party/android_sdk/public: 4Y2Cb2LGzoc-qt-oIUIlhySotJaKeE3ELFedSVe6Uk8C..MSnxgXN7IurL-MQs1RrTkSFSb8Xd1UtZjLArI8Ty1FgC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e4b470..f6c289d
Rolling v8/third_party/depot_tools: bc23ca1..2313020
Rolling v8/third_party/googletest/src: 076b7f7..d700357TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org
Change-Id: Ibee14c27a78dbb0c30494bdac8d663a61dc9535d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662979
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62230}
This change removes the special case in the Torque compiler for types
that descend from JSObject: they will no longer get implicit
"| Undefined" appended to their types for verification purposes. It
removes any additional custom verification steps in objects-debug that
are made redundant by that change.
In order to do so safely, I categorized all cases where we were
implicitly adding "| Undefined" to the field type, as follows:
1. Classes that aren't using the generated verifier function (we should
probably revisit these, but for now we at least know they're safe):
- JSGlobalObject
- JSFinalizationGroup
- JSFinalizationGroupCleanupIterator
2. Classes where the existing verifier is already at least as strict as
what we would get after removing the implicit "| Undefined":
- JSDate
- JSPromise
- JSRegExp
- JSRegExpStringIterator
- WasmMemoryObject
- JSWeakRef
- JSStringIterator
- WasmExceptionObject
- JSListFormat (fixed in part 1)
- JSPluralRules (fixed in part 1)
- JSRelativeTimeFormat (fixed in part 1)
- JSSegmenter (fixed in part 1)
- JSArrayBufferView (fixed in part 1)
- JSTypedArray (fixed in part 1)
3. Classes where, to the best of my knowledge based on code inspection,
we already initialize the object correctly to pass the new stricter
generated verifier:
- JSFunction
- JSArrayIterator
- JSMessageObject
- JSBoundFunction
- JSAsyncFromSyncIterator
- WasmModuleObject
- JSAsyncFunctionObject
4. Classes that needed some adjustment to their initialization order to
avoid exposing uninitialized state to the GC:
- JSArray (only in Factory::NewJSArray; Runtime_NewArray and
CodeStubAssembler::AllocateJSArray already behave fine)
- WasmTableObject
- JSDateTimeFormat
- JSNumberFormat
- JSCollator
- JSV8BreakIterator
- JSLocale
- JSSegmentIterator
- JSModuleNamespace
5. Classes that had incorrect type definitions in Torque:
- WasmGlobalObject (category 4 after correction)
6. Classes that weren't fully initialized due to bugs:
- JSGeneratorObject
- JSAsyncGeneratorObject
Bug: v8:9311
Change-Id: I99ab303d3352423f50a3d0abb6eb0c9b463e7552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1654980
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62228}
This in in preparation for generic (off-heap/on-heap) bytecode
array accessor.
Bug: v8:7790
Change-Id: Ib419831ba1db95ab938179723ef5f130f01ae0d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635895
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62222}
which was probably added by mistake.
Change-Id: Iba265309710115aae8d9a0b7c0ede7e0160a662a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662302
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62220}
Extract tests related to array buffers and typed arrays to their own
.cc files.
R=mstarzinger@chromium.org
Change-Id: Ic80205d02b62db1565670ecf2bb4c0dbe52fab49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662301
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62219}
This further reduces the number of things declared in the public
regexp API file, currently still named jsregexp.h.
* Move JSRegExp::Flags convenience functions to regexp-compiler.h.
* Set RegExpImpl methods private if possible (these will later be
moved to a new hidden impl class).
* Merge RegExpEngine::CompilationResult into RegExpCompileData.
* Move remaining RegExpEngine methods to RegExpImpl and delete
RegExpEngine.
* Extract RegExpGlobalCache.
* Document a few data structures.
Upcoming CLs will rename RegExpImpl to RegExp and jsregexp.h to
regexp.h. This should then be the only header included from other
directories.
Bug: v8:9359
Change-Id: I78c8f4cca495a2b95735a48b6181583bc3310bdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662294
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62218}
Rename LargeObjectIterator to LargeObjectSpaceObjectIterator.
Rename SemiSpaceIterator to SemiSpaceObjectIterator.
Rename CombinedHeapIterator to CombinedHeapObjectIterator.
Rename ReadOnlyHeapIterator to ReadOnlyHeapObjectIterator.
Rename HeapIterator to HeapObjectIterator.
Rename HeapObjectIterator to PagedSpaceObjectIterator.
Rename PagedSpaces to PagedSpaceIterator.
Bug: v8:9183
Change-Id: If4bd65d81e50bb45d207a897baaca8b723e4f10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645914
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62217}
The only piece missing at this point was to serialize the code
objects for the resolve and reject handlers.
Bug: v8:7790
Change-Id: If636f9d74dfc9606cf5f45c4f02dd118fb5d8f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662295
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62215}
Previously only AssemblerOptions created by AssemblerOptions::Default()
could have inline_offheap_trampolines set to true.
This fixes OutOfLineTruncateDoubleToI from generating calls via the
DoubleToI trampoline.
Bug: v8:9338
Change-Id: Ia4638cd185e9041c7c69996783d0ce5600e9723a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662288
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62213}
We have too many dupes in the no-ic comparisons. We'll increase the
experiment size again once bugs are fixed.
TBR=jarin@chromium.org
NOTRY=true
Bug: chromium:961709
Change-Id: Ic946100b45fd73e1bee59f188a766384836bcdcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660624
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62212}
This reverts commit ac79b539ec.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/18611
Original change's description:
> [arm64] Refactor constant pool implementation
>
> This refactors the constant pool handling for arm64. The immediate goal
> is to allow 32bit compressed pointers in the pool. The mediate goal is
> to unify the implementation with the arm constant pool, which will be
> done in a follow-up CL.
>
> Bug: v8:8054
> Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62209}
TBR=mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com
Change-Id: Iff03e81a2e70d125ef2c06b6ff3aff8d0e3688ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662293
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62211}
This adds preliminary support for storing constructed WebAssembly
functions in tables. Note that for now only tables at index #0 are
supported, extending it to other tables indexes will be done as a
follow-up.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I9aa07813e07f0ceb4eafe37af412b45c7d235722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640209
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62210}
This refactors the constant pool handling for arm64. The immediate goal
is to allow 32bit compressed pointers in the pool. The mediate goal is
to unify the implementation with the arm constant pool, which will be
done in a follow-up CL.
Bug: v8:8054
Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62209}
The functions
* JSCallReducer::ReducePromisePrototypeThen
* JSCallReducer::ReducePromisePrototypeFinally
* JSCallReducer::ReducePromisePrototypeCatch
need the prototype for all receiver maps to be serialized in order
to take effect. We can do this by processing our receiver hints
when processing a builtin call in the serializer.
Bug: v8:7790
Change-Id: I3d9144924cf6926cfcd93b60ac703cfba2d3d93a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660623
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62208}
