Otherwise (this) will leak into a later this=> making it seem like a valid
arrow function head.
Bug: chromium:941703
Change-Id: I5c3ff70f1d525ec0da53b401a0bfec4c1ee7812f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601260
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61345}
This fixes a crash when using --trace-ic on Arm64 debug. For a given return
address, the assembler's `target_address_from_return_address()` method will
displace it to give you the call-site address. However, this is fragile because
it needs to decode the instruction stream to distinguish between different call
sequences. So it triggered an assertion on Arm64 because we now use BL for
builtin to buitin calls.
We only use this when tracing IC states to detect if the caller is a deoptimized
function. But to do this it doesn't matter if the address we have is the return
or the call-site address. So we can just remove the need for the fragile
Assembler method.
As a drive-by, also remove `return_address_from_call_start()` which was doing
the opposite and was unused.
Change-Id: I5988d17eadd1652ed85d662e62bc4c579665dd31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594566
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61337}
This is a reland of 289b25765a.
The fix for failures landed here:
https://chromium-review.googlesource.com/c/v8/v8/+/1599388
Original change's description:
> [Test] Update tests to work with lazy feedback allocation.
>
> This adds either %EnsureFeedbackVectorForFunction or
> %PrepareFunctionForOptimization to allocate feedback vectors when testing
> optimization, allocation sites, IC transitions etc.,
>
> Bug: v8:8394
> Change-Id: I6ad1b6d460e4abda693b326cddb87754e080a0a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593303
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Auto-Submit: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61212}
Bug: v8:8394
Change-Id: Idb5bba221d138e6fd73155f959b9e16fc948c709
TBR: rmcilroy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599607
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61332}
Bug: v8:9207
Change-Id: Ie137e8c2395e835d532394495d892ad9b2cfc90d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601133
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61322}
Above test passes on simulator but may take up about 3 minutes. Test
passes normally on native mips.
ppc & arm both skip it on simulator.
Change-Id: Ifd51a29ab653fa80e541fb2a7a8b0ae680a4454d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598913
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#61313}
This is the follow-up for frozen, sealed packed elements kind.
Design docs: bit.ly/fast-frozen-sealed-elements-in-v8
This change is only support the transition from holey elements to holey sealed elements (via object.seal) or to holey frozen elements (via object.freeze).
Added tests for non-extensible, sealed, frozen holey elements in https://chromium-review.googlesource.com/c/v8/v8/+/1574503 and https://chromium-review.googlesource.com/c/v8/v8/+/1582481
Bug: v8:6831
Change-Id: Ia4373648f79f2ebebb390982a503145844a0c123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574777
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61307}
The test is timing out a lot recently, blocking the LKGR.
The underlying issue still needs to be found and fixed.
If the test passes, it is fast.
TBR=titzer@chromium.org
No-Try: true
Bug: v8:9221
Change-Id: Ie2cbfa310a5088ed736cfd930eefe993e68af9b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599550
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61302}
Generalize the existing work-around in the method
`Map::GeneralizeIfCanHaveTransitionableFastElementsKind()` to also go to
the most general field representation (in addition to going to the most
field type) for objects with transitionable fast elements kinds. That
means that we essentially disable field representation tracking for
arrays, arguments objects and value wrappers (for which the field type
tracking is already disabled).
Drive-by-fix: Remove the `constness` parameter to the above mentioned
helper method. And fix the printing of the descriptor expectations to
properly print the field type.
Change-Id: I1bba9415f4bdd2c916f9d105d9120c7071d2c498
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Doc: http://bit.ly/v8-in-place-field-representation-changes
Bug: v8:8749, v8:8865, v8:9114, chromium:959645, chromium:952682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598756
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61284}
TBR=tmrts@chromium.org
Also skip some tests too slow in full debug mode.
Bug: v8:9145
Change-Id: Ied8781be26d2c1efd7720e333775da9f6d632236
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598759
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61281}
This is a reland of ad44c258d7
Patchset 2 is the original CL
Patchset 3 fixes some misuses of FixedArrayBase::length() and adds some
DCHECKS to flush out any more misuses.
Patchset 4 adds the PPC/S390 port by miladfar@ca.ibm.com.
Original change's description:
> [typedarray] Make JSTypedArray::length authoritative.
>
> This is the first step towards full huge typed array support in V8.
> Before this change, the JSTypedArray::length and the elements backing
> store length (FixedTypedArrayBase::length) were used more or less
> interchangeably to determine the number of elements in a JSTypedArray.
>
> With this change we disentangle these two lengths, and instead make
> JSTypedArray::length authoritative. For on-heap typed arrays, the
> FixedTypedArrayBase::length will remain the number of elements in the
> backing store, but for the off-heap typed arrays, this length will be
> set to 0 (matching the fact that the FixedTypedArrayBase instance does
> not contain any elements itself).
>
> This also unifies the JSTypedArray::set_/length() and length_value()
> methods to only have JSTypedArray::set_/length() which returns/takes
> size_t values. Currently this still requires the values to be in Smi
> range, but later we will extend this to allow arbitrary size_t values
> (in the safe integer range).
