Let the SimplifiedOperatorReducer perform some strength reduction for
certain CheckTaggedSigned and CheckTaggedPointer inputs (reusing the
existing logic for ObjectIsSmi).
R=jarin@chromium.org
BUG=v8:5141
Review-Url: https://codereview.chromium.org/2080703006
Cr-Commit-Position: refs/heads/master@{#37167}
We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.
R=jarin@chromium.org
BUG=v8:5129
Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).
Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.
BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}
Reland of https://codereview.chromium.org/2048703002/
Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.
The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation
BUG=v8:4955
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=adamk
Review-Url: https://codereview.chromium.org/2086063002
Cr-Commit-Position: refs/heads/master@{#37156}
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.
So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.
BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com
Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
Add control dependencies to Projection and Int32Add/SubWithOverflow
operators, to prevent the scheduler from moving the Projection nodes
into the wrong place. This way the instruction selection can combine
the Int32Add/SubWithOverflow operations with the DeoptimizeIf and/or
DeoptimizeUnless nodes. This needs new operators CheckedInt32Add and
CheckedInt32Sub so that we can delay the actual lowering until the
effect/control linearizer.
This also makes CheckIf operator obsolete, so we can drop it.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2082993002
Cr-Commit-Position: refs/heads/master@{#37148}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.
Also, changes ErrorThrower to support capturing errors in a promise reject.
Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.
BUG=
Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
Add explicit state in BytecodeSourceInfo to simplify checks for
validity and whether a statement or expression position.
Remove BytecodeSourceInfo::Update which inherited rules for updating
source position information during bytecode building.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2048203002
Cr-Commit-Position: refs/heads/master@{#37136}
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.
BUG=v8:4822
LOG=N
Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
We need to trim the graph before we execute the MemoryOptimizer, because
that just walks the effect chain from Start to End and cannot deal with
dead nodes in the use lists.
R=jarin@chromium.org
BUG=chromium:614292
Review-Url: https://codereview.chromium.org/2080703003
Cr-Commit-Position: refs/heads/master@{#37133}
Base the fast-path in AdjustAmountOfExternalMemory on a value + limit. To
preserve the behavior the limit is just set using kExternalAllocationLimit.
Redo naming of related members.
R=jochen@chromium.org
BUG=chromium:621829
LOG=N
Review-Url: https://codereview.chromium.org/2085893002
Cr-Commit-Position: refs/heads/master@{#37131}
While the EcmaScript specification doesn't define precise values for the
Math constants or the Math functions, we should at least ensure that the
values of the constants and the functions agree, i.e. Math.E should be
exactly the same value as Math.exp(1).
Also make sure that Math.exp(1) returns the expected value; we should
revisit the fdlibm algorithm and figure out why it's wrong in the last
bit.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:626111,v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2079233005
Cr-Commit-Position: refs/heads/master@{#37128}
Yanking out in an effort to reduce dependencies. We probably want to
separate codegen into instance-specific and module-generic purpose -
eventually.
BUG=
Review-Url: https://codereview.chromium.org/2085863003
Cr-Commit-Position: refs/heads/master@{#37126}
Reason for revert:
MIPS compilation error.
Original issue's description:
> Refactor CpuProfiler.
>
> Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
> from Logger, constructs and stores CodeEventsContainer. This patch is part of
> the effort to split the logic of CodeEventListener as ProfilerListener out of
> the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
> to code events, construct code event to CodeEventsContainer and pass it to code
> event handler.
>
> The reason we refactor CpuProfiler is that eventually we want to move
> CpuProfiler as part of sampler library and code event listener should stay
> inside V8.
>
> Main changes:
> 1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
> functionality and the ProfilerListener listening to code events from Logger.
> 2. Created CodeEventObserver and made CpuProfiler inherit from it.
> ProfilerListener will have a list of observers and call CodeEventHandler once a
> code event is created.
> 3. Moved code entry list from CodeEntry to ProfilerListener.
>
> Minor changes:
> 1. Moved static code entry as part of CodeEntry.
> 2. Added ProfilerListener to Logger.
