The LoadElimination must be able to print Maps, so we need to allow
handle dereferencing here.
Change-Id: Id39a6db5a4f40ec6212404b3aa30a36fdd1ba57e
Reviewed-on: https://chromium-review.googlesource.com/1188127
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55374}
In LoadElimination leverage the fact that initializing stores (i.e.
stores to freshly allocated objects) cannot touch existing objects,
since the object can only escape once it's fully initialized and
then all accesses will happen on the FinishRegion node instead of
the naked Allocate node.
This helps to eliminate the redundant map checks and "length" accesses
to arrays, since TurboFan now knows that the iterated array cannot
alias with neither the freshly allocated ArrayIterator nor the
freshly allocated IterResultObject instances. This improves the times
on the benchmark in the tracking bug from
console.timeEnd: forOf, 188.111000
console.timeEnd: traditional, 116.380000
console.timeEnd: forOf, 170.721000
console.timeEnd: traditional, 108.209000
console.timeEnd: forOf, 168.491000
console.timeEnd: traditional, 108.839000
to
console.timeEnd: forOf, 192.501000
console.timeEnd: traditional, 106.909000
console.timeEnd: forOf, 138.364000
console.timeEnd: traditional, 103.232000
console.timeEnd: forOf, 138.755000
console.timeEnd: traditional, 102.928000
when running with untrusted code mitigations turned off, and thus
corresponds to a ~18% performance improvement, roughly cutting the
performance difference between the traditional for loop and the for..of
loop in half.
Besides for..of loops this will also help with array destructuring
patterns where TurboFan also emitted redundant map checks on the array
and didn't eliminate the redundant "length" accesses.
Bug: v8:8070
Change-Id: Iab283247f6d304d1e3c7c147f32ab957577aad21
Reviewed-on: https://chromium-review.googlesource.com/1188124
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55373}
This also refactors CodeAssembler::Branch(condition,true_label,false_label)
to support constant folding, and adds Branch(condition,true_label,false_body)
variants for special cases.
Change-Id: Ifc04442657295124a95c60f76efde5c46de6f1b5
Reviewed-on: https://chromium-review.googlesource.com/1186136
Commit-Queue: Kanghua Yu <kanghua.yu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55372}
This CL fixes the "sort-lengths" benchmark so the ElementsKind of the
array to sort is PACKED_SMI again. This was somehow broken.
R=jgruber@chromium.org
Change-Id: I129e001eae4c88e9f99174b3494193232d933c3f
Reviewed-on: https://chromium-review.googlesource.com/1188122
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55371}
This CL adds a baseline implementation for Array.p.reverse in Torque,
as well as fastpaths for PACKED elements kinds.
Support for sparse JSArrays was removed.
R=jgruber@chromium.org, petermarshall@chromium.org
Bug: v8:7624
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I12900fbbb44746f1c5d36b78be826e14b88b4f69
Reviewed-on: https://chromium-review.googlesource.com/1185600
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55369}
This reverts commit 524215be1a.
Reason for revert: Breaks cfi:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20-%20cfi/16422
Original change's description:
> Use new arraybuffer deleter interface in d8
>
> With this cl we start using the custom deleter to free externalized
> array buffers. This also allows us to keep wasm memories registered
> with the wasm memory tracker and thereby to propagate that a memory
> is wasm allocated over postMessage calls.
>
> Bug: v8:8073, chromium:836800
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
> Reviewed-on: https://chromium-review.googlesource.com/1186681
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55361}
TBR=mstarzinger@chromium.org,herhut@chromium.org
Change-Id: I64c4e76d8d68bad8df4ba3297c099b9b44eabc7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8073, chromium:836800
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1187241
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55366}
PAGE_TARGETS_INVALID tells CFG (Control Flow Guard) to mark all
addresses as invalid indirect branch targets. This makes exploits more
difficult. The benefit is minor because most of the code in the Chrome
process doesn't use the CFG checks, but this will close off a few
weaknesses and is the direction we will want to go in eventually
anyway (with specific targets or call sites opted-in to allowing
calls, using SetProcessValidCallTargets).
