And other cleanups to reuse computed function names, and use
EmbeddedVector instead of ScopedVector (stack allocated instead of heap
allocated).
R=titzer@chromium.org
Change-Id: Id293946dc9aa574e7d185ff23b87068bca74549f
Reviewed-on: https://chromium-review.googlesource.com/690474
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48332}
Array (subclass) constructor calls with 0 parameters are now properly
turned into inline allocations, also Array (subclass) constructor calls
with exactly one parameter, which is either known to not be a Number
or which is a known integer in the valid loop unrolling range.
Also refactor the general JSCreateArray lowering logic to properly
support Array subclasses, i.e. deal with inobject properties and
initial maps correctly.
This boosts performance of those cases significantly (and will allow
us to reduce the complexity of the Array constructor significantly
long-term). For example the simple case
new Array("a", "b", "c", "d", "e", "f", "g")
is now around 10x faster than before.
Bug: v8:6399
Change-Id: I70661971398524ee0c6a349ee559b98a962a6266
Reviewed-on: https://chromium-review.googlesource.com/703134
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48325}
Fix disassembly of atomic operations for the inspector.
BUG=v8:6842,v8:6532
Change-Id: I3701b55c28b10561d1726e2c0b9fe2e1b2c76b8e
Reviewed-on: https://chromium-review.googlesource.com/703468
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48324}
Power-of-two radixes were supported already; this adds all others
(with 2 <= radix <= 36).
Bonus: fix digit_div fallback path for divisors with no leading zeros.
Bug: v8:6791
Change-Id: Id472667f057ad13338e0d8257a899490490e6f8f
Reviewed-on: https://chromium-review.googlesource.com/693316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48323}
This adds a new simd lowering execution mode for
simd and re-enables the lowering tests
R=titzer@chromium.org,gdeepti@chromium.org,bbudge@chromium.org,mtrofin@chromium.org
BUG=v8:6020
Change-Id: Ice6b7ff2f5973804d379c88241d49b811429a965
Reviewed-on: https://chromium-review.googlesource.com/698928
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48322}
The code used to rely on all such loops having a block scope around
them, but that is no longer the case for loops whose loop variables
are VAR-declared.
This patch introduces a new DeclarationDescriptor::Kind for such
variables, and sets it during parsing, allowing the variable
declaration code to note them as assigned appropriately.
Bug: chromium:768158
Change-Id: I0cd60e8c8c735681be9dbb9344a93156af09c952
Reviewed-on: https://chromium-review.googlesource.com/701624
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48320}
This allows us to remove the loop while calculating the hash value and
just use the HashMask as the mask for ComputeIntegerHash. This
previously overflowed on 32-bit systems failing the Smi::IsValid
check.
Bug: v8:6404
Change-Id: I84610a7592fa9d7ce4fa5cef7903bd50b8e8a4df
Reviewed-on: https://chromium-review.googlesource.com/702675
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48319}
The default component for src/ was Blink>JavaScript>Runtime
before. Unfortunately this is only partly true and tools
that use the information in the OWNERS file often misassign
issues because of it.
R=machenbach@chromium.org
NOTRY=true
Change-Id: I81457da1394a410fd494702f206af69857109c1c
Reviewed-on: https://chromium-review.googlesource.com/701758
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48315}
At the moment we check only in the module-decoder if the sections in a
module appear at most once. The code section, however, we process
already before this check. With this CL we check that there is at most
one code section before we start processing it.
R=clemensh@chromium.org
TEST=WasmStreamingDecoderTest.TwoCodeSections
Bug: chromium:771916
Change-Id: Icc79d5a87ab39f450a35c688f74ea5e67cae4b3c
Reviewed-on: https://chromium-review.googlesource.com/702379
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48314}
This makes the test robust for stress GC flags.
Bug:
Change-Id: Ica65987f0ee09fbdb4aab233dea4c51db5b19459
Reviewed-on: https://chromium-review.googlesource.com/702436
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48313}
If sweeping is not making progress and there are many young generation
GCs happening, then this can lead to accumulation of memory chunks in
the unmapper queue.