>
> BUG=v8:4789
>
> Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
> Cr-Commit-Position: refs/heads/master@{#37112}
TBR=alph@chromium.org,jochen@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2079273003
Cr-Commit-Position: refs/heads/master@{#37113}
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.
The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.
Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.
Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2053523003
Cr-Commit-Position: refs/heads/master@{#37112}
Port 481502dad9
Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.
TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero
BUG=
patch from issue 2019693002 at patchset 140001 (http://crrev.com/2019693002#ps140001)
R=ahaas@chromium.org
Review-Url: https://codereview.chromium.org/2066483008
Cr-Commit-Position: refs/heads/master@{#37105}
Adds an evacuation mode that allows moving pages within new space without
copying objects.
Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge
Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.
This reverts commit 2263ee9bf4.
BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2078863002
Cr-Commit-Position: refs/heads/master@{#37104}
These are used to check for Smi or HeapObject, and we use them
appropriately in JSNativeContextSpecialization, so we don't need
to introduce dependencies on concrete control flow and/or concrete
frame states.
They will be optimized by a proper check elimination reducer,
which will be added in a separate CL.
R=jarin@chromium.org
BUG=v8:4470
Review-Url: https://codereview.chromium.org/2082523002
Cr-Commit-Position: refs/heads/master@{#37096}
Reason for revert:
[Sheriff] Speculative revert for crashes on chrubuntu chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/320
Original issue's description:
> Implement WASM big-endian support.
>
> Implement WASM support on big-endian platforms. WASM has
> an implicit requirement that it is running on little-endian
> machine. We achieve WASM support on BE by keeping data
> in memory in little-endian order, and changing data
> endianness before storing to memory and after loading from
> memory.
>
> BUG=
>
> Committed: https://crrev.com/d3f3f6c8186b2a53f0c539f7bba0c3708c4d83f9
> Cr-Commit-Position: refs/heads/master@{#37065}
TBR=titzer@chromium.org,akos.palfi@imgtec.com,balazs.kilvady@imgtec.com,jyan@ca.ibm.com,ivica.bogosavljevic@imgtec.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2080153002
Cr-Commit-Position: refs/heads/master@{#37091}
Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
operator based on that, similar to what we do for Float64Cos and Float64Sin.
Rewrite Math.tan() as TurboFan builtin and use those operators to also
inline Math.tan() into optimized TurboFan functions.
Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
the %ConstructDouble runtime entry for writing tests.
BUG=v8:5086,v8:5126
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2083453002
Cr-Commit-Position: refs/heads/master@{#37087}
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.
This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.
Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.
Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2056633002
Cr-Commit-Position: refs/heads/master@{#37086}
Import base::ieee754::cos() and base::ieee754::sin() from fdlibm and
introduce Float64Cos and Float64Sin TurboFan operator based on that,
similar to what we do for Float64Log. Rewrite Math.cos() and Math.sin()
as TurboFan builtins and use those operators to also inline Math.cos()
and Math.sin() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
R=mvstanton@chromium.org
BUG=v8:5086,v8:5118
Review-Url: https://codereview.chromium.org/2073123002
Cr-Commit-Position: refs/heads/master@{#37072}
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.
BUG=
Review-Url: https://codereview.chromium.org/2034093002
Cr-Commit-Position: refs/heads/master@{#37065}
It still seems to break things in the wild, see attached Chromium
bug for details.
BUG=v8:4247, chromium:615873
Review-Url: https://codereview.chromium.org/2076763003
Cr-Commit-Position: refs/heads/master@{#37064}
Disassembler:
added decoding of a few instructions that were previously unsupported, fixed the decoding of pextr.
Assembler:
pmulld(XMMRegister, Operand) was actually emitting a pmuludq.
punpckldq(XMMRegister, XMMRegister) was implemented a second time as punpackldq.
