In a DCHECK inside SetPayload(), MSVC gives a C4806 warning. Use the
right types to avoid this.
Also add pointer-with-payload.h to BUILD.gn.
Change-Id: I10a415250e7d2f06dab7a10bff48eef5890bb723
Reviewed-on: https://chromium-review.googlesource.com/c/1297991
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57003}
A node short-cutting optimization was not updating uses correctly. This
fix makes sure that there are no other users of the node, thus making the
use update unnecessary.
This fix might have negative performance implications.
Change-Id: Ie9bd23caf4434eb2137e111dc5e7c143fd97521c
Reviewed-on: https://chromium-review.googlesource.com/c/1299019
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57001}
This also disables the test on tsan bots and on bots that have
dchecks always enabled, which includes try bots.
Bug: v8:8332, v8:8831
Change-Id: Ib52cd32985d50e89ddfdc525f08f60ddfd981f1e
Reviewed-on: https://chromium-review.googlesource.com/c/1297319
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57000}
The "max_len" argument for fuzzer targets is deprecated. We need to
enforce the limit internally.
R=ahaas@chromium.org
Bug: chromium:894939
Change-Id: I2206bc63d5e39f1aa189e11042a6a0bbcca31b0d
Reviewed-on: https://chromium-review.googlesource.com/c/1299020
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56998}
- Moves call to DeserializeNativeModule into SaveContext to avoid
a crash in IsWasmCodegenAllowed.
Bug: chromium:719172
Change-Id: Idd367824a325fc684f29e335b0c07e515f9fdad3
Reviewed-on: https://chromium-review.googlesource.com/c/1298375
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56997}
This uses the PIMPL idiom to hide the implementation of
{CompilationState} while still allowing to call methods on
{CompilationState} using the externally visible type.
It also allows to pass the {CompilationState} in a unique_ptr
without a custom deleter.
R=ahaas@chromium.org, mstarzinger@chromium.org
Bug: v8:8238
Change-Id: I5e842723270bc6bb36b605253e3e88103caec61a
Reviewed-on: https://chromium-review.googlesource.com/c/1297956
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56996}
This adds support for having reference type values (i.e. anyref) stored
in an exception. It is the natural combination of the reference type
proposal and the exception handling proposal.
Note that this also introduces support for having write barriers in
generated WasmCode, as this is the first time we are storing references
within generated code. Such write barriers will be needed for other uses
of reference types (e.g. mutable global) regardless.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref
BUG=v8:8341
Change-Id: I1211d4a850954622cb873eede0b4024fecc3dd8b
Reviewed-on: https://chromium-review.googlesource.com/c/1296484
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56995}
This reuses the fast path from IterableToList for Array.from. The fast
paths are taken when .from is called with the receiver Array and the only
argument is the iterable (no mapping function or thisArg).
Bug: v8:7980
Change-Id: I975b0c5e3f838262d7b71ad4dec5111fb031d746
Reviewed-on: https://chromium-review.googlesource.com/c/1297322
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56993}
The {CompilationState} currently stores the {WasmEngine}, while the
{NativeModule} only stores the {WasmCodeManager}. From a high-level
view, this does not make much sense. The {NativeModule} belongs to
exactly one {WasmEngine}, so that link should be stored there. We can
then get to the {WasmCodeManager} from the {WasmEngine}.
This change requires a refactoring of the {WasmCodeManagerTest} which
created {WasmCodeManager}s independent of the {Isolate} and the
{WasmEngine}. This is not supported any more.
Note that in production, each {WasmEngine} owns exactly one
{WasmCodeManager} and one {WasmMemoryTracker}, so testing that a
{WasmMemoryTracker} can be shared by several {WasmCodeManager}s didn't
make sense in the first place.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I582e698be35f97dbd38bf6e12eb7f8ee4fc1f0f2
Reviewed-on: https://chromium-review.googlesource.com/c/1297960
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56992}
This gives us better test coverage.
Also enable --strict-heap-broker by default. I think this
flag is no longer necessary and can be removed soon.
Bug: v8:7790
Change-Id: I55d43dea45ff99bb753189b0d019f945b61752ac
Reviewed-on: https://chromium-review.googlesource.com/c/1298898
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56991}
This removes the last V8_EMBEDDED_BUILTIN ifdefs from the ia32 macro
assembler. It also enables root-relative accesses in a few more spots
where they are cheap.
