Protectors trigger when special properties are modified or masked. Previously
we would check whether the property stored on the holder would invalidate the
protector. Stores to to the receiver rather than the holder, however, so this
CL changes holder for receiver, and adds additional checks that were missing.
Bug: v8:9466
Change-Id: I81bc3d73f91381da0d254e9eb79365ae2d25d998
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708468
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62805}
The destructor of the {WasmGCForegroundTask} can be called immediately
when scheduling that task (if the platform determines that the task can
never execute anyway). In that case, we deregister the task from the
wasm engine so we do not access it later (which would be UAF). This
deregistration leads to recursively taking a mutex now.
The only later access to the task happens to cancel the task. For this
purpose, we can also use the {CancelableTaskManager} of the isolate,
and avoid all code in the destructor. This should fix the reentrant
mutex, which leads to a DCHECK failure in debug builds and deadlock
in release builds.
R=mstarzinger@chromium.org
Bug: chromium:984970, v8:8217
Change-Id: I14f05a21ea961ecc391dc59af3b5eebf31e0f873
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706480
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62804}
With a write barrier, stores with negative offsets would allocate a temporary
register to hold the offset when the `str` instruction is able to encode it.
For instance, when writing the object map:
```
;; This could be 'str x2, [x5, #-1]'
movn x4, #0x0
str x2, [x5, x4]
and x16, x5, #0xfffffffffffc0000
ldr x16, [x16, #8]
tbnz w16, #2, #+0xba8 ; Jump out-of-line
```
The reason behind this is that the out-of-line code uses an 'add' instruction on
the offset to compute the field address, putting pressure on the instruction
selector to make sure the immediate fits in both 'str' and 'add'.
But, this is not necessary since the macro-assembler is able to turn the 'add'
into a 'sub' or use a temporary register if needed.
Change-Id: I8838e4b81a0c0c1f90aa3d67861a9da1a6dfed06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708471
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#62803}
This test fails in --stress-opt mode because backing stores of
memories/arraybuffers that are postMessage()'d leak in d8. In normal
mode, only ~16 memories are allocated, which is not enough to OOM,
but in stress mode, it can be 5x that number. Should be fixed
by upcoming ownership changes.
BUG=v8:9380
R=clemensh@chromium.org
Change-Id: Iecec07d15339cf43b23f128f13d570dfe3b32130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708475
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62802}
The multiplier should depend on the kTaggedSize.
Bug: v8:7703
Change-Id: I3a13e51d06c31b70f6191b23b1913e7bc35cdb8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708473
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62801}
If we flush the bytecode from a SFI we might recompile a JSFunction while the function
still has its old feedback vector. This should usually be fine since the new and old
feedback vectors have the same layout, however some bugs in the parser mean that it's
possible for eagerly and lazily compiled eval functions to have different bytecode and
so potentially different feedback vector layouts.
For now reset the feedback vector if it doesn't have the same size when we compile the
JSFunction, and recreate a new one of the correct layout. This will be replaced with a
CHECK once the parser bugs are fixed.
BUG=chromium:984344,v8:9511
Change-Id: Ib8976f2541516f7a07e4d4ab7dc3c750dfe9b5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708474
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62800}
This is a reland of 6805395d9b, after
resolving another issue.
Original change's description:
> Revert "Temporarily remove --concurrent-inlining from --future"
>
> This reverts commit 060b9ec4a8, as the
> issue has been resolved.
>
> Bug: v8:7790
> Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078
> Commit-Queue: Georg Neis <neis@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62713}
TBR=neis@chromium.org
Bug: v8:7790
Change-Id: Ibc5991787982197d08942eb067c83001d91050ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708472
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62799}
When the main thread contributes to an item parallel job and runs
an item parallel task, it currently emits a background GC trace event.
That is confusing and may lead to incorrect accounting of main thread
GC time. This patch fixes it by introducing a 'Runner' parameter
to ItemParalllelJob::Task::RunInParallel and emitting a foreground
GC event if the runner is the main thread.
Bug: v8:9508
Change-Id: I755751bfe9eef427666d5f16fb50aa6093059e80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706485
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62798}
With recent spec changes, table.copy of length 0 does not trap anymore,
and we copy backwards whenever src < dst.
R=binji@chromium.org
Change-Id: I48e2b65083565631abc41bf4fdf4971f80fdf440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706471
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62797}
.. by moving the element check forward. So that we skip try_fast path
when we have elements on the receiver.
Bug: chromium:977870,chromium:983982
Change-Id: Ib26fb3df215ffc5e0ac0c7e344a4239b845fe129
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697042
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62796}
We can save memory by only serializing a context chain to a
*required* depth if we know it.