>
> Bug: v8:4153, v8:7881
> Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107
> Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60648}
Bug: v8:4153, v8:7881, v8:9105
Change-Id: Ic38f833071a723642ebc6f82a4012dbc0878ef98
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594435
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61275}
The implementation is done with a runtime function.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5f27b1fdc7cc2baf6919b4db3bf053a350b91a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596738
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61274}
This reverts commit 758700a708.
Reason for revert: Broken
Original change's description:
> [compiler] Don't collect source positions for the top frame
>
> While most source positions were not collected even throwing exceptions,
> the top frame still was always collected as it was used to initialize
> the JSMessageObject. This skips even that frame, by storing the
> SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
> it to lazily evaluate the actual source position.
>
> Also adds tests to test-api.cc that test each of the source position
> functions in isolation to ensure that they don't rely on previous
> invocations to call the source collection function.
>
> Since no source positions are now collected at the point when an
> exception is thrown, the mjsunit/stack-traces-overflow now passes again
> with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
> only failure).
>
> Bug: v8:8510
> Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61271}
TBR=ulan@chromium.org,rmcilroy@chromium.org,delphick@chromium.org
Change-Id: I3ee0b5db5f8a1b3255f68070dc10d27d0e013048
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598758
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61273}
While most source positions were not collected even throwing exceptions,
the top frame still was always collected as it was used to initialize
the JSMessageObject. This skips even that frame, by storing the
SharedFunctionInfo and bytecode offset in the JSMessageObject allowing
it to lazily evaluate the actual source position.
Also adds tests to test-api.cc that test each of the source position
functions in isolation to ensure that they don't rely on previous
invocations to call the source collection function.
Since no source positions are now collected at the point when an
exception is thrown, the mjsunit/stack-traces-overflow now passes again
with the flag enabled. (cctest/test-cpu-profiler/Inlining2 is now the
only failure).
Bug: v8:8510
Change-Id: Ic5382bdbab65cd8838f0c84b544fabb1a9109d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587385
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61271}
This is a reland of d14ed12e56
with fix for test failures in lite mode.
When handling load named properties (without feedback vectors) we used
to miss to runtimes if the prototypes aren't set. This was because we
wanted to give the prototype a chance to become fast, since most prototypes
start in slow mode but move to fast after the initial setup. Though this
check is not really useful when we don't have feedback vectors, and once
feedback vectors are allocated we will turn the prototypes fast anyway.
Bug: v8:8394, v8:8860
Change-Id: I5c7b5061e1d9068c72d6f0eea47517880940a054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591772
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61267}
This is a reland of b0c4a8764b
Original change's description:
> [json] Speed up json parsing
>
> - scan using raw data pointers + GC callback
> - scan using scanner tables
> - cap internalizing large string values
> - inline fast transitioning logic
>
> Fixes previous CL by moving AllowHeapAllocation to callers of
> ReportUnexpectedCharacter where needed to make it clear we need to exit.
>
> Tbr: ulan@chromium.org
> Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61159}
Change-Id: I0d713e02d243723df2d2a7c252eae44a6648b6b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596444
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61247}
The interpreter accesses code directly from the code manager. With lazy
validation, however, this code is not guaranteed to exist. The
interpreter now checks for this and compiles it lazily if needed. It
also handles exceptions that may arise from lazy validation.
Bug: v8:9003
Change-Id: I37c365f0a4d755ed55630d01c8526f2a3efa9a9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594567
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61240}
This adds either %EnsureFeedbackVectorForFunction or
%PrepareFunctionForOptimization to allocate feedback vectors when testing
optimization, allocation sites, IC transitions etc.,
Bug: v8:8394
Change-Id: I6ad1b6d460e4abda693b326cddb87754e080a0a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593303
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61212}
Fix function name in error messages thrown by the streaming API. The API
functions {WebAssembly.compileStreaming} and
{WebAssembly.instantiateStreaming} are now mentioned where needed.
Bug: v8:9184
Change-Id: I70b27efe1c027d119fa7b5b9be27988a92304682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588468
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61202}
This CL adds decoding and code generation for the table.size
instruction.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I0e689a993d25db72281ebba0854454be12f4d350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593302
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61195}
This CL add decoding and code generation for the table.grow
instruction. For code generation we just generate a runtime
call. The implementation is quite straight-forward. However,
I did several small cleanups along the way. I hope it's still
acceptable. I could also split out some cleanups into separate
CLs.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Id885b7e70eb4f5bccfe779eb216f7cc9302ea3a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593078
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61192}
On Windows, expanding the stack by more than 4 KB at a time can cause
access violations. This change fixes a few known cases (and includes
unit tests for those), and attempts to make stack expansion more
consistent overall by using the AllocateStackSpace helper method
everywhere we can, even when the offset is a small constant.
On arm64, there was already a consistent method for stack pointer
manipulation using the Claim and Drop methods, so Claim is updated to
touch every page.