Bug: v8:6666
Change-Id: I10c8e69d8a76fccd3d0753dad020cced4d92a4a2
Reviewed-on: https://chromium-review.googlesource.com/c/1299018
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56990}
This CL allows ExtractFixedArray to know if the JSArray has only Smi
elements. In that case ExtractFixedArray will always skip write barriers
when copying the Smi-only backing store. In the case that the copying
is not possibly conflicting with the concurrent marker, CopyElements will
efficiently use memcpy for further performance.
This improves the performance of ExtractFastJSArray and CloneFastJSArray.
As a result, performance of copying Smi arrays by slice() and spreading is
improved, except for spreading Smi holey arrays.
Bug: v8:7980
Change-Id: Ie39f8abf3b5039cc12a8ca7ece81352375e0e9da
Reviewed-on: https://chromium-review.googlesource.com/c/1286340
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56989}
Since tokens turn illegal automatically upon failure, we can delay checking in
places where we'll return upon illegal token anyway. We still need checks
before uses of a possible invalid expression (nullptr in parser), so keep those
checks for now; possibly pushing a previously higher check to right before the
dereference.
Bug: v8:8363 ,v8:7926
Change-Id: Ia402fc83c15f4c3258a335614b9213f8211a3c53
Reviewed-on: https://chromium-review.googlesource.com/c/1299081
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56985}
This is a reland of a31a623047
Original change's description:
> [ia32] Remove poisoning logic on ia32
>
> Poisoning has been disabled by default on ia32 a while ago. This CL
> removes its logic from ia32 code generation, which will let us move
> towards fuller (and unconditional) root register support.
>
> Bug: chromium:860429, v8:8254
> Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
> Reviewed-on: https://chromium-review.googlesource.com/c/1296131
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56978}
Tbr: mstarzinger@chromium.org,jarin@chromium.org
Bug: chromium:860429, v8:8254
Change-Id: Ia65ac57fdc6b9a0f59cc64455d6a000005e9be3b
Reviewed-on: https://chromium-review.googlesource.com/c/1299080
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56984}
This CL extracts some functionality out of the {PrepareAndStartCompile}
step, in order to reuse that from the {AsyncStreamingProcessor}. We
currently schedule a {PrepareAndStartCompile} task to get the same
effect, and rely on the internal implementation to do the right thing.
R=ahaas@chromium.org
Bug: v8:8238
Change-Id: I43135fe488a5f72c09307ac955381c69b7987ec1
Reviewed-on: https://chromium-review.googlesource.com/c/1297321
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56983}
PrepareElementsForSort must return a number less than or equal the array
length.
Bug: chromium:897512, v8:7382
Change-Id: If5f9c4d052e623ab9f3300b8534603abbee859fa
Reviewed-on: https://chromium-review.googlesource.com/c/1297958
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56982}
This reverts commit a31a623047.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/21332
Original change's description:
> [ia32] Remove poisoning logic on ia32
>
> Poisoning has been disabled by default on ia32 a while ago. This CL
> removes its logic from ia32 code generation, which will let us move
> towards fuller (and unconditional) root register support.
>
> Bug: chromium:860429, v8:8254
> Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
> Reviewed-on: https://chromium-review.googlesource.com/c/1296131
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56978}
TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org
Change-Id: I305e9e1719fb4b3f8ef267c232723db9b52966e9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:860429, v8:8254
Reviewed-on: https://chromium-review.googlesource.com/c/1299015
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56980}
Resets the isolate's context to nullptr in debug builds during bytecode finalization
to ensure that we don't rely on the native context during context independent
unoptimized compilation.
BUG=chromium:898076, v8:8041
Change-Id: Ifaa5006a7a3d31d7fbd535ebb63f8889c75526c4
Reviewed-on: https://chromium-review.googlesource.com/c/1297961
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56979}
Poisoning has been disabled by default on ia32 a while ago. This CL
removes its logic from ia32 code generation, which will let us move
towards fuller (and unconditional) root register support.
Bug: chromium:860429, v8:8254
Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
Reviewed-on: https://chromium-review.googlesource.com/c/1296131
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56978}
The flag was only there to tell whether the {AsyncCompileJob} needs to
be kept alive. We already have this information in all the other fields
of the {AsyncCompileJob}, thus remove it.