Bug: chromium:771966
Change-Id: Ief73ada0d17198a80b668850c6d2e7ea413113e7
Reviewed-on: https://chromium-review.googlesource.com/702479
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48312}
This fixes some of the old legacy API that used empty Handle<>
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I861e31a4a6f65bc497bfc512174adba39c17abca
Reviewed-on: https://chromium-review.googlesource.com/701634
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48311}
Port f0acede9bb
Original commit message:
`This CL removes the weak-list of JS functions from the context
and all the code that iterares over it. This list was being used
mainly during deoptimization (for code unlinking) and during
garbage collection. Removing it will improve performance of
programs that create many closures and trigger many scavenge GC
cycles.
No extra work is required during garbage collection. However,
given that we no longer unlink code from JS functions during
deoptimization, we leave it as it is, and on its next activation
we check whether the mark_for_deoptimization bit of that code is
set, and if it is, than we unlink it and jump to lazy compiled
code. This check happens in the prologue of every code object.
We needed to change/remove the cctests that used to check
something on this list.
Working in x64, ia32, arm64, arm, mips64 and mips.`
On mips64 big endian flags are in upper part of register.
Bug:
Change-Id: Ib2f171f9c14e49c64dec31299dcf30496bfcf782
Reviewed-on: https://chromium-review.googlesource.com/700680
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48309}
The catch variable is a special VAR-mode variable which is not in a declaration
scope. Normally creating such a variable is not possible with DeclareVariable,
but Parser bypasses it by calling DeclareLocal directly (which doesn't have the
hoisting check).
PreParser used to cut corners and declare the catch variable as a LET-mode
variable to prevent hoisting.
But since LET and VAR variables behave differently when deciding whether they
block sloppy block function hoisting, that approach doesn't fly.
BUG=v8:5516,chromium:771474
Change-Id: Ic6f5f4996416c9fa59132725c8b0b6b570c72f48
Reviewed-on: https://chromium-review.googlesource.com/700634
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48308}
Evacuating and compacting LayoutDescriptor is meta-circular, i.e., we
need the descriptor to iterate the objects that are copied. Separate the
phases to avoid requiring a publishing store for object payloads.
This reverts commit 6f4a86c129.
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Bug: v8:6884
Change-Id: I71472eaf7671ede20ff4b19f1f0c9490cdb0b629
Reviewed-on: https://chromium-review.googlesource.com/702255
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48307}
Change-Id: Ib36b6e27476f7cc1e2064e147fbfa7d3d1e28b49
These will be used in subsequent CLs to add spec-compliant builtins
on Array.prototype built with the CSA.
Change-Id: Ib36b6e27476f7cc1e2064e147fbfa7d3d1e28b49
Reviewed-on: https://chromium-review.googlesource.com/700694
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48306}
This reverts commit d0651bd108.
Reason for revert: Breaks gc stress with embedded snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15355
Original change's description:
> [language] Implement optional catch binding proposal
>
> This allows the syntax `try {} catch {}` (with no binding after the
> `catch`).
>
> See https://github.com/michaelficarra/optional-catch-binding-proposal/
>
> Currently behind --harmony-optional-catch-binding.
>
> As part of the implementation, this allows TryCatchStatements to not
> have an associated catch scope; various paths which assumed they
> would have been updated to handle this case.
>
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Ic525b45199eef025eb05da562e10fbd4f3d7465f
> Reviewed-on: https://chromium-review.googlesource.com/571453
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Kevin Gibbons <bakkot@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#48300}
TBR=rmcilroy@chromium.org,adamk@chromium.org,marja@chromium.org,gsathya@chromium.org,bakkot@gmail.com
Change-Id: I63d68160ec75b87e28d3dcdddca2d8b7d0503b46
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/702334
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48303}
This reverts commit 0f5d3ed1cb.
Reason for revert: Reland button relands right away...
Original change's description:
> [heap] Separate map space pointers updating from main bulk
>
> Evacuating and compacting LayoutDescriptor is meta-circular, i.e., we
> need the descriptor to iterate the objects that are copied. Separate the
> phases to avoid requiring a publishing store for object payloads.
