This is a reland of 63608968b6
The previous CL failed on Windows, but it was a general bug. The
dropped_elem_segments was not being set on the instance properly in
cctests, so`table.init` instructions would fail by reading uninitialized
data.
I took this opportunity to also add an implementation of
`elem.drop` in the interpreter, and ported the JS tests for those too.
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
Bug: v8:8965
Change-Id: Ia547d9530b7ca67fde5bd94539f49153b796e82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547142
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60664}
This makes sure that the implicit operand stack slot used for passing an
exception from the throw-site to the catch-site is counted against the
maximum stack height.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-rethrow-interpreter
BUG=v8:8091
Change-Id: I7e8f47ba4662eb273792e7508207f67588264a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554683
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60658}
Typed arrays with elements cannot be frozen, but this function
previously would have falsely reported that they are after
an `Object.freeze()` call. Since the latter bails out when
the object is already frozen, the effect was that when calling
`Object.freeze()` on a typed array more than once, the first call
would throw and subsequent ones would not.
Change-Id: I75e59f51ebb94797cdf39bac4ec4c25c547e70a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552781
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60652}
This ensures the lifetime of reference values on the simulated operand
stack of the interpreter is coupled to a lifetime of the {ThreadImpl}.
We no longer directly store reference values on the stack, but maintain
a separate "reference stack" on the GC'ed heap. This will ensure the GC
traces such references properly.
The new {StackValue} safety wrapper makes sure all use-sites that access
the operand stack properly convert to/from handles when dealing with
reference values.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-interpreter
BUG=v8:8091,v8:7581
Change-Id: I8c05f2d945a6def943b89be0cfca538a73df8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552791
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60650}
This is the first step towards full huge typed array support in V8.
Before this change, the JSTypedArray::length and the elements backing
store length (FixedTypedArrayBase::length) were used more or less
interchangeably to determine the number of elements in a JSTypedArray.
With this change we disentangle these two lengths, and instead make
JSTypedArray::length authoritative. For on-heap typed arrays, the
FixedTypedArrayBase::length will remain the number of elements in the
backing store, but for the off-heap typed arrays, this length will be
set to 0 (matching the fact that the FixedTypedArrayBase instance does
not contain any elements itself).
This also unifies the JSTypedArray::set_/length() and length_value()
methods to only have JSTypedArray::set_/length() which returns/takes
size_t values. Currently this still requires the values to be in Smi
range, but later we will extend this to allow arbitrary size_t values
(in the safe integer range).
Bug: v8:4153, v8:7881
Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60648}
Locks for compilation state callbacks and for the native module are
again taken one after the other. As a consequence, publishing compiled
Wasm code again happens in parallel. Compile times are now comparable to
before lazy hints were enabled.
Bug: chromium:949050
Change-Id: I45c52254d046de080938bd131fd3ed8116660bef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552787
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60646}
Indexed fields in classes can now be initialized using iterators
and a spread syntax, e.g.:
class Foo {
length: Smi;
elements[length]: Object;
}
new Foo{length: 5, elements: ...iter};
where iter implements Torque's iterator protocol. This protocol
requires the definition of a method with the following signature:
Next(): <type> labels NoMore;
Where <type> is the Torque type of the values to be iterated.
In the case of indexed field initialization, the type must be
the field's type or a subtype thereof.
Field initialization with spread is desugared into a loop that
calls the spread iterator's Next method and assigns each
returned value in order to the corresponding indexed field
element.
The general machinery for the spread syntax has been added to
the ast and parser, however, it can currently only be used in
the specific context of indexed field initialization. Spread
operators used in any other context will cause an error.
Bug: v8:7793
Change-Id: If071e61db8166573c28d13318879c88ba96f6d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550407
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60639}
Context::microtask_context can be null after v8::Context::DetachGlobal
is called, and that should cancel microtasks that are associated to
the detached context.
However, there are several callers left without the null check to the
microtask queue, and that causes crashes.
This CL adds the null check and cancellation as the crash fix.
Bug: chromium:937784
Change-Id: Ie8d107f28f200cee6e75798e3f72c5ed7a2a461c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545139
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60623}
This changes the syntax for constructing structs and classes to explicitly
mention the fieldnames, similar to JavaScript object literals.
The fields still have to be listed in the same order as in the struct/class
declaration.
As in Javascript, {foo: foo} can be abbreviated as {foo}.
Example:
macro NewJSArray(implicit context: Context)(
map: Map, elements: FixedArrayBase): JSArray {
return new JSArray{
map,
properties_or_hash: kEmptyFixedArray,
elements,
length: elements.length
};
}
Drive-by cleanup: Make struct and class constructors follow the same pattern
in the parser and the AST.
Bug: v8:9018 v8:7793
Change-Id: I22ff7f68270e4f406aa80731a709d41ea52f52bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1551999
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60622}
Making 43K of room for landing ICU64.
Size Change (on x64.release)
D8 before 23,683,192
D8 after 23,639,296
Reduce 43,896 bytes
Bugs: v8:8348
Change-Id: I057f7d59e955a2e5e017873e5b3b5daf5b142ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1478710
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60616}
These tests make sure the ticks are correct when resolving against a
Promise.
