This is a reland of commit 7caf58b5fd
Fixes:
- Do not free empty blocks when sweeping is running as Oilpan
destructors may invoke Reset() which requires a block to work.
- List remove while iterate.
Original change's description:
> [handles] Return node blocks for traced handles
>
> Return empty node blocks back to the OS. Keep one block around to
> support local allocation/deallocation patterns for up to 256 nodes.
>
> Bug: v8:13372
> Change-Id: Ib9e3a1b9a70fa4ad2b52e8479cc46e3c7316cd18
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973270
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84011}
Bug: v8:13372
Change-Id: I83de3335ee7678dca14397a08ae69442f7325cdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000483
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84068}
We have to change the receiver mode to Any when adapting the call
arguments for FunctionPrototypeCall.
Bug: v8:7700
Change-Id: Idfb4773565bb6128a617e27fd96246c479342691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003042
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84067}
We were moving the char_code value into a scratch register before calling StringFromCharCode, in case it aliases the result register and
is clobbered by result allocation.
However, there is also a fast direct jump into StringFromCharCode for
one-byte strings. This jump will jump over the move into the scratch
register.
Instead, pass the scratch register into StringFromCharCode explicitly,
and let it do the moving of the char_code where necessary.
Additionally, move around some debug code asserts to increase their
coverage.
Bug: v8:7700
Change-Id: I5e5800ac643cae3efef35be181d02770c14a3020
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003077
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84066}
Do not use the {ValidateFunctionBody} method on the Decoder, but
{wasm::ValidateFunctionBody} directly.
The {ValidateFunctionBody} method will be removed in a follow-up CL.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: Iec88a0fe01a08fe6c8482d8cbf65f04984454ba2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004868
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84065}
We're migrating Chrome tracing to Perfetto SDK, which requires
the timestamp type to be uint64_t. This CL fixes compilation
errors when building with v8_use_perfetto = true.
Bug: chromium:1006766
Change-Id: I25e872a049bb8537c695fe7a7c0987349d543854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003198
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
Cr-Commit-Position: refs/heads/main@{#84064}
We were validation while decoding the code section. There is no
performance benefit in doing so, and decoupling this allows us to
parallelize validation in a second step.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: I061946f0bfd4829685cd25783c932d0ade38c6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003159
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84060}
Also:
- Rename InlineBuiltin to ReduceBuiltin
- Create a list of supported builtin and have separated
TryReduce functions for each.
Bug: v8:7700
Change-Id: Ife4c730b8d4e5fe74c2c1fd80adceb828c238b78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004404
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84058}
Fixes doubly-linked list management.
Drive-by: Refactor some accessors to be more readable.
Bug: v8:13372
Change-Id: Idb057ad8d719230c2b9b7495d7bcaf8ad34bc8f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004718
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84057}
Rather than encoding clobbering with a separate reglist, use the
concept of being "free and blocked" for clobbering. This makes sure that
clobbered registers are not used in later input allocations, and that
two clobbering inputs don't alias. Probably in the future we want to
process clobbering inputs first, before non-clobbering ones, to make
sure that no clobbering input can alias a non-clobbering input (even if
the non-clobbering input is an earlier one).
Also add some documentation to RegisterFrameState to explain these
different states.
Bug: v8:7700
Change-Id: I328e707539be301db50a29f606c15e7eddfe778b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003160
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84056}
Rolling v8/build: c977012..1119b5a
Rolling v8/buildtools: 33b52ea..404e2d0
Rolling v8/buildtools/third_party/libc++/trunk: fc6bbc5..08ea445
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3ffa6b2..67ccd32
Rolling v8/third_party/depot_tools: b52683f..7738a7a
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221102.0.1..version:10.20221103.1.1
Rolling v8/third_party/zlib: cff7208..74a5a82
Rolling v8/tools/clang: b147cbb..e95c0f2
Rolling v8/tools/luci-go: git_revision:765f51c332c38e9b8d7981f23640b9df59371cd5..git_revision:f8f64a8c560d2bf68a3ad1137979d17cffb36d30
Rolling v8/tools/luci-go: git_revision:765f51c332c38e9b8d7981f23640b9df59371cd5..git_revision:f8f64a8c560d2bf68a3ad1137979d17cffb36d30
Change-Id: I727dafa0d459fbe62b3d924be10b546ed0403e45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003583
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84055}
It's possible that memory stats access the byte length right after
a JSArrayBuffer object has been allocated but before it's attached to a
BackingStore.
Regression test omitted, since triggering this corner case is tedious.
Bug: v8:11111,chromium:1378318
Change-Id: Id2ad4b5a2a044dbea86eb2f9509348884e34876b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001521
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84053}
Objects in the shared heap do not have a usable Isolate (i.e. it cannot
execute code or have HandleScopes). PropertyIterator should be using the
currently executing Isolate via the Context instead.