PAGE_TARGETS_INVALID may ultimately cause CFG to not allocate memory -
that is implied by Windows Internals 7th Edition - and if that is
implemented then this change will save some modest amount of memory.
PAGE_TARGETS_INVALID was introduced in Windows 10 - according to
Windows Internals Part 1 7th Edition - prior to that it will cause
VirtualAlloc to fail.
Bug: chromium:870054
Change-Id: Ib1784fba37cc0ecb5fe5df595f1519531b3b3a20
Reviewed-on: https://chromium-review.googlesource.com/1186025
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55365}
This is a reland of b10a967f4b
Original change's description:
> [wasm] Add feature counter for threads and shared memory
>
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
>
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
>
> R=ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}
Bug: chromium:868844
Change-Id: Iac3a38d80fa71aadd7147704669a8fd671ecfae8
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186343
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55363}
With this cl we start using the custom deleter to free externalized
array buffers. This also allows us to keep wasm memories registered
with the wasm memory tracker and thereby to propagate that a memory
is wasm allocated over postMessage calls.
Bug: v8:8073, chromium:836800
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
Reviewed-on: https://chromium-review.googlesource.com/1186681
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55361}
This is a reland of 9e48a24fd9
Original change's description:
> Reland "[array] Move Array.p.sort to Torque and use TimSort instead of QuickSort"
>
> The CL was reverted because it broke some tests in ChromeOS.
>
> > [array] Move Array.p.sort to Torque and use TimSort instead of QuickSort
> >
> > This CL changes the sorting algorithm used in Array.p.sort from
> > QuickSort to TimSort (implemented in Torque).
> >
> > Detailed performance results can be found here: https://goo.gl/4E733J
> >
> > To save on code space, fast-paths are implemented as sets of
> > function pointers instead of specializing generics.
> >
> > R=cbruni@chromium.org, jgruber@chromium.org
> >
> > Bug: v8:7382, v8:7624
> > Change-Id: I7cd4287e4562d84ab7c79c58ae30780630f976de
> > Reviewed-on: https://chromium-review.googlesource.com/1151199
> > Commit-Queue: Simon Zünd <szuend@google.com>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55003}
>
> Bug: v8:7382, v8:7624
> Change-Id: Ic7a3230f3708177774b0760f08b7659d83ec5505
> Reviewed-on: https://chromium-review.googlesource.com/1184901
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55325}
Bug: v8:7382, v8:7624
Change-Id: I297611f45c09967e0f6961156b0c9ebdebc7053f
Reviewed-on: https://chromium-review.googlesource.com/1186801
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55360}
The WasmCompilationData was a struct that served as an input/output
mechanism for communicating with the code generator. In particular,
it contained a flag for enabling runtime exception for WASM in the code
generator and it also gathered the protected instruction info from
the code generator to be communicated to the WasmCodeManager.
This CL inlines the exception support flag into OptimizedCompilationInfo
and the protected instruction information into the code generator,
along the lines of other flags and data structures created by the
code generator.
R=mstarzinger@chromium.org
Change-Id: If436636067f1a829a095310a73045fe3301cb694
Reviewed-on: https://chromium-review.googlesource.com/1186409
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55358}
This CL removed padding from Abort on ARM, which is no longer needed.
Bug: v8:8054
Change-Id: I7ff0b88ba90e10d15b67b5ae8ca80f2cf7460498
Reviewed-on: https://chromium-review.googlesource.com/1183664
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55356}
The test is timing out on the Arm simulator when TimSort is disabled.
NOTRY=true
TBR=sigurds@chromium.org
Bug: v8:7783
Change-Id: I51e159822d0010253a458f0c380c52f27f7fe972
Reviewed-on: https://chromium-review.googlesource.com/1186583
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55354}
This change writes a magic number into the root register,
and checks that we have the number still in at StackChecks.