>
> Bug: v8:6884
> Change-Id: Icc3bb80a938fbd9eec60c79d88ab8fdd9bda0840
> Reviewed-on: https://chromium-review.googlesource.com/700437
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48288}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: Ie91ef6ea5a55f4e8165b3fa97b2c2042376998f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6884
Reviewed-on: https://chromium-review.googlesource.com/701756
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48302}
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set at compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "6.0.287.53-emb.1", the embedder must set
V8_EMBEDDER_STRING to "-emb.1".
Related Node.js issue: https://github.com/nodejs/node/pull/9754
BUG=v8:5740
R=machenbach@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifa2d9bd213795e6d54886436f8c3787ac6162823
Reviewed-on: https://chromium-review.googlesource.com/690475
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48301}
This allows the syntax `try {} catch {}` (with no binding after the
`catch`).
See https://github.com/michaelficarra/optional-catch-binding-proposal/
Currently behind --harmony-optional-catch-binding.
As part of the implementation, this allows TryCatchStatements to not
have an associated catch scope; various paths which assumed they
would have been updated to handle this case.
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic525b45199eef025eb05da562e10fbd4f3d7465f
Reviewed-on: https://chromium-review.googlesource.com/571453
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Kevin Gibbons <bakkot@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48300}
Previously, we would first fire the PromiseRejectCallback before
fulfilling the promise. This patch changes the behavior to first
fulfill the promise. This behavior is more intuitive.
This patch also merges the check for PromiseHook callback with the
debug callback, since they use the same boolean bit on the isolate.
Bug: v8:6880
Change-Id: Ia04867e16423a1d6006f0f3f93a14fa6026e17ed
Reviewed-on: https://chromium-review.googlesource.com/700980
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48298}
CCalls have significantly less overhead than runtime calls which will improve
runtime performance on programs that make lots of transitions between JS and
Wasm.
Bug: v8:5277
Change-Id: If09dea97f24eb43753847e2b894ebc1ba5168c23
Reviewed-on: https://chromium-review.googlesource.com/688481
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48297}
This reverts commit 0f5d3ed1cb.
Reason for revert: Needs to consider invalidated slots too. Roll flaking on GPU bots: https://chromium-review.googlesource.com/c/chromium/src/+/700721
Original change's description:
> [heap] Separate map space pointers updating from main bulk
>
> Evacuating and compacting LayoutDescriptor is meta-circular, i.e., we
> need the descriptor to iterate the objects that are copied. Separate the
> phases to avoid requiring a publishing store for object payloads.
>
> Bug: v8:6884
> Change-Id: Icc3bb80a938fbd9eec60c79d88ab8fdd9bda0840
> Reviewed-on: https://chromium-review.googlesource.com/700437
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48288}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I854687c5e40541c62a0bcf15ad251afe5ddaa8d1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6884
Reviewed-on: https://chromium-review.googlesource.com/701534
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48296}
This reverts commit 5e76ff5a4a.
Reason for revert: tsan failures - https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/17574
Original change's description:
> Reland "[wasm] always allocate memory when guard regions are needed"
>
> This reverts commit 7cf29d8df3.
>
> Original change's description:
> > [wasm] always allocate memory when guard regions are needed
> >
> > When using trap handlers, memory references do not get any checks inserted. This
> > means there is no check for a null memory as happens when the memory size is
> > 0. Normally this would be correctly caught as an out of bounds access, since the
> > low memory addresses are not normally mapped. However, if they were mapped for
> > some reason, we would not catch the out of bounds access.
> >
> > The fix is to ensure WebAssembly instances always have a guard region even if
> > the memory is size 0.
> >
> > Bug: chromium:769637
>
> Change-Id: I09fdaea92b7ccb3a6cc9e28392171ec098538a00
> Reviewed-on: https://chromium-review.googlesource.com/695812
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48293}
TBR=gdeepti@chromium.org,mtrofin@chromium.org,mlippautz@chromium.org,eholk@chromium.org,eholk@google.com,clemensh@chromium.org
Change-Id: I52d5354126158a92602b08c48703d562ac95075b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/699599
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48294}
This reverts commit 7cf29d8df3.
Original change's description:
> [wasm] always allocate memory when guard regions are needed
>
> When using trap handlers, memory references do not get any checks inserted. This
> means there is no check for a null memory as happens when the memory size is
> 0. Normally this would be correctly caught as an out of bounds access, since the
> low memory addresses are not normally mapped. However, if they were mapped for
> some reason, we would not catch the out of bounds access.