BUG=
Review-Url: https://codereview.chromium.org/2070863002
Cr-Commit-Position: refs/heads/master@{#37059}
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
R=bmeurer@chromium.org, jarin@chromium.org
BUG=v8:4815
LOG=n
Review-Url: https://codereview.chromium.org/2069423002
Cr-Commit-Position: refs/heads/master@{#37051}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108,chromium:620786
R=mvstanton@chromium.org
Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
Review-Url: https://codereview.chromium.org/2077533002
Cr-Original-Commit-Position: refs/heads/master@{#37037}
Cr-Commit-Position: refs/heads/master@{#37047}
If (mask >>> s) == 0, ((x & mask) >> s) == 0, so replace the node with zero in
MachineOperatorReducer.
BUG=
Review-Url: https://codereview.chromium.org/2069973002
Cr-Commit-Position: refs/heads/master@{#37046}
Reason for revert:
Fragmentation of LABs could result in increasing memory usage (pages) instead of shrinking.
BUG=chromium:620320
LOG=N
Original issue's description:
> [heap] Add page evacuation mode for new->new
>
> Adds an evacuation mode that allows moving pages within new space without
> copying objects.
>
> Basic idea:
> a) Move page within new space
> b) Sweep page to make iterable and process ArrayBuffers
> c) Finish sweep till next scavenge
>
> Threshold is currently 70% live bytes, i.e., the same threshold we use
> to determine fragmented pages.
>
> BUG=chromium:581412
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/49b23201671b25092a3c22eb85783f39b95a5f87
> Cr-Commit-Position: refs/heads/master@{#36990}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581412
Review-Url: https://codereview.chromium.org/2063013005
Cr-Commit-Position: refs/heads/master@{#37042}
Reason for revert:
[Sheriff] Leads to some different rounding as it seems in some audio layout tests. Please rebase upstream first if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7508
Original issue's description:
> [builtins] Introduce proper Float64Exp operator.
>
> Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
> TurboFan operator based on that, similar to what we do for Float64Log.
> Rewrite Math.exp() as TurboFan builtin and use that operator to also
> inline Math.exp() into optimized TurboFan functions.
>
> BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
> Cr-Commit-Position: refs/heads/master@{#37037}
TBR=mvstanton@chromium.org,ahaas@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
Review-Url: https://codereview.chromium.org/2070813002
Cr-Commit-Position: refs/heads/master@{#37039}
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2077533002
Cr-Commit-Position: refs/heads/master@{#37037}
We report the byte offset as column number, but devtools assumes them
to be 1-based and subtracts one unconditionally before further
processing it. It's a bit unfortunate, but because of that we have to
just add 1 to the reported column number on the public StackTrace API.
R=ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2071563002
Cr-Commit-Position: refs/heads/master@{#37036}
This makes sure exception reporting done by the debug shell behaves
gracefully even near the stack limit. When line number determination
fails we just fallback to not printing source information.
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-620253
BUG=chromium:620253
Review-Url: https://codereview.chromium.org/2069543007
Cr-Commit-Position: refs/heads/master@{#37031}
Reason for revert:
As discussed offline with Toon, this is not the correct fix here.
Original issue's description:
> [turbofan] Properly handle dictionary maps in the prototype chain.
>
> Dictionary prototypes don't have stable maps, but still don't matter for
> element access. Generalized the JSNativeContextSpecialization a bit to
> handle everything that Crankshaft can handle in this regard.
>
> R=jarin@chromium.org
> BUG=chromium:616709
>
> Committed: https://crrev.com/1c7bdc7f6f4d9512f4982590bd949f265ee9c8c3
> Cr-Commit-Position: refs/heads/master@{#37019}
TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616709
Review-Url: https://codereview.chromium.org/2076493002
Cr-Commit-Position: refs/heads/master@{#37029}
Those were wrongly translated from gyp with ia32. This should
land before renaming v8_target_arch to v8_target_cpu.
BUG=chromium:620527
NOTRY=true
TBR=vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2065323004
Cr-Commit-Position: refs/heads/master@{#37027}
Dictionary prototypes don't have stable maps, but still don't matter for
element access. Generalized the JSNativeContextSpecialization a bit to
handle everything that Crankshaft can handle in this regard.
R=jarin@chromium.org
BUG=chromium:616709
Review-Url: https://codereview.chromium.org/2067423003
Cr-Commit-Position: refs/heads/master@{#37019}
The patch introduces a dedicated dispatching class for JIT code events. It is
set as a helper on the isolate.