Change-Id: Ib00d2a7ede651997ae9459cf4bdcc6be3952353b
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1186402
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55353}
No need to create allocation site for array literals in oneshot code since
they are executed only once. The interpreter emits a runtime call to
CreateArrayLiteralWithoutAllocationSite for creating literals in
oneshot code instead.
Change-Id: I285879c84759ff9e2ce281e9548112f52ce5e7d1
Reviewed-on: https://chromium-review.googlesource.com/1167843
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55349}
The constructor that accepts a size for vector default initializes the
elements. Using reserve() instead avoids this but still ensures the
capacity.
Change-Id: I8effb62ba1f9598a0081c2c959b2f7a5d6c587e6
Reviewed-on: https://chromium-review.googlesource.com/1186407
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55348}
Currently, we use an AllocationKind to signal to the embedder how v8
has allocated the backingstore of an array buffer. The embedder then has
to implement matching logic to free an exernalized buffer. By Using
custom deleters v8 can communicate how to free an externalized array
buffer without requiring all embedders to implement corresponding
freeing logic.
Bug: v8:8073
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I553dec31ba167d6a7b342ded50d685be7dffd1c5
Reviewed-on: https://chromium-review.googlesource.com/1183484
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55347}
Use CheckBounds and reduce the number of checks required to sanitize the
indices for DataView accesses in optimized code. Also constant-fold the
[[ByteLength]] if the DataView is a known compile-time constant (similar
to what we do for TypedArrays already). This further improves performance
of DataViews by 2-7% depending on the exact test case.
With this change DataView and TypedArray accesses themselves are mostly
on par performance wise.
Since this CL introduces proper CheckBounds for the DataViews, instead
of the hand-craftet bounds checks, it is expected to regress performance
when untrusted code mitigations are on, since DataViews are also guarded
in optimized now. Without untrusted code mitigations, there's no negative
performance impact.
Tbr: sigurds@chromium.org
Bug: chromium:225811, chromium:876005
Change-Id: I4a69f81124635c9ba2c7e4c2dc912e2fd601061a
Reviewed-on: https://chromium-review.googlesource.com/1186408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55346}
This reverts commit f4ca3fc56e.
Reason for revert: Since TF (js-call-reducer) calls into the C++ builtin, it is easier (cleaner for now) to implement the baseline version in C++ instead of Torque.
Original change's description:
> [array] Prepare Array.p.shift for removal of the JavaScript fall-back
>
> This CL changes the ArrayPrototypeShift builtin to a CSA macro which
> is used in a newly created Torque builtin.
>
> This is in preparation for removing the JavaScript fall-back, which
> will be replaced by a baseline Torque implementation.
>
> R=cbruni@chromium.org, jgruber@chromium.org
>
> Bug: v8:7624
> Change-Id: I9b7898beea2802cc02d394e040a1e500387cf108
> Reviewed-on: https://chromium-review.googlesource.com/1169172
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@google.com>
> Cr-Commit-Position: refs/heads/master@{#55036}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7624
Change-Id: I4929eefaa90ff8681bc8ae20e3ea3fe84ee7f1e8
Reviewed-on: https://chromium-review.googlesource.com/1186342
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55345}
Changes the alignment so we don't have to pad after the first int.
Bug: v8:7926
Change-Id: I8fba9b415ef85118c6abf19902fb857584535a6e
Reviewed-on: https://chromium-review.googlesource.com/1186321
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55344}
Removes some unused functions in ParseInfo and makes the associated fields unique_ptr instead
of shared_ptr. Also removes an unused zone in Compiler.
Change-Id: Idf1fbfb523cfc2b9a265d2855b1167770203cfd5
Reviewed-on: https://chromium-review.googlesource.com/1185193
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55342}
With the previous changes the builtin would take the slow path for
JSArray's when the iterator was already exhausted (i.e. the internal
[[ArrayIteratorNextIndex]] field contains 2^32-1 as HeapNumber), even
though that could also be handled in the fast path. This changes the
handling such that the three distinct cases (if_array, if_other and
if_typedarray) are really distinct, and all JSArray's are always
handled by the if_array case.