Bug: chromium:1379616
Change-Id: I7ac87519ef4aa901ef7b71e00f98c2cba66e725b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3997702
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84052}
A failing memory bounds check is a debugging event. At debugging events
the value stack is observable and therefore has to match the speced
value stack. In Atomic.Wait the value stack got modified before the
bounds. With this CL memory bounds check gets moved to the beginning.
R=clemensb@chromium.org
Bug: chromium:1380498
Change-Id: I4a5fe4d49f05d5376cb717f3dc7ecca4fdcbd998
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998816
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84051}
Tests the disassembler output for all instructions and section types
from Wasm MVP (extensions such as reference types, SIMD, name section,
etc. will come in separate CL(s) and module(s), since they contain a
lot of additional instructions).
Also fixes a small issue in `MultiLineStringBuilder` found by ASAN.
The test checks the output of the disassembler against the text input
given to `wat2wasm` which generates the module given to the
disassembler.
The module in this test includes all non-extension instructions from
https://webassembly.github.io/spec/core/appendix/index-instructions.html
and module sections from
https://webassembly.github.io/spec/core/text/modules.html
at least once (and sometimes multiple times in case there are
variants).
Change-Id: Iaa8791cfc51431fb436f42b98604e83cd9258d06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001769
Auto-Submit: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84050}
... using a CallArguments class that abstract receiver and
interpreter register logic.
Bug: v8:7700
Change-Id: I06e3fed2700c0e1bde5e0802889e9c05ebc55257
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003217
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84049}
for-in enumeration creates an EnumCache, which is currently incorrectly
allocated in the per-thread heap. This CL preallocates the enum cache at
SharedStructType-creation time.
Also drive-by fixes typos in the enum cache code.
Bug: v8:12547, chromium:1379616
Change-Id: I1930f88844eca5ccfeebd8dfdcce4ad0bd80ee38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3997701
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84047}
Make sure to try to unpark when printing nodes, so that
--trace-maglev-regalloc can print nodes with object parameters.
Bug: v8:7700
Change-Id: I7db87f824bef7825b37b489e6ede2e8cea717e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4002689
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84046}
Add a small local optimisation for parallel moves from a stack slot,
which tries to cache the stack slot value on a target register before
moving it, and otherwise only saves it to the scratch register once.
Bug: v8:7700
Change-Id: I8074732ca03c3f7fc71aed2b4f7cc926d4e157ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001771
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84044}
This CL partially reverts https://crrev.com/c/2731527.
When we bootstrap a new context we need to force instantiate lazy
accessors so the debugger is able to set breakpoints on them.
Normally this happens automatically when we instantiate function
templates that have the "BreakAtEntry" bit set on them, but context
snapshots are just deserialized.
This means we need to do a heap walk and instantiate any lazy
accessor that we find and install the `DebugBreakTrampoline` should
the accessor require it.
Note that we keep the fix from the original CL: Instantiate
accessors only once and keep using that JSFunction.
R=bmeurer@chromium.org, leszeks@chromium.org
Bug: chromium:1368554
Change-Id: I4acde361ac021b082af62e895a7f43fd54de95f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001520
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84041}
Change the test helper, %PrepareFunctionForOptimization, to permanently
mark functions for manual optimization (rather than being marked only up
to their next optimization). These functions will now never be heuristic
optimized, and will always require tier-up via intrinsics.
This prevents variants with low interrupt budgets from messing with
tests that are carefully controlling optimization state across
multiple optimisations, as well as simplifying the mechanism since we
no longer have to maintain the state machine of 'function state'.
Change-Id: I9a45312c70ba4a03b57924c3b3ee17e892ede5a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990787
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84038}
Above binaries do not exist on infra repositories for ppc/s390 and
cause errors while fetching V8.
Change-Id: I300127a71fc7c43426bc2140b5f24a63fa4a0c11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3992966
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#84037}
This CL introduces the mechanism for conservative stack scanning (CSS).
Behind a compile-time flag, it also introduces a CSS pass which scans
the stack during the GC marking phase and marking verification. This
pass is now redundant, i.e., it is not needed for the correctness of
garbage collection. It will be used for experimenting with CSS and for
benchmarking.
Bug: v8:13257
Change-Id: If35bc24fde3bc08c5735d9e2f1b67724f7e31ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968710
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84036}
In release builds the name will only be used for producing an error
message. For decoder instantiations that do not run full validation, it
is thus never used. Eliminating the unused parameter (by passing an
empty object instead) saves >3kB of binary size on x64, and also makes
the decoder slightly faster.
Drive-by: Inline {validate_size} into the only caller to simplify the
code.
R=ahaas@chromium.org
Change-Id: If50a118789c3e9c56ee24b68f35fdd3920e59e9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998815
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84035}
HeapHandle is an opaque handle that refers to the internal
implementation of the heap and as such should never be used by value.