>
> The fix is to ensure WebAssembly instances always have a guard region even if
> the memory is size 0.
>
> Bug: chromium:769637
Change-Id: I09fdaea92b7ccb3a6cc9e28392171ec098538a00
Reviewed-on: https://chromium-review.googlesource.com/695812
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48293}
Fix an error overwriting the `prototype` property of async generator
functions when FLAG_enable_slow_asserts is enabled.
Previously, the `initial_async_generator_prototype` field was never
written to the native context, and was always undefined. This caused
some incorrect runtime behaviour, and would crash when loading the field
using the Context::initial_aysnc_generator_prototype accessor when
attempting to cast the Undefined oddball to a JSObject.
BUG=chromium:771470, v8:5855
R=adamk@chromium.org, verwaest@chromium.org, gsathya@chromium.org
Change-Id: I13f2a518c59852bc77c2de1f2468a4eea457609e
Reviewed-on: https://chromium-review.googlesource.com/700261
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#48291}
The code in `AsmJsScanner::Next()` checks for both
end of input and parse error:
if (token_ == kEndOfInput || token_ == kParseError) {
return;
}
but until now the code in the parsing loop only checked
for `kEndOfInput`, resulting in an infinite loop on
`kParseError`.
R=bradnelson@chromium.org, mstarzinger@chromium.org
Bug: chromium:771428
Change-Id: I9170f090503590b3b9b949a0d00ab4daef85bf66
Reviewed-on: https://chromium-review.googlesource.com/699994
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48290}
In the process, also enable support for PACKED_DOUBLE_ELEMENTS arrays.
Change-Id: I16dd79276f1023e30b072d45216396533077f53c
Reviewed-on: https://chromium-review.googlesource.com/571006
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48289}
Evacuating and compacting LayoutDescriptor is meta-circular, i.e., we
need the descriptor to iterate the objects that are copied. Separate the
phases to avoid requiring a publishing store for object payloads.
Bug: v8:6884
Change-Id: Icc3bb80a938fbd9eec60c79d88ab8fdd9bda0840
Reviewed-on: https://chromium-review.googlesource.com/700437
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48288}
This CL also removes the v8::internal::wasm::testing namespace, which
had methods that were defined in wasm-module.h, moving them to be
*ForTesting methods on the corresponding WASM heap objects.
R=clemensh@chromium.org
Bug: v8:6877
Change-Id: I1b346ec64d93ee3a122b8f7e69772cfe98371754
Reviewed-on: https://chromium-review.googlesource.com/695523
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48286}
This CL addresses a couple of minor issues that were in the way of
properly inlining polymorphic constructors calls, i.e. as found in
this common pattern using Symbol.species:
class A {
static get [Symbol.species]() { return this; }
clone() { return new this.constructor[Symbol.species](); }
}
class B extends A {
static get [Symbol.species]() { return this; }
}
function foo(o) { return o.clone(); }
foo(new A());
foo(new B());
Here the call to this.constructor[Symbol.species]() is the interesting
site. To get this fully inlined, we had to
- make sure we don't introduce too many CheckHeapObject eagerly that
block later optimizations (instead we try harder to see whether the
receiver is already provably a HeapObject), and
- also update the new.target of polymorphic JSConstruct nodes, when
it refers to the same node as the target that we're specializing
to (this way the JSCreate becomes fully inlinable later).
This seems to yield a solid 1.5% on the ARES6 ML benchmark (run via the
d8 cli runner), which confirms the previous profiled estimation. On the
micro-benchmark that specifically measures this feature in isolation we
go from
testClone: 828 ms.
on V8 ToT as of today and
testClone: 1439 ms.
on V8 6.1 to
testClone: 219 ms.
which is a 3.7x improvement, on top of the previous ~2x boost that we
got from inlining the polymorphic symbol lookup.
Bug: v8:6885, v8:6278, v8:6344
Change-Id: Ida7abf683c7879978f181ba7f52a125f4f83ae6f
Reviewed-on: https://chromium-review.googlesource.com/700596
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48284}