Bug: v8:9017
Change-Id: I2dbbceeebbdefaf45803e9b621fe83f52234a395
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570666
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61186}
When asked to start at the receiver and the receiver is a primitive, the
dependency should be taken on the primitive map (which is a no-op)
rather than the wrapper object's map.
Bug: chromium:958716
Change-Id: I9c8b2b56436d134b2f79dbe458c0c527fe6d17a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593086
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61174}
This reverts commit ad44c258d7.
Reason for revert: Missed some users: crbug.com/v8/9105
Original change's description:
> [typedarray] Make JSTypedArray::length authoritative.
>
> This is the first step towards full huge typed array support in V8.
> Before this change, the JSTypedArray::length and the elements backing
> store length (FixedTypedArrayBase::length) were used more or less
> interchangeably to determine the number of elements in a JSTypedArray.
>
> With this change we disentangle these two lengths, and instead make
> JSTypedArray::length authoritative. For on-heap typed arrays, the
> FixedTypedArrayBase::length will remain the number of elements in the
> backing store, but for the off-heap typed arrays, this length will be
> set to 0 (matching the fact that the FixedTypedArrayBase instance does
> not contain any elements itself).
>
> This also unifies the JSTypedArray::set_/length() and length_value()
> methods to only have JSTypedArray::set_/length() which returns/takes
> size_t values. Currently this still requires the values to be in Smi
> range, but later we will extend this to allow arbitrary size_t values
> (in the safe integer range).
>
> Bug: v8:4153, v8:7881
> Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107
> Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60648}
TBR=jarin@chromium.org,titzer@chromium.org,hpayer@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
TBR=jarin@chromium.org, szuend@chromium.org
Bug: v8:4153, v8:7881
Change-Id: I96992bff15b4a2765ae4a557d2c37e78269c927d
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593294
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61172}
The problem is with element kinds transitions without going through
runtime (i.e., IC or optimizing compiler).
Bug: chromium:952682
Change-Id: I6fe2bb30a0ea6fecb8f6e0750427cc50cc50f9e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593083
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61158}
- Add missing uses of MapInference::NoChange.
- Insert map checks even if inferred maps were reliable, because
they were inferred for an earlier effect input.
Bug: chromium:958420, chromium:958350, v8:9197
Change-Id: Id7677b1fc6f1e09dc12ae178f1155e4245b4e3e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593077
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61157}
With bytecode flushing and lazy feedback allocation, we need to call
%PrepareForOptimization before we call %OptimizeFunctionOnNextCall
Bug: v8:8801, v8:8394
Change-Id: I1f84477a8cef27b4cff61b54daf6fe1a9e5f8e76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591775
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61148}
This is a reland of 9284ad5731, after
adding a missing speculation mode check in ReduceCallApiFunction.
Original change's description:
> [turbofan] Avoid raw InferReceiverMaps in JSCallReducer
>
> Instead provide an abstraction that makes it hard to forget
> dealing with unreliable maps.
>
> This also fixes a deopt loop in Function.prototype.bind and
> one in Array.prototype.reduce.
>
> Bug: v8:9137
> Change-Id: If6a51182c8693a62e9fb6d302cec19b4d48e25cb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578501
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61106}
Tbr: jarin@chromium.org
Bug: v8:9137, v8:9197
Change-Id: I0db68d267055969553c0c1b85fad7b909075c062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1589976
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61140}
With bytecode flushing and lazy feedback allocation, we need to call
%PrepareForOptimization before we call %OptimizeFunctionOnNextCall
Bug: v8:8801, v8:8394
Change-Id: I81918f174b2f97cbaa8b8ef2e459080c2581f535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588415
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61122}
This reverts commit 9284ad5731.
Reason for revert: breaks blink tests:
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Win/16839
Original change's description:
> [turbofan] Avoid raw InferReceiverMaps in JSCallReducer
>
> Instead provide an abstraction that makes it hard to forget
> dealing with unreliable maps.
>
> This also fixes a deopt loop in Function.prototype.bind and
> one in Array.prototype.reduce.
>
> Bug: v8:9137
> Change-Id: If6a51182c8693a62e9fb6d302cec19b4d48e25cb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578501
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61106}
TBR=jarin@chromium.org,neis@chromium.org
Change-Id: I97e0f47fb82eda76656905a3f7cc494babd92be6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588433
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61118}
Fix recognition of lazy functions when {--wasm-lazy-compilation} is
used.
Bug: chromium:956771
Change-Id: I3f9bb25ccf3920a6c3d266876faace8841dcdc61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585843
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61114}
This CL refactors WasmTableObject::Grow to make it usable for the
table.grow instruction of WebAssembly.
The refactored version of WasmTableObject::Grow does additionally:
* Check if growing is possible
* Grow the FixedArray backing store of the table and initialize the new
fields.
* Calculate the return value of WasmTableObject::Grow.
R=jkummerow@chromium.org
Bug: v8:7581
Change-Id: Ic6c867b96c30bd987ea281d5b3515a04bc5a3900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588136
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61112}