This allows classes across v8 to break their dependency on Logger and CpuProfiler.
These two became just regular clients of the dispatcher.
BUG=v8:4789
Review-Url: https://codereview.chromium.org/2061623002
Cr-Commit-Position: refs/heads/master@{#37005}
This CheckBounds simplified operator is similar to the HBoundsCheck in
Crankshaft, and is hooked up to the new type feedback support in the
SimplifiedLowering. We use it to check the index bounds for keyed
property accesses.
Note to perf sheriffs: This will tank quite a few benchmarks, as the
operator makes some redundant branch elimination ineffective for
certain patterns of keyed accesses. This does require more serious
redundancy elimination, which we will do in a separate CL. So ignore
any regressions from this CL, we know there will be a few.
R=jarin@chromium.org
BUG=v8:4470,v8:5100
Committed: https://crrev.com/85e5567dae66a918500ae94c5568221137a0f5d4
Review-Url: https://codereview.chromium.org/2035893004
Cr-Original-Commit-Position: refs/heads/master@{#36947}
Cr-Commit-Position: refs/heads/master@{#37003}
These simplified operators are used to perform the hole checks when
loading elements from a holey array. Depending on the CheckHoleMode,
they either return the hole as undefined or some NaN, or deoptimize
if the value is the hole or the hole NaN.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2066223002
Cr-Commit-Position: refs/heads/master@{#37001}
This is to make sure the test in question does not run out of stack
space during bootstrapping on any configuration. Our fuzzers take the
test an run it against a broad spectrum of configuration. The new size
of 100 is used throughout our test suite as "the smallest" stack size.
R=jkummerow@chromium.org
TEST=mjsunit/regress/regress-1132
BUG=chromium:619744
Review-Url: https://codereview.chromium.org/2068993002
Cr-Commit-Position: refs/heads/master@{#36995}
Adds an evacuation mode that allows moving pages within new space without
copying objects.
Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge
Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.
BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/1957323003
Cr-Commit-Position: refs/heads/master@{#36990}
Named capture groups may be specified using the /(?<name>pattern)/u
syntax, with named backreferences specified as /\k<name>/u. They're
hidden behind the --harmony-regexp-named-captures flag, and are only
enabled for unicode regexps.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2050343002
Cr-Commit-Position: refs/heads/master@{#36986}
Now that we have the PlainPrimitiveToNumber operator(s), we can unify
all the places where we expect a number, but can also safely handle any
plain-primitive (via ToNumber truncation).
Drive-by-fix: Also handle Math.min consistently with Math.max.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2064953004
Cr-Commit-Position: refs/heads/master@{#36984}
The last 4 test cases in test/cctest/wasm/test-run-wasm-asmjs.cc added by the CL 36911 (https://codereview.chromium.org/2061583002) use float_t and double_t type for WasmRunner.
For examples: At line 249: WasmRunner<float_t> r(&module, MachineType::Uint32());
But float_t and double_t depends on FLT_EVAL_METHOD macro of compiler. FLT_EVAL_METHOD is variant on different platform, if the FLT_EVAL_METHOD is 2, both float_t and double_t will be long
double and gcc or clang will met error when compiling WasmRunner<long double> r(&module,MachineType::Uint32());
For more details, please refer:
float_t: http://www.cplusplus.com/reference/cmath/float_t/
FLT_EVAL_METHOD: https://en.wikipedia.org/wiki/C99 check the IEEE 754 floating point support section directly.
This CL used float and double to replace float_t and double_t to avoid this issue.
BUG=
Review-Url: https://codereview.chromium.org/2066703003
Cr-Commit-Position: refs/heads/master@{#36982}
The modifications were necessary to properly represent asm types:
1) fround is no longer an overloaded function.
2) the constructor for MinMaxTypes now takes a return type.
3) Adds pseudo-types for representing the Load/Store types for fp heap views.
BUG=
Review-Url: https://codereview.chromium.org/2069443002
Cr-Commit-Position: refs/heads/master@{#36980}
Reporting use counts by invoking a callback once per occurrence has
a large overhead cost in certain situations, for example when it needs
to be dispatched to a different thread (which is the case for Web Workers).