Without the optimization, the result is:
"start,tick 1,tick 2,tick 3,tick 4,done,tick 5"
With the optimization, the result is:
"start,tick 1,tick 2,done,tick 3,tick 4,tick 5"
Bug: v8:8267
Change-Id: I6c6499c7c256927531a99bab4ae1c5bd5069ef7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534884
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60615}
When TurboFan optimizes field access, we need to check first that the
runtime already determined the correct field representation properly.
If the field representation is still None, we cannot optimize this in
TurboFan straight away but we have to call the IC to let the runtime
do the magic.
Bug: chromium:944865
Change-Id: I032a48824e83806e1be7670346f518b258a9dd65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549167
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60607}
Using the Isolate's allocator when creating the WasmModule can lead to
use-after-free situations when the NativeModule is shared across
Isolates.
R=mstarzinger@chromium.org
Bug: v8:9079
Change-Id: I5a564852179cc5b9d4cbad2a002d3b6e14b01968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550404
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60605}
Reading --verify_predictable makes me sad, whereas --verify-predictable
makes me happy. This CL introduces more happiness.
R=machenbach@chromium.org
Bug: v8:8834
Change-Id: Id51a75f32e6d5a2f87aed81e058a8b6dff189758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550399
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60599}
This adds preliminary support for handling the "br_on_exn" opcode in the
interpreter. It also makes "catch" and "rethrow" use a proper exception
reference instead of a dummy value.
To that end this also adds {Handle<>} as a new kind of {WasmValue} which
is intended to pass reference values (e.g. "anyref" or "except_ref") to
the runtime system. Therefore lifetime of such a {WasmValue} is directly
coupled to any surrounding {HandleScope}.
For now we just store {Handle<>} directly on the simulated operand stack
of the interpreter. This is of course bogus, since the surrounding scope
does not outlive the interpreter activation. Decoupling the lifetime of
the operand stack from a {HandleScope} will be done in a follow-up CL.
As a drive-by this change also implements support for the "ref_null" and
the "ref_is_null" opcodes as a proof-of-concept that the new {WasmValue}
is also applicable to the "anyref" reference type.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-interpreter/ReferenceTypeLocals
BUG=v8:8091,v8:7581
Change-Id: I2307e0689a19c4aab1d67f1ba6742cb3cc31aa3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550299
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60598}
During instantiation, exceptions can be thrown when looking up the
imports, e.g. because of proxies. If the exception is thrown
internally, before actually calling out to JS code, it won't be
externally caught.
This CL removes the DCHECK that errornously checked that a pending
exception was externally caught.
R=mstarzinger@chromium.org
Bug: chromium:948228
Change-Id: Idbdb340167c1943f78397cc9b310ef5743755726
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547855
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60593}
Const-qualified fields are allowed in both classes and structs.
In both cases, const fields can only be set via initialization
during construction.
Drive-by: unitialized -> uninitialized
Bug: v8:7793
Change-Id: Idec08df30f7897c756b7dd6f2b10bb6012fefb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547853
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60592}
The tiers are now consistently referred to as baselin and top tier.
Bug: v8:9003
Change-Id: I74ad1867aca63bee9eb83b7f0f9fbaf2b1523dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547667
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60591}
Adds the notion of a "source type" to CpuProfileNode instances, hinting
at the underlying source of the function or state that resulted in the
generation of the node.
Bug: v8:9001
Change-Id: Ie14c54d41b99eb02f54b423fa5d939e9d7f63785
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510576
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60590}
Includes both changing from compressed pointers and to compressed pointers.
Also added tests to the representation changer test
B
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I8a13f6b7ec2208442aa354949173cc9061bce168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533866
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60587}
All standard containers provide a method named {empty} to check whether
the container is empty. On {base::Vector}, that method is named
{is_empty}, while {empty} is an unused factory method for creating an
empty {Vector}.
This CL renames {is_empty} to {empty} and removes the unused factory
method.
R=leszeks@chromium.org
Bug: v8:8834
Change-Id: I686bd07527801fbe783c412bc241221d8ec3660a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547862
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60584}
This is a reland of 3cda21de77
Original change's description:
> V8 x64 backend doesn't emit ABI compliant stack frames
>
> On 64 bit Windows, the OS stack walking does not work because the V8 x64
> backend doesn't emit unwinding info and also because it doesn't emit ABI
> compliant stack frames. See
> https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0/edit
> for more details.
>
> This problem can be fixed by observing that V8 frames usually all have the same
> prolog and epilog:
>
> push rbp,
> mov rbp, rsp
> ...
> pop rbp
> ret N
>
> and that it is possible to define XDATA (UNWIND_CODEs) that specify how Windows
> should walk through V8 frames. Furthermore, since V8 Code objects are all
> allocated in the same code-range for an Isolate, it is possible to register a
> single PDATA/XDATA entry to cover stack walking for all the code generated
> inside that code-range.