R=ahaas@chromium.org
Bug: v8:8238
Change-Id: I8d1d76ba8d622d1816c240e7a824ecf31c3b1ce5
Reviewed-on: https://chromium-review.googlesource.com/c/1297957
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56977}
This is a reland of c92a1dda41
Original change's description:
> [cpu-profiler] Fix a bug which caused a pure virtual function call
>
> We need to remove each Sampler from the SamplerManager before we call
> the Sampler destructor. This is because the signal handler can interrupt
> the destructor, and call DoSampler(), which calls sampler->SampleStack()
> on the sampler being destructed, causing general unhappiness and
> "Pure virtual function called!" crashes.
>
> Bug: v8:8346, v8:5193
> Change-Id: Iaa595a196eab33fb1af31584e9a68fd1ce0a18f6
> Reviewed-on: https://chromium-review.googlesource.com/c/1293949
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56882}
TBR=yangguo@chromium.org
Bug: v8:8346, v8:5193
Change-Id: I9878f65c868ff1aed6f3a587cba688c4241bad8c
Reviewed-on: https://chromium-review.googlesource.com/c/1298893
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56976}
It's unnecessary to buffer in the zone, and using a deque is more expensive
than an std::vector as a stack since we reuse areas very frequently. The
top-of-stack that the State keeps track of is now simply tracked in the state,
with a scope_depth_ counter to figure out if the fni_ is "open" (has an active
state).
Change-Id: I29ad3db7520340b8fe035feed400178bd50785bc
Reviewed-on: https://chromium-review.googlesource.com/c/1298894
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56974}
Replace the explicit ok tracing by setting the scanner to fail, allowing us to
return automatically. RETURN_IF_PARSE_ERROR is now used instead of CHECK_OK to
verify if the parser failed.
In a follow-up CL we'll merge RETURN_IF_PARSE_ERROR after Expect* into an
EXPECT* macro. We'll keep (for now) RETURN_IF_PARSE_ERROR that guard uses of
possible NullExpression (e.g., impl()->IsIdentifier(...)). All other RETURN_IF*
will be removed. Uses after failure can likely later be fixed too by introducing
a FailureExpression.
Bug: v8:8363 ,v8:7926
Change-Id: I9896449eb9be476c453da4417a0bfd17c169ff38
Reviewed-on: https://chromium-review.googlesource.com/c/1294649
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56972}
Check for is_javascript in Debug::AllFramesOnStackAreBlackboxed,
instead of assuming all frames are javascript frames.
Fix is thanks to dgozman: https://crbug.com/896093#c3
Bug: chromium:896093
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6b735d904c3fd036d4589d65f10673b81b8f326c
Reviewed-on: https://chromium-review.googlesource.com/c/1295552
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56970}
This would allow SP to be a nonsense value, which would confuse the CPU
profiler when the signal handler read the SP before it was restored.
Bug: v8:8355
Change-Id: If108c8cf00467904fe0f4f26fddc2e3122afcd93
Reviewed-on: https://chromium-review.googlesource.com/c/1298032
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56967}
This allows us to use one underlying buffer rather than 3, and allows memory to
be freed as we're growing the vector.
Change-Id: I45c178a31e8f6d3ee44d3319ce8bca2db2460d33
Reviewed-on: https://chromium-review.googlesource.com/c/1297328
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56966}
This is a reland of fcbb023b0e
Original change's description:
> Add Windows ARM64 ABI support to V8
>
> This change added Windows ARM64 ABI support, major things are:
> 1. Excluding x18 register from any usage because it is reserved as
> platform register. Preserve alignment after the change.
> 2. Fix the assumption of LP64 in arm64 backend. Windows ARM64 is
> still LLP64.
> 3. Stack guard page probe for large allocation on stack.
>
> Reference:
> Windows ARM64 ABI:
> https://docs.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=vs-2017
>
> Bug: chromium:893460
> Change-Id: I325884ac8dab719154a0047141e18a9fcb8dff7e
> Reviewed-on: https://chromium-review.googlesource.com/c/1285129
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56881}
CQ_INCLUDE_TRYBOTS=luci.chromium.try:android_arm64_dbg_recipe
TBR=mlippautz@chromium.org
Bug: chromium:893460
Change-Id: Icc45fd091c33f7df805842a70236b79b14756f52
Reviewed-on: https://chromium-review.googlesource.com/c/1297300
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56965}
This CL gives a first look at the new way to represent tagged object
pointers in C++.