Bug: v8:7510, v8:7514, v8:8070, chromium:876654
Change-Id: I1636b0616645f9e99f34f851df410992653cb380
Reviewed-on: https://chromium-review.googlesource.com/1186403
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55341}
This reverts commit b10a967f4b.
Reason for revert: Breaks a TSAN bot - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/22122
Original change's description:
> [wasm] Add feature counter for threads and shared memory
>
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
>
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
>
> R=ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}
TBR=ulan@chromium.org,titzer@chromium.org,ahaas@chromium.org
Change-Id: Id011b6707b3359598621b315b87171644132b0ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186421
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55340}
When switching log files, if a function was selected the timeline would
attempt to draw its ticks and would usually crash. It would also
preserve the selected section of the timeline.
This patch wipes out the current state when loading a new log file,
with the exception of the current mode (Summary, Bottom up, etc). As a
consequence, the timeline size is now calculated in TimelineView.render
so it will always be drawn at the right size.
Bug: v8:6240
Change-Id: Ie15dd9b225901c8f4df614444458ae2aeaf74ccc
Reviewed-on: https://chromium-review.googlesource.com/1186340
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55339}
This is another step towards a kRootRegister on ia32 and removes
kRootRegister from generic interface descriptors.
Drive-by: Better error message for type mismatches in machine graph
verification.
Drive-by: Use PreserveRootIA32 register config for all builtins.
Bug: v8:6666
Change-Id: I920d4d6f3085da9734f6aa3bd3ee020abbc289fc
Reviewed-on: https://chromium-review.googlesource.com/1186330
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55338}
This adds a feature counter for WASM shared memory (i.e. the presence
of the "shared" bit in a WASM module's memory section) and the usage
of WASM threads opcodes (i.e. wake/wait and atomics).
This CL also plumbs the WasmFeatures through the compilation pipeline
to detect features as functions are being compiled.
R=ahaas@chromium.org, ulan@chromium.org
BUG=chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
Reviewed-on: https://chromium-review.googlesource.com/1186329
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55337}
This CL fixes wrong parentheses that caused the sort-length benchmark
to generate "random" arrays that only contained zeroes.
R=ishell@chromium.org
Change-Id: Ie2a564da037425a4ef9c2417597cdc13b497e32b
Reviewed-on: https://chromium-review.googlesource.com/1186332
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55336}
Changing reported_errors_ from a ZoneList to a ZoneVector caused
regressions in Octane/CodeLoad and some other parsing benchmarks. This
could be because we don't give the vector an initial size.
Change-Id: I42c6ae063681dc3490dbab260085e801e24ac569
Reviewed-on: https://chromium-review.googlesource.com/1186328
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55335}
This patch inlines some functions that improve parse time on code-load
an jquery.
Bug: v8:7926
Change-Id: Ida98b5d63fae9205282c23037aebb4ab2d38a7e2
Reviewed-on: https://chromium-review.googlesource.com/1184917
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55334}
A first baby-step towards embedded builtins on ia32. This adds the
initial implementation for indirect load functionality (they still
depend on embedded external references to get the roots pointer).
External reference operands still directly embed external references.
We can change these sites to be root-relative once the root register
exists.
Drive-by: replace raw jmp(HeapObject), call(HeapObject),
mov(HeapObject) uses by their macro-assembler counterparts and add
sanity-checks to ensure we're not calling them by accident when
generating isolate-independent code.
Bug: v8:6666
Change-Id: Ide11273721bcdaaee06934eedeca9f39346d1d50
Reviewed-on: https://chromium-review.googlesource.com/1170687
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55332}
And other related cleanups (additional asserts, use named register
constants instead of the raw register name where appropriate).
Drive-by: Unset kOffHeapTrampolineRegister (it's unused on ia32).
Bug: v8:6666
Change-Id: Id2b94e0b9dbfa5d3bbacc80ec7424d38c4145658
Reviewed-on: https://chromium-review.googlesource.com/1185011
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55328}