Bug: v8:7790
Change-Id: I97d21f8cd7b56b26fddd95e00a26d5e520d96170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678358
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62795}
This is a reland of d4d28b73cb
Original change's description:
> [regexp] Call the regexp interpreter without CEntry overhead
>
> Previously all RegExp calls went through Runtime_RegExpExec when --regexp-interpret-all was set.
>
> This CL avoids the runtime overhead by calling into the interpreter directly from the RegExpExec Builtin when the regular expression subject was already compiled to ByteCode (i.e. after the first call).
>
> Bug: v8:8954
> Change-Id: Iae9dfcef3370b772a05b2942305335d592f6f15a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698391
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62753}
Bug: v8:8954
Change-Id: I1f0b6de9c6da65bcb582ddb41a37419116a5c510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706053
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@google.com>
Cr-Commit-Position: refs/heads/master@{#62794}
This is a reland of 13a04abacd
Original change's description:
> fix: move V8_EXPORT_PRIVATE marks to prevent unresolvable references
>
> This change fixes missing symbol errors in the Windows 10 on ARM build
> of Node.js.
>
> When a whole class is marked for export, all of its members are marked
> as well. This can be a problem when inline members call undefined yet
> inline members of other classes: the exported function will contain a
> reference to the undefined inline function that should be satisfied at
> link time, but because the other function is inline no symbol will be
> produced that will satisfy that reference.
>
> Clang gets around this by masking inlined class members from export
> using /Fc:dllexportInlines-. This is why b0a2a567 worked.
>
> Node.js' Windows builds use MSVC and so do not have access to this
> flag. This results in unresolved symbols at link time.
>
> Bug: v8:9465
> Change-Id: Ief9c7ab6ba35d22f995939eb62a64d6f1992ed85
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1696771
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62660}
Bug: v8:9465
Change-Id: Ib7f1d84e080929e3db1b2a2b001e8e08924f4da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703462
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62791}
Fixes BytecodeArray::ClearFrameCacheFromSourcePositionTable when used
with lazy source positions. This fixes
cctest/test-serialize/CachedCompileFunctionInContext when used with
--enable-lazy-source-positions and --stress-lazy-source-positions.
R=rmcilroy@chromium.org
Bug: v8:8510
Change-Id: I8c6e8fb944c87636307f62e8d738bfc72463a2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706487
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62790}
Specifically the SharedFunctionInfo and the NativeContext.
Bug: v8:7790
Change-Id: Idd1b1b4c7d8eee3ada42b99fee870dff46b631c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706472
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62789}
GCC compile issue in AIX: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61976
There is a gcc compile issue in AIX: Being passed by values may occur a
copy error, which can be avoided by being passed by reference. This is
why the old way of CallFrequency object 'being passed by values’ has
been changed to the new way of CallFrequency object 'being passed by
references' to avoid this issue.
Bug: v8:8193
Change-Id: I3f2e662a9ef5b641b6e978c3e91167bacc0d13d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1689027
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62788}
Adding two small builtins pushed this test over the OOM threshold,
so we disable it for now.
Bug: v8:9488
Change-Id: I6c0696c260cd8ef9e6ee59caec4848aab439fdf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706049
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62783}
If multiple isolates are involved, we can run OOM when creating many
wasm memories, because we only trigger GC in one isolate at a time.
TBR=titzer@chromium.org
No-Try: true
Change-Id: I037b5a13c670c5da2abe54b5045df94637c94f72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706484
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62782}
By having the proposal tests now as part of the wasm-spec-tests, we do
not need them here anymore.
R=clemensh@chromium.orgCC=binji@chromium.org
Change-Id: I2530a4d2e2e8caa6fe8ef4d7e7b8b6da550a5134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706475
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62778}
With this CL we add proposal tests to the wasm-spec-tests. For this I
extended the update-wasm-spec-tests.sh script. Additionally to
generating the spec tests it does the following:
For each proposal it identifies those tests that are different to the
spec tests, and then copies those tests also to the wasm-spec-tests
directory.
Additionally I adjusted the test runner of the wasm spec test to
run the proposal tests with the correct flags.
CC=binji@chromium.orgR=clemensh@chromium.org
Bug: v8:7581
Change-Id: Idb7aa3c0a468ddb65b2ef3421def836561579cd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706470
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62777}
It's sufficient to expose a run function and flags.
Bug: v8:7790
Change-Id: I956a545ddce9e469e6a6196a4b63d9e3a119526d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706469
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62774}
Turbofan can propagate truncation on BigInts in some cases, effectively
optimizing away BigIntTooBig exceptions in some (rare) cases. To prevent
the fuzzer from detecting this semantic difference from the interpreted
code, we crash the program on this exception if the runtime flag
FLAG_correctness_fuzzer_suppressions is set.