Parsing large scripts can produce a lot of occurrences (strict/sloppy mode
once per function).
Chromium (the only known user of UseCounters so far) does not actually care
about number of occurrences, but simply whether they happened at least once.
This commit changes behavior to report features at most once, which dramatically
improves performance for impacted use cases, and should not affect the only
known real world usage.
R=littledan@chromium.org
BUG=chromium:614775
Review-Url: https://codereview.chromium.org/2062203002
Cr-Commit-Position: refs/heads/master@{#36979}
Support for relocatable globals, to facilitate compilation before
instantiation.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2062003002
Cr-Commit-Position: refs/heads/master@{#36978}
The former will handle loads of predeclared global variables (vars and
functions), lets, consts and undeclared variables. The latter will handle
named loads from explicit receiver. In addition, named loads does not
depend of the TypeofMode.
TypeofMode related cleanup will be done in the follow-up CL.
BUG=chromium:576312
LOG=Y
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1912633002
Cr-Commit-Position: refs/heads/master@{#36965}
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2060273003
Cr-Commit-Position: refs/heads/master@{#36963}
Reason for revert:
Cannot reproduce gc-stress failures locally.
Original issue's description:
> Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )
>
> Reason for revert:
> failing tests
>
> Original issue's description:
> > Replace all remaining Oddball checks with new function
> >
> > This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> > The new method all take the isolate as parameter.
> >
> > BUG=
> >
> > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> > Cr-Commit-Position: refs/heads/master@{#36921}
>
> TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1
> Cr-Commit-Position: refs/heads/master@{#36923}
TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2059173002
Cr-Commit-Position: refs/heads/master@{#36957}
This moves common configs used by all v8 targets into
common templates.
This also fixes using v8_optimized_debug correctly in
executables and components.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2054803003
Cr-Commit-Position: refs/heads/master@{#36956}
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.
BUG=
Review-Url: https://codereview.chromium.org/2060233002
Cr-Commit-Position: refs/heads/master@{#36950}
This CheckBounds simplified operator is similar to the HBoundsCheck in
Crankshaft, and is hooked up to the new type feedback support in the
SimplifiedLowering. We use it to check the index bounds for keyed
property accesses.
Note to perf sheriffs: This will tank quite a few benchmarks, as the
operator makes some redundant branch elimination ineffective for
certain patterns of keyed accesses. This does require more serious
redundancy elimination, which we will do in a separate CL. So ignore
any regressions from this CL, we know there will be a few.
R=jarin@chromium.org
BUG=v8:4470,v8:5100
Review-Url: https://codereview.chromium.org/2035893004
Cr-Commit-Position: refs/heads/master@{#36947}
This CL introduces the new type system for the ASM
type-checker/validator.
BUG=
Review-Url: https://codereview.chromium.org/2045703007
Cr-Commit-Position: refs/heads/master@{#36942}
Reason for revert:
This is going to break the LayoutTest inspector-protocol/console/console-let-const-with-api.html as seen in https://build.chromium.org/p/tryserver.v8/builders/v8_linux_blink_rel/builds/2247 . Please run this test manually, using instructions at https://www.chromium.org/developers/testing/webkit-layout-tests , and fix on the Chrome side if needed before resubmitting this patch.
Original issue's description:
> change most cases of variable redeclaration from TypeError to SyntaxError.
>
> Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
> (this caused a test262 failure.). However, the code `eval("function NaN() {}");`
> should actually throw a TypeError. This patch changes most cases of
> redeclaration errors from TypeError to SyntaxError. See the test
> mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
> references.
>
> The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
> ES#sec-evaldeclarationinstantiation
>
> BUG=v8:4955
> LOG=y
>
> Committed: https://crrev.com/2b787561763d0f7e8dab698652715a742cf78291
> Cr-Commit-Position: refs/heads/master@{#36940}
TBR=adamk@chromium.org,jwolfe@igalia.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4955
Review-Url: https://codereview.chromium.org/2064793002
Cr-Commit-Position: refs/heads/master@{#36941}
Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.
