Combining the load with the SmiUntag let's us have better
instruction selection opportunities against not doing it.
Bug: v8:9771
Change-Id: I6b6391398413ee1bc808c71d48474e9336c09f2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826734
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64025}
This is a reland of cfb100282e
with a fix for failures in lite mode.
Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}
Bug: chromium:987523
Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff
TBR: rmcilroy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64023}
x64 code path is different and we can't do this optimization.
Bug: v8:9771
Change-Id: I1639e53b4397873e70895ec2919ac2769b0bbc72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826728
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64022}
The current version of SmiTag and SmiUntag was checking if the
registers were the same, copying them if not and then untagging.
We can avoid a branch and a check by having two versions of
SmiTag and SmiUntag.
Change-Id: Id89213e073cefc9f8e46fcf0e79d0c1d349342ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826730
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64021}
insert_remembered_set_function used Heap::RecordSlotFromCode as name,
while the actual function is Heap::InsertIntoRememberedSetFromCode.
Change-Id: Idbdc389bf7267dd2be47986249fba33349cd44f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828918
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64019}
This new optional parameter controls whether "Runtime.evaluate" ignores
break points and previous "Debugger.pause" calls while evaluating the
expression. This will be used for live expressions, which should never
interfere with debugging.
Bug: chromium:1001216
Change-Id: Ie37f6616a4a1cae40399b79255ab92fb254d91b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826664
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64018}
Also remove or adapt all mentioning of buildbot. The flag was removed
on the infra side here:
https://crrev.com/c/1827557
Change-Id: I8a6be80faa65f99cd42a084c804fc5bfae7f02c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826722
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64017}
Almost everywhere, we use the ProcessedFeedback abstraction to
query feedback in the compiler. The remaining exception is in handling
RegExp, Object and Array literals. By bringing this in line with
other feedback queries, we no longer need to serialize all feedback
vector slots (possibly wasteful of memory), and offer a uniform way
to pick up feedback everywhere.
Bug: v8:7790, v8:9396
Change-Id: Ice42587595fe30bebfbd7835d2b2e9e49601c92e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807358
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64016}
This reverts commit cfb100282e.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483
Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}
TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org
Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:987523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64015}
With lazy feedback allocation, for functions that get OSRed we may
not have feedback for the initial part of the functions since feedback
vectors might be allocated after the function started executing. Hence
we would not be able to optimize the function on the next call. This
means we may have to OSR twice before we actually optimize function.
This cl introduces OSR cache, so we could reuse the optimized code. One
side effect of this cl is that the OSRed code won't be function context
specialized anymore.
Bug: chromium:987523
Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64014}
There is some code common to both wide and extra wide that we are
able to hoist up since they do not affect the flags after testing
to see which version to use.
Bug: v8:9771
Change-Id: Idb5ce4bd0dfcb5b38d9bc6e4257f763de3bf3567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826725
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64008}
Make it clearer when the broker is missing information about
a potential inlinee.
Bug: v8:7790
Change-Id: I73d6066e75049e15a3fd821ac685476812482142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825241
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64007}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits.
Bug: v8:9706
Change-Id: I9176ea1ece7c0551b1fa6b9df58445ba49434234
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824474
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64006}
This is a reland of c70de45c6a
Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
>
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
>
> BUG=v8:9684
>
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}
TBR=neis@chromium.org
Bug: v8:9684
Change-Id: I9cf3d087b81bb81a09a725168da9dc19238da91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826726
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64003}
This CL removes the StoreBuffer and inserts slots into the
RememberedSet directly from within the RecordWrite builtin. Only calls
into C code when either the SlotSet-array or the bucket is not
allocated. This avoids filling the store buffer up with duplicates or
due to a write-heavy workload and then blocking the main thread on
store buffer processing.
Change-Id: I05b0b0938d822cdf0e8ef086ad4527d3229c05b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815241
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64002}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits.
Bug: v8:9706
Change-Id: I04d2708f331a65e1c73302e8c36653f9cb40706e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824946
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64001}
The x64 version was already doing it.
Bug: v8:9771
Change-Id: I4fa28dd5fcf5e73561ad37bbbc2c9edd63a20ec0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826724
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64000}
This reverts commit 6612943010.
Reason for revert: Fails on gcc: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/3394
Original change's description:
> [regexp] Bytecode peephole optimization
>
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
>
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
>
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
>
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}
TBR=jgruber@chromium.org,petermarshall@chromium.org,pthier@google.com
Change-Id: Ie526fe3691f6abdd16b51979000fdafb7afce8ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826727
Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Commit-Queue: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63998}
The current implementation only supports arrays and proxies as
multi-return values in Wasm to JS calls. This adds support for any
iterable including generators, as specified by the multi-value proposal
(https://github.com/WebAssembly/multi-value/).
R=mstarzinger@chromium.org
Bug: v8:9492
Change-Id: I2c9be1f7e03824b1aabba525244e5b7f76a98f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824938
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63996}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits and tweaks some CSA helper functions
for smi-corrupting decompression.