Bug: v8:9407
Change-Id: I3a2604a43b7d883ecdecc3125c1d0be859a09422
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702608
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62773}
This CL adds more stress-tests for both shared array buffers and
WebAssembly memories. Because of an existing memory leak that will
be fixed in upcoming CLs, some new tests are disabled.
R=mstarzinger@chromium.org
BUG=v8:9380
Change-Id: I2662e3d0a764a032a0c267b2d99e3ccd1a4951d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697252
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62770}
This reverts commit 5c6e407d9d.
Reason for revert: memory regression
Bug: chromium:982663
Original change's description:
> [heap] Spawn parallel scavenging task per page in the from space
>
> This makes the heuristic for computing the number of parallel tasks
> in Scavenger consistent with that in Mark-Compactor.
>
> The patch helps mobile devices where even 1 MB new space can take
> 10ms to scavenge.
>
> Change-Id: I979de5e8485b93808ea079af2756f53d9b720e10
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1685612
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62566}
TBR=ulan@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I046ba0297807ef66abc33241d8948c934fa78028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697245
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62769}
{do_raw_json} and {do_json} both read the log files to construct a dictionary of
stats.
This CL extracts that logic and eliminates code duplication
No-Try: true
Bug: v8:9448
Change-Id: I375920c25942a92cc12790ac60a4c7960cfd44b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706473
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62768}
Some architectures allow more than one code space to be reserved per
module. The strategy to allocate additional spaces seems suboptimal: We
allocate just enough for the one code allocation request which does not
fit in the existing space. This can lead to big numbers of reservations
being made.
Also, for lifting the 128MB code space limit on arm64, we will allocate
several code spaces also on x64 and arm64.
This CL introduces a new counter to measure the number of code spaces
per module, to see whether we have problems there already, and to track
that metric when implementing the mentioned change.
In order to update the respective counter, the {WasmCodeAllocator} now
also holds a shared pointer to the counters of the original isolate.
Those counters might live much longer than the isolate itself, which is
no problem and can already happen before this change.
R=mstarzinger@chromium.orgCC=jwd@chromium.org
Bug: v8:9477
Change-Id: I95e29b2d27f0414586246e2fa99d6761960a636b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704100
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62767}
Mark a couple of constructors as explicit and use the default
constructor instead of defining an empty body for PreParserSourceRange.
Bug: v8:9396
Change-Id: I60f891245543852d8250105ba7b89620c15204bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706052
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62766}
Maps have a hard limit of 256 (non-inclusive) for the instance size in
words. For the native context object, we are very close to this upper
bound. This CL removes a few unused fields to give us a bit of
breathing room (parts of which I will use in a follow-up CL).
Bug: v8:5577
Change-Id: I096a45e47661f78f6bf23d71cbc29100e6e0592b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706055
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62765}
Instantiating a JumpTableAssembler has some overhead (at least one heap
allocation), so use a single JumpTableAssembler to generate the whole
table, just as the lazy compile table.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I66622909ac06e6bda9fca3e71c83d4c9d1ded500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706054
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62762}
{json} command prints the results of benchmarks after aggregating it. This makes
accessing raw data for analysis, a tedious process.
This CL implements {raw-json} for accessing raw results.
TBR=ulan@chromium.org
No-Try: true
Bug: v8:9448
Change-Id: I7c00fc0eca23b8bd5c967db903f71c5b46eddea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706059
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62761}
Port 56eaec9https://crrev.com/c/1698393
Original Commit Message:
We had both jump slots and lazy compile slots in the same table. This
increases the space per slot to the maximum of the two, even though we
often do not use lazy compilation and could have smaller jump slots.
This CL splits the two into two separate tables. The lazy compile table
will only be created on demand, and will never be patched.
The jump table now only contains jumps, and is more compact (which
might improve performance because of improved locality).
Change-Id: I54a2985d777fd3fa30d420f5af27a3ddc79641b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703991
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#62759}
es6/classes.js is large and causes timeouts and OOM on some of the
configurations.
Bug: v8:9246
Change-Id: Iaabfc39dd8f9554e16f67d66ce64acd3dd56b9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704103
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62758}
This reverts commit d4d28b73cb.
Reason for revert: breaks TSAN bot:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/9526
Original change's description:
> [regexp] Call the regexp interpreter without CEntry overhead
>
> Previously all RegExp calls went through Runtime_RegExpExec when --regexp-interpret-all was set.
>
> This CL avoids the runtime overhead by calling into the interpreter directly from the RegExpExec Builtin when the regular expression subject was already compiled to ByteCode (i.e. after the first call).
>
> Bug: v8:8954
> Change-Id: Iae9dfcef3370b772a05b2942305335d592f6f15a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698391
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62753}
TBR=jgruber@chromium.org,petermarshall@chromium.org,pthier@google.com
Change-Id: I3257220c4359a3b801dd80e0eff6c4534d8badee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706050
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62757}