The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation
BUG=v8:4955
LOG=y
Review-Url: https://codereview.chromium.org/2048703002
Cr-Commit-Position: refs/heads/master@{#36940}
This patch declares a new rest parameter for the derived constructor,
and passes it to base constructor after calling PrepareSpreadArguments.
This patch also updates the test262.status to account for
the now passing test.
BUG=v8:4890
Review-Url: https://codereview.chromium.org/2056993004
Cr-Commit-Position: refs/heads/master@{#36939}
It seems that I forgot to remove the DCHECK when refactoring this
function, even though the comment had it right. It also seems that
this is hard to trigger. The minimal example I found, after fuzzer's
bug, was:
eval, x[eval]
R=adamk@chromium.org
BUG=chromium:619476
LOG=N
Review-Url: https://codereview.chromium.org/2058413002
Cr-Commit-Position: refs/heads/master@{#36929}
Reason for revert:
failing tests
Original issue's description:
> Replace all remaining Oddball checks with new function
>
> This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> The new method all take the isolate as parameter.
>
> BUG=
>
> Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> Cr-Commit-Position: refs/heads/master@{#36921}
TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2060213002
Cr-Commit-Position: refs/heads/master@{#36923}
This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
The new method all take the isolate as parameter.
BUG=
Review-Url: https://codereview.chromium.org/2043183003
Cr-Commit-Position: refs/heads/master@{#36921}
Array.prototype.sort would not work properly on sloppy arguments of size > 2.
BUG=chromium:618613
Review-Url: https://codereview.chromium.org/2051413004
Cr-Commit-Position: refs/heads/master@{#36920}
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no
longer assume that the strict arguments object being allocated will fit
into new-space. The case where said object needs to move to large object
space is now handled in the runtime.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-614727
BUG=chromium:614727
Review-Url: https://codereview.chromium.org/2054853002
Cr-Commit-Position: refs/heads/master@{#36917}
Import base::ieee754::atan() and base::ieee754::atan2() from fdlibm and
introduce Float64Atan and Float64Atan2 TurboFan operators based on those,
similar to what we already did for Float64Log and Float64Log1p. Rewrite
Math.atan() and Math.atan2() as TurboFan builtin and use the operators
to also inline Math.atan() and Math.atan2() into optimized TurboFan functions.
R=yangguo@chromium.org
BUG=v8:5086,v8:5095
Review-Url: https://codereview.chromium.org/2065503002
Cr-Commit-Position: refs/heads/master@{#36916}
Import base::ieee754::log1p() from fdlibm and introduce a Float64Log1p
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.log1p() as TurboFan builtin and use that operator to also
inline Math.log1p() into optimized TurboFan functions.
Also unify the handling of the special IEEE 754 functions somewhat in
the TurboFan backends. At some point we can hopefully express this
completely in the InstructionSelector (once we have an idea what to do
with the ST(0) return issue on IA-32/X87).
Drive-by-fix: Add some more test coverage for the log function.
R=yangguo@chromium.org
BUG=v8:5086,v8:5092
Review-Url: https://codereview.chromium.org/2060743002
Cr-Commit-Position: refs/heads/master@{#36914}
We were able to achieve our goals for register allocation independent of
the allocation algorithm. Performance data so far is inconclusive re. the
value of the Greedy algorithm, compared to the particular Linear Scan
implementation we're currently using, and the performance measurement
techniques we currently use are too imprecise to help with this matter.
Retiring the algorithm to lower maintenance and evolution cost (e.g. lower
cost of adding aliasing support). Once we improve benchmarking stability,
and establish a suite sensitive enough for codegen improvement studies,
we may revive the algorithm, should the need arise.
BUG=
Review-Url: https://codereview.chromium.org/2060673002
Cr-Commit-Position: refs/heads/master@{#36912}
MemoryOperands, on IA32. This needed to be fixed so that we can
compile wasm code before creating instances, since the compiled code
needs to be patched up for memory and globals references.
This surfaces in asm-to-wasm scenarios.
Added testing (rather, enhanced existing tests).
Note patch#1 where we fail on ia32, and patch#2 with the fix.