It adds infrastructure in Handles and the garbage collector to deal
with the new object type, and ports a first class to the new world.
Design overview: https://goo.gl/Ph4CGz
Bug: v8:3770
Change-Id: I3e37fbf399612f95540cb386710a595069fb9d55
Reviewed-on: https://chromium-review.googlesource.com/c/1292673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56964}
Add position to the return of %SegmentIterator%.next()
which newly added to the spec in
https://github.com/tc39/proposal-intl-segmenter/pull/42
Bug: v8:8305
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8de7102acb670a6c529ab3e35601c78a8dc7703c
Reviewed-on: https://chromium-review.googlesource.com/c/1278636
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56963}
Remove TODO that is already done
Uncomment two working tests.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icb28d84e92812996c2928e90961d75508ba4c401
Reviewed-on: https://chromium-review.googlesource.com/c/1296933
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56961}
Creates the hash_seed byte array in RO_SPACE and moves the root from
STRONG_MUTABLE_IMMOVABLE_ROOT_LIST to STRONG_READ_ONLY_ROOT_LIST.
Bug: v8:8191
Change-Id: I3b044fbb3e51eb5d21ac2e68a54076623865b9d2
Reviewed-on: https://chromium-review.googlesource.com/c/1297959
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56960}
BuildClassBoilerplate accessed the native context to get the
class_function_descriptors. Baseline compilation should be native context
independent, so we shouldn't access the native context at all. As it happens,
class_function_descriptors wasn't used so can just be removed.
BUG=chromium:898076, v8:8041
Change-Id: If9c0edf3dfde68c76ea87820f9d4b080aac6d60e
Reviewed-on: https://chromium-review.googlesource.com/c/1298033
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56958}
There are several core changes in this stub:
1) add a version of KeyedStoreGenericGenerator::SetPropertyInLiteral()
which supports indexed properties directly, witthout KeyedStore
2) add a code stub for SetPropertyInLiteral which uses the version
supporting indexed properties
3) Use the code stub in CloneObjectIC, rather than using the smaller
special-cased version which does not handle Names.
Item 1) involves a refactoring which adds a nice way to reuse code in
KeyedStoreGenericAssembler, which allows deleting a bunch of copy/pasted
code. This makes it easy to reuse the index handling in
KeyedStoreGeneric() without adding adding a bunch more duplicated
handling. Because of this, I consider this to be somewhat of a cleanup,
though if the copied code is preferred, I'm happy to revert to that.
Item 2) is needed for Object.fromEntries(), as it's better to not
require falling back to the slow path if a key happens to be an Smi ---
but this is also optional.
Item 3) benefits the codebase by allowing Object.fromEntries() to use
this fast path without calling into the runtime, and without duplicating
code which is also used by CloneObjectIC.
I am skeptical that this should affect performance significantly. I've
run ObjectLiteralSpread tests, and the mean of scores over 100 runs is
somewhat surprising: CloneObjectIC --- the only user of this code,
has an increased average score, while the polyfill cases score slightly
worse --- However, the overall changes are small and likely flukes.
The complete processed test output is below:
```
// Mean of 100 runs of each benchmark
Babel-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 11530.87 | 12142.92 | -5.04%
-----+---------------------------+---------------------------+-------
BabelAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 10881.41 | 11260.81 | -3.37%
-----+---------------------------+---------------------------+-------
ObjectAssign-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 6188.92 | 6358.55 | -2.67%
-----+---------------------------+---------------------------+-------
ObjectAssignAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 6112.80 | 6275.54 | -1.61%
-----+---------------------------+---------------------------+-------
ObjectSpread-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 51942.93 | 50713.17 | +3.46%
-----+---------------------------+---------------------------+-------
ObjectSpreadAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
| With patch | Without patch | diff
Mean | 51375.23 | 50833.29 | +2.09%
-----+---------------------------+---------------------------+-------
```
BUG=v8:8238, v8:8021
R=ishell@chromium.org, jkummerow@chromium.org
Change-Id: I43e102fc461ffd389b5d6810a73f86e5012d7dee
Reviewed-on: https://chromium-review.googlesource.com/c/1277751
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56957}