Bug: v8:9706
Change-Id: I50e38a9f34b911ec0b8dd4e21298417bf23160aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824943
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63995}
This is a reland of d7b67ce206
Original change's description:
> [Context] Add a bit flag to indicate if extension might exist
>
> Checking the bit flag instead of comparing pointers should improve performance.
> This will also allow us to remove the extension slot in Context and save memory.
>
> Bug: v8:9744
> Change-Id: I7ab9feeadfb934955798d877d13bc0e1d78a191c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814918
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63906}
Bug: v8:9744
Change-Id: Ic4725ad5730a8f8fff6288d6af2205c230aff79d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815256
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63993}
Bytecodes used by the regular expression interpreter often occur in
specific sequences. The number of dispatches in the interpreter can be
reduced if those sequences are combined into a single bytecode.
This CL adds a peephole optimization pass for regexp bytecodes.
This pass checks the generated bytecode for pre-defined sequences that
can be merged into a single bytecode.
With the currently implemented bytecode sequences a speedup of 1.12x on
regex-dna and octane-regexp is achieved.
Bug: v8:9330
Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63992}
... in both CSA code and TurboFan. This is a prerequisite for smi-corrupting
decompression.
The decompression eliminator changes is a workaround to ensure that the result
of comparisons of two constant Smis is still a constexpr (the failing test is
cctest/test-torque/TestLoadEliminationFixed). Better optimizations will be
landed in a follow-up CLs.
Bug: v8:9706
Change-Id: Ie2d90f6a7714aa749439e3f457d90d663d0efe49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815133
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63991}
DCHECK(IsAligned(addr, alignof(T))) is false on s390 debug simulator test
case. So copy to an aligned buffer and we can relocate the serialized code.
Change-Id: I8e4ad9ff25fd9a9e5478831250ff741c3e72a86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822860
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63990}
on mips, we should use t9 when jump to a ExternalReference, because
the callee function will consider t9 as the function start address.
Change-Id: I56e2bf073fd24b2f3434dfd255d48264bfd0b2cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826417
Auto-Submit: Yu Yin <xwafish@gmail.com>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63988}
This uses Handle<WasmExceptionPackage> where applicable to increase type
safety. Note that {WasmExceptionPackage} is not a full-fledged instance
type though. The {HeapObject::IsWasmExceptionPackage} predicate is an
approximation because a precise version could only be implemented using
handlified code performing a property lookup.
R=clemensb@chromium.org
Change-Id: I061e3eea201a0e9909ba67ae33db81d14aaefe4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477673
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63987}
This is a reland of 0d6aa842e6
The reason for the revert was flaky tests, but those continued to failed randomly after the revert.
See: https://bugs.chromium.org/p/chromium/issues/detail?id=1005723#c24
After discussing with Toon, we decided that the memory gains from allocating descriptor arrays
in young space outcome the few micro-benchmark regressions.
Original change's description:
> [Heap] Allocate descriptor array in young
>
> This hopefully fix the regression test from c693e005a7
>
> Bug: v8:1004766
> Change-Id: If3c554070af6b795e4b3f99cd592a62453028874
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809363
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#63858}
Bug: v8:1004766
Change-Id: I649f8e70abf2e5605bc073db788642705498166b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824940
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63986}
InvalidateRecordedSlots needs to invalidate old-to new objects
unconditionally. Checking slot_set_[OLD_TO_NEW] is not enough, since the
sweeping_slot_set_ could still contain slots.
ClearRecordedSlot in MigrateFastToFast is not necessary as well. This is
only required in DeleteObjectPropertyFast since we might potentially
shrink the object.
Bug: chromium:1008301,chromium:1008046
Change-Id: If2c757a619b52d070825e4faadce7710eae61a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826717
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63985}
This reverts commit c70de45c6a.
Reason for revert: speculative revert
Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
>
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
>
> BUG=v8:9684
>
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}
TBR=rmcilroy@chromium.org,neis@chromium.org
Change-Id: I99cddb2c435ad6347bdc9b61b95d48dca94294c7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826720
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63984}
Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
nodes. This allows TurboProp to avoid the LateOptimizationPhase and
MemoryOptimizationPhase phases while still lowering all simplified nodes to
machine nodes before instruction selection.
BUG=v8:9684
Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63981}
Change-Id: I333ceca8c811c32dd6c7cad941082ca7a87a985e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826718
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63980}
R=adamk@chromium.org
No-Try: true
Change-Id: Idedb3d80382c876f09c545cf0f1cc7387b9ad805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825242
Auto-Submit: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63979}
It looks like codegen on ia32 may sometimes miss a byte during
emit_arith. Our working theory is that this happens because `length`
in emit_operand, for whatever reason, is 0 and we thus do not advance
`pc_` correctly. The tentative fix is to use EMIT to increment the pc_
on each single write instead of relying on `length`.
Bug: v8:9774
Change-Id: I522eef96481f44f57628f914c9c170f1644ec47a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824941
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63978}