BUG=v8:5072
Review-Url: https://codereview.chromium.org/2061583002
Cr-Commit-Position: refs/heads/master@{#36911}
It is expected that temporarily used strings die while they are
in new heap. So we can avoid to pay a heavy cost to externalize
them. If they are used for times, externalization will happen
when they move to an old heap.
BUG=chrmoium:606093
Review-Url: https://codereview.chromium.org/2046933002
Cr-Commit-Position: refs/heads/master@{#36907}
This patch adds a test for async/await analogous to a previous Promise test.
It also fixes a typo in promise.js and makes a previous Promise test more
correct by ensuring that all assertions run before completion, fixing the
test expectations for the real result (which seems correct).
BUG=v8:4483
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2037653002
Cr-Commit-Position: refs/heads/master@{#36903}
In commit b3bfc0bd58, I corrected the source
position of yield-exceptions by not setting the "return position" on returns
that correspond to yields. It turns out that this caused a bug with debug
stepping. The proper fix is to keep the return position on those returns but
additionally attach the yield's source position to the Throw emitted in
VisitYield.
R=rmcilroy@chromium.org, yangguo@chromium.org
BUG=v8:4907
Review-Url: https://codereview.chromium.org/2051783002
Cr-Commit-Position: refs/heads/master@{#36896}
after the first GC if time allows and there is memory to be freed.
BUG=chromium:618958
LOG=NO
Review-Url: https://codereview.chromium.org/2057103002
Cr-Commit-Position: refs/heads/master@{#36894}
This should solve the problem with missing checkpoints after JSToNumber
(PlainPrimitiveToNumber is marked no-write, so the frame-state
propagation should see through it.)
Unfortunately, this also duplicates the word32- and float64-truncation
magic that we have for JSToNumber in "simplified lowering".
Review-Url: https://codereview.chromium.org/2059653002
Cr-Commit-Position: refs/heads/master@{#36881}
This switches Math.log to use an fdlibm based version of log, imported
as base::ieee754::log, and use that consistently everywhere, i.e. change
the Float64Log TurboFan operators on Intel to use the C++ implementation
as well (same for Crankshaft).
R=yangguo@chromium.org
BUG=v8:5065,v8:5086
Review-Url: https://codereview.chromium.org/2053893003
Cr-Commit-Position: refs/heads/master@{#36880}
We ported hashmap.h into libsampler as a workaround before, so the main focus of
this patch is to reduce code duplication. This patch moves the hashmap into
src/base as well as creates DefaultAllocationPolicy using malloc and free.
BUG=v8:5050
LOG=n
Review-Url: https://codereview.chromium.org/2010243003
Cr-Commit-Position: refs/heads/master@{#36873}
There are no ICs left that store their state in this field: vector based
ICs use feedback vector and the rest three (BinaryOpIC, CompareIC and
ToBooleanIC) reconstruct their state from the ExtraICState field.
This CL also removes unused InlineCacheState::DEBUG_STUB which was used
mostly in Code::is_debug_stub(). The latter now checks if the code is one
of the debug builtins instead.
BUG=chromium:618701
LOG=Y
Review-Url: https://codereview.chromium.org/2052763003
Cr-Commit-Position: refs/heads/master@{#36871}
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.
Review-Url: https://codereview.chromium.org/2051113002
Cr-Commit-Position: refs/heads/master@{#36870}
Only look at the --ignition-generators flag when determining whether to use
Ignition (in compiler.cc). In generator runtime functions, instead of looking
at the flag, determine the generator kind based on whether the generator has a
bytecode array. This allows compiling some generator function using
full-codegen and others using Ignition, e.g when using --ignition-filter.
R=mstarzinger@chromium.org
BUG=chromium:618657,v8:4907
Review-Url: https://codereview.chromium.org/2052873002
Cr-Commit-Position: refs/heads/master@{#36864}
With this change the bytecode array builder only emits expression
positions for bytecodes that can throw. This allows more peephole
optimization opportunities and results in smaller code.