>
> This PR contains changes required to enable stack walking on Win64:
>
> EmbeddedFileWriter now adds assembler directives to the builtins
> snapshot source file (embedded.cc) to emit additional entries in the .pdata and
> in the .xdata section of the V8 executable. This takes care of stack walking
> for embedded builtins. (The case of non-embedded builtins is not supported).
> The x64 Assembler has been modified to collect the information required to emit
> this unwind info for builtins.
>
> Stack walking for jitted code is handled is Isolate.cpp, by registering
> dynamically PDATA/XDATA for the whole code-range address space every time a new
> Isolate is initialized, and by unregistering them when the Isolate is
> destroyed.
>
> Stack walking for WASM jitted code is handled is the same way in
> wasm::NativeModule (wasm/wasm-code-manager.cpp).
>
> It is important to note that Crashpad and Breakpad are already registering
> PDATA/XDATA to manage and report unhandled exceptions (but not for embedded
> builtins). Since it is not possible to register multiple PDATA entries for the
> same address range, a new function is added to the V8 API:
> SetUnhandledExceptionCallback() can be used by an embedder to register its own
> unhandled exception handler for exceptions that arise in v8-generated code.
> V8 embedders should be modified accordingly (code for this is in a separate PR
> in the Chromium repository:
> https://chromium-review.googlesource.com/c/chromium/src/+/1474703).
>
> All these changes are experimental, behind:
>
> the 'v8_win64_unwinding_info' build flag, and
> the '--win64-unwinding-info' runtime flag.
>
> Bug: v8:3598
> Change-Id: Iea455ab6d0e2bf1c556aa1cf870841d44ab6e4b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1469329
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#60330}
Bug: v8:3598
Change-Id: If988baf7d3e4af165b919d6e54c1ad985f8e25e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534618
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60581}
This is a reland of 660d828790
Original change's description:
> [debug] Mark toLocaleString and TA#join builtins as side-effect free.
>
> Bug: chromium:940373
> Change-Id: If5f90ff5f873f0687c6a6a4063e0d09d6bbbd556
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533157
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#60440}
Bug: chromium:940373
Change-Id: I03fe4c06cad9848db211739170462d52ce3f7acf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538791
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60575}
This happened because {EphemeronKeyWriteBarrierFromCode} will also be
called if both table and key are in old-space, and key is an evacuation
candidate.
Bug: chromium:948307, v8:8557
Change-Id: Ic1284209584b74cb343163e4beec632a3f1544b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547858
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60568}
This CL adds all the necessary {WasmCodeRefScope}s in the code base, or
at least a good approximation. A follow-up CL will enable a check that
a {WasmCodeRefScope} exists whenever a pointer to a {WasmCode} object
is returned from the {NativeModule}. This should flush out any missing
scopes.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I54c7eb39aeb1acde38273c399396e6b1390a4cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533860
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60566}
Don't just DCHECK that intrinsic calls are one-byte, but explicitly
check and return (a failure) when they are not.
Bug: chromium:948248
Change-Id: If2c16f337e9c97e5a585d21a51a985f4abbe1c29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547857
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60565}
This is a reland of 09fa63a935
Original change's description:
> [wasm-hints] Enabled Lazy Compilation by Hint
>
> Hints for lazy compilation are now taken into consideration. If the
> custom hints section suggests lazy compilatin we do so unless the module
> consists of a single function.
>
> Bug: v8:9003
> Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
> Commit-Queue: Frederik Gossen <frgossen@google.com>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60557}
Bug: v8:9003
No-Try: true
Change-Id: I8d6f4518aa548c815fba4e6e62d2206129336cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547851
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60564}
This reverts commit 09fa63a935.
Reason for revert: Falkes on https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/29942
Original change's description:
> [wasm-hints] Enabled Lazy Compilation by Hint
>
> Hints for lazy compilation are now taken into consideration. If the
> custom hints section suggests lazy compilatin we do so unless the module
> consists of a single function.
>
> Bug: v8:9003
> Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
> Commit-Queue: Frederik Gossen <frgossen@google.com>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60557}
TBR=mstarzinger@chromium.org,clemensh@chromium.org,frgossen@google.com
Change-Id: I18dd424fe8cf05f220f7498bb1ebe4b9fce7d240
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547668
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60558}
Hints for lazy compilation are now taken into consideration. If the
custom hints section suggests lazy compilatin we do so unless the module
consists of a single function.
Bug: v8:9003
Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60557}
- We didn't take stability dependencies on the inferred maps
in case of kUnreliableReceiverMaps.
- We didn't take stability dependencies on the prototype chains.
Bug: v8:9041
Change-Id: I85418dbed219f51e7fb46c59a0cb9cbb9b499bc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541107
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60550}
It was missing a control output.
Bug: chromium:946889
Change-Id: I85f203fc6e27a60f0b86e0e2999dd798a5416dfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547655
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60549}
The CheckNonEmptyString lowering was the wrong way around and would
deoptimize if it doesn't see the empty string. This leads to the
creation of invalid ConsStrings and also to unnecessary deopt loops
with proper code.
Bug: chromium:947949, v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Ib2cc4e92cc9ec7e0284d94f74d14f67f8c878dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545908
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60542}