Bug: v8:13429
Change-Id: I1c369911adfc623fe2c32f06b985a5d8accc0e55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000485
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84034}
These registers are not live at the end of a node codegen,
so it usually does not need to be included in the snapshot.
Bug: v8:7700
Change-Id: Ie5b8d936842db1377f9ae3b11665ff5e552f04d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000701
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84033}
V8 implements accessors defined in C++ via FunctionTemplates in a lazy
manner. When userland JS uses the accessor, V8 calls the corresponding
C++ code directly. Only when the user JS obtains a reference to the
function object itself (e.g. via Reflect.getOwnPropertyDescriptor) does
V8 instantiate a JSFunction object.
This makes breakpoint logic tricky. The debugger requires a JSFunction
when the user wants to set a breakpoint on such an accessor.
There is already some logic in place that forces instantiation of
accessors with a breakpoint on them.
Unfortunately that logic forgot to also install the
"DebugBreakTrampoline" on the instantiated JSFunction that will
actually pause execution. This CL fixes that.
Note that this is not the whole fix. Contexts deserialized from
snapshots need a heap walk that also forces instantation of the
accessors.
R=bmeurer@chromium.org
Bug: chromium:1368554
Change-Id: I346f614f380859b6419ae1df0ec6b0ca8234120a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000702
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84032}
The {WasmOpcodes::Signature} method dispatches on the prefix byte.
Adding assumptions about opcode ranges in the decoding functions for
prefixed opcodes avoids this dispatch, and might also enable more such
small optimizations.
R=ahaas@chromium.org
Change-Id: Ice18b7b0e6fb71023c532422f2e8655837428d5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990654
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84031}
Context slot loads don't participate in the existing load elimination
mechanism, which is keyed by Name, so add another load elimination
mechanism specifically for context slots.
Bug: v8:7700
Change-Id: Ie39b3e42e3d6ae3841c239e271e67adc495d3f89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990846
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84030}
The idea is that later maglev-ir.cc would invoke higher
level macros (AllocateString, CharCodeAt, etc)
and these inline computations can then be shared.
Bug: v8:7700
Change-Id: Icb279cc335515263e1ec29c61ba318f33143f9b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000484
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84029}
`LoadMap` calls `Load` and `Int32Constant`, which are machine
operators. While doing this in the frontend is somewhat supported, it
should be protected with EnterMachineGraph/ExitMachineGraph. So far
this doesn't seem to have broken anything, but we're not confident
that this will always work.
Rather than going through the complexity adding the
Enter/ExitMachineGraph nodes, I've removed the LoadMap to use a simple
LoadField instead.
Bug: chromium:1377775
Change-Id: I0ff5fe44e7b4827cf2c249f17a6deec8b4e2d4d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998812
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84027}
Std hash tables where keys are HeapObjects which can be both Code and
non-Code objects must use Object::KeyEqualSafe equality comparator.
Bug: v8:11880
Change-Id: Ib6b04ffc1eb8cb42ef0ba54a37707a7144819a4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990967
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84025}
Rolling v8/build: dad0f9c..f75f7c9
Rolling v8/buildtools: 74edfb8..33b52ea
Rolling v8/buildtools/third_party/libc++/trunk: 37a5b4f..fc6bbc5
Rolling v8/third_party/depot_tools: 6f2321d..1adbbff
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221028.1.1..version:10.20221102.0.1
Rolling v8/third_party/instrumented_libraries: 7410f80..a8992bf
Rolling v8/tools/clang: 38497db..b147cbb
Rolling v8/tools/luci-go: git_revision:50ab33853a8b220162f851dcb74a1519e106b3df..git_revision:765f51c332c38e9b8d7981f23640b9df59371cd5
Rolling v8/tools/luci-go: git_revision:50ab33853a8b220162f851dcb74a1519e106b3df..git_revision:765f51c332c38e9b8d7981f23640b9df59371cd5
Change-Id: Ie4b1116b75a88a0a7f64cd98aa4133ec37e9565e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000189
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84024}
More precisely: when imported globals shift the indices of non-imported
globals, fix OOB accesses when disassembling the latter.
This CL is a refactoring of crrev.com/c/3994346 by andih@google.com.
Fixed: chromium:1380432
Change-Id: Ib9e3b52e03b3004d5b703bf8e3f74815b476ebf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998659
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84023}
In a few places, shared structs currently incorrectly assume all storage
is in-object. This CL fixes those and rename
CSA::StoreJSSharedStructInObjectField to CSA::StoreSharedObjectField to
reflect the genericity.
Bug: v8:12547
Change-Id: I7c155b6bc584fbdcdbd484fda38f9f8a1940953d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3997700
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84022}