BUG=v8:4280,chromium:615979
LOG=N
Review-Url: https://codereview.chromium.org/2038323002
Cr-Commit-Position: refs/heads/master@{#36863}
This test gets slower with tsan when the print() calls
in the tests are deleted. It is also only very slow with
crankshaft not with turbofan, but we have no config atm
to only run it with turbofan.
TBR=ishell@chromium.org, ahaas@chromium.org
NOTRY=true
Review-Url: https://codereview.chromium.org/2049993003
Cr-Commit-Position: refs/heads/master@{#36859}
The optimization stages in the bytecode generation pipeline must
preserve source position information. Failure to preserve
source position information could result in single stepping
in the debugger misbehaving or mis-reporting in exception stack traces.
This change adds tests intended to check optimizations do not damage
source position info.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2042633002
Cr-Commit-Position: refs/heads/master@{#36855}
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.
R=bmeurer@chromium.org
BUG=v8:5066
Review-Url: https://codereview.chromium.org/2045193002
Cr-Commit-Position: refs/heads/master@{#36852}
Now they use a proper way of checking if the snapshot is available or not.
Review-Url: https://codereview.chromium.org/2054693002
Cr-Commit-Position: refs/heads/master@{#36844}
When walking up the prototype chain during OrdinaryHasInstance, we first
check if the current prototype equals the expected one, and only
afterwards check the current prototype against null. That's obviously
wrong if we check something like Proxy, whose prototype is null.
R=yangguo@chromium.org
BUG=v8:5085
Review-Url: https://codereview.chromium.org/2041103007
Cr-Commit-Position: refs/heads/master@{#36840}
Adding properties to prototypes is faster when we don't force their
maps into fast mode yet. Once a prototype shows up in the IC system,
its setup phase is likely over, and it makes sense to transition it
to fast properties.
This patch speeds up the microbenchmark in the bug by 20x.
Octane-Typescript sees a 3% improvement.
BUG=chromium:607010
Review-Url: https://codereview.chromium.org/2036493006
Cr-Commit-Position: refs/heads/master@{#36828}
This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.
The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.
BUG=chromium:616033
LOG=y
Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}
Also, make %GeneratorGetSourcePosition fail if called on a suspended Ignition generator
(rather than return nonsense). This functionality is currently not implemented.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/2049663002
Cr-Commit-Position: refs/heads/master@{#36822}
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.
R=verwaest@chromium.org
BUG=v8:5066
Review-Url: https://codereview.chromium.org/2041353003
Cr-Commit-Position: refs/heads/master@{#36815}
This reverts commit d3a43e47dd.
This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.
This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).
BUG=chromium:579905, chromium:593634, v8:4085, v8:5073
Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}
Ideally we would have a dedicated MachineRepresentation for Smis during
representation selection and use that to properly optimize ObjectIsSmi
(and other ObjectIs<Type> predicates), but that will take some time to
get that done. So in the meantime we can just do simple (local) strength
reduction on ObjectIsSmi to avoid Smi checks in the simplest cases at
least.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2047213002
Cr-Commit-Position: refs/heads/master@{#36809}
Reason for revert:
Needs fixing of slot set.
Original issue's description:
> [heap] Uncommit unused large object page memory.
>
> As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.
>
> BUG=
>
> Committed: https://crrev.com/d61a5c376ba51145dc4684e39d5d3a9ce75bcfa6
> Cr-Commit-Position: refs/heads/master@{#36763}
TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2043263002
Cr-Commit-Position: refs/heads/master@{#36807}
In Crankshaft we don't know reliably know that an HAdd might not turn
into a string addition later (via deoptimization), so we cannot set the
HValue::kAllowUndefinedAsNaN flag on the HAdd instruction in those
cases. It doesn't seem to affect performance if we just remove the flag
completely from the HAdd instruction, so let's stick to that approach
for now.
R=jarin@chromium.org
BUG=v8:5074
Review-Url: https://codereview.chromium.org/2048643002
Cr-Commit-Position: refs/heads/master@{#36805}
backing store.
Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
are processed by the sweeper concurrently.
BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
Review-Url: https://codereview.chromium.org/2036643002
Cr-Commit-Position: refs/heads/master@{#36798}
