This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
directly rather than moving it, and allows us to skip reparenting in the simple
parameter arrow function cases.
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/1397664,
simply splitting out the arrow-function-name-inferring part.
Change-Id: I640d911a9607edc3bbb0e5ff3bf992094e4159e4
Reviewed-on: https://chromium-review.googlesource.com/c/1397701
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58570}
This is a fully semantically preserving CL, it just moves code around a
bit to make the follow-up CL easier to review.
R=ahaas@chromium.org
Bug: v8:6600, v8:8423
Change-Id: I0de80b18faa3ae570894cbd8073c495a5731d255
Reviewed-on: https://chromium-review.googlesource.com/c/1396096
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58569}
Real world websites don't benifit from aborting preparsing to eagerly compile
long trivial functions, and it adds unecessary complexity to the parser and
doesn't work well with bytecode flushing, so we remove it.
Perf Sheriffs: this is expected to regress the MandreelLatency benchmark on
Octane.
BUG=v8:8395
Change-Id: Ia60cd67d4dd100376d2a366939a1d2a97cbc2b0d
Reviewed-on: https://chromium-review.googlesource.com/c/1394297
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58568}
This is a reland of 2963f1b2e3
Original change's description:
> [parser] Simplify ParseFunctionBody
>
> - Merge is_simple branches at the top
> - Remove block around inner_body parsing. Always merge fully at the end.
> - Remove conditional inner block adding to outer body. Simply add it to the
> inner body making merge push it to the parent.
>
> Change-Id: I1f062918a7abac354b949136463517bd0440984f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386111
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58390}
Change-Id: I145f0cb1eda1dca4dd047b55e54b2b1bb704ecf8
Reviewed-on: https://chromium-review.googlesource.com/c/1397662
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58567}
This commit updates gen-postmortem-metadata.py to handle the
new ACCESSORS2 macro. Once that migration is complete,
ACCESSORS2 can be dropped from this script.
A constant is also added for SharedFunctionInfo's
kFunctionDataOffset, which was broken in
a55803a15d.
See: https://github.com/nodejs/node-v8/issues/95
Change-Id: I5c3f960b4fd739a76f96d0ece9543574ff96be0f
Reviewed-on: https://chromium-review.googlesource.com/c/1392449
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58566}
This reverts commit dcd75706c0.
Reason for revert: Breaks layout tests, blocks roll, see
https://crrev.com/c/1396602; there are wasm CLs in this range too,
but this CL looks like the most likely culprit.
Original change's description:
> Reland: [Compiler] Ensure unoptimized code generation is context independent.
>
> Now that Asm.js code is also context independent, move code to ensure context independence
> from BytecodeGenerator to FinalizeUnoptimizedCode.
>
> Reland of CL: https://chromium-review.googlesource.com/c/v8/v8/+/1349236
>
> Change-Id: I718090850870c61733e0719d4091ec60bc080ebb
> Reviewed-on: https://chromium-review.googlesource.com/c/1396201
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58558}
TBR=rmcilroy@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I5f547319f31f87777165361747dd42d223fc0b0e
Reviewed-on: https://chromium-review.googlesource.com/c/1396427
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58564}
We cannot take the fast-path if the user messed with the Symbol.species
property on the Promise.prototype, as that makes the internal promises
observable.
Bug: chromium:917076
Change-Id: I928e0bd17836ca78cf88591610526aa7bc1d293c
Reviewed-on: https://chromium-review.googlesource.com/c/1396426
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58563}
This patch ensures each HTML page has a DOCTYPE (to trigger
standards mode as opposed to quirks mode), a <meta
charset="utf-8">, and a <title>.
Additionally, it removes redundant attribute/value pairs such
as `type="text/javascript"` on <script> elements or
`type="text/css"` on <style> or <link rel="stylesheet">
elements. [1]
Finally, it removes the optional solidus for self-closing HTML
elements. [2]
[1] https://mathiasbynens.be/notes/html5-levels#type-attributes
[2] https://mathiasbynens.be/notes/html5-levels#solidus
Change-Id: I66d2700be120dc8fd52bdf38f9d34749f55e1e7f
Reviewed-on: https://chromium-review.googlesource.com/c/1396084
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58561}
Now that Asm.js code is also context independent, move code to ensure context independence
from BytecodeGenerator to FinalizeUnoptimizedCode.
Reland of CL: https://chromium-review.googlesource.com/c/v8/v8/+/1349236
Change-Id: I718090850870c61733e0719d4091ec60bc080ebb
Reviewed-on: https://chromium-review.googlesource.com/c/1396201
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58558}
With this CL it is possible to import any JavaScript object as an anyref
global. The exception is WasmGlobalObject, which cannot hold anyref
globals yet.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: I5b0fc686a4ec5c579d1d635b53be5ccdf0a78f27
Reviewed-on: https://chromium-review.googlesource.com/c/1382452
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58557}
This reverts commit 26a78061af.
Reason for revert: Not all fuzzers support custom segfault handlers yet, see https://crbug.com/918949
Original change's description:
> Remove trap handler fallback for sanitizers
>
> Since https://crrev.com/c/1335572, our sanitizers allow to set custom
> segfault handlers. Thus remove special code that was added to handle
> sanitizers that prevent installation of segfault handlers. Instead,
> CHECK that the signal handler was installed correctly.
>
> R=ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
>
> Bug: chromium:830894
> Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1392199
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58513}
TBR=mseaborn@chromium.org,ahaas@chromium.org,mark@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:830894, chromium:918949
Change-Id: Ide545860cf7729139ac50c0dd2e85facca49b0b1
Reviewed-on: https://chromium-review.googlesource.com/c/1396277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58556}
Previously we stored the source position table, which stored a mapping
of pc offsets to line numbers, and the inline_locations, which stored a
mapping of pc offsets to stacks of {CodeEntry, line_number} pairs. This
was slightly wasteful because we had two different tables which were
both keyed on the pc offset and contained some overlapping information.
This CL combines the two tables in a way. The source position table now
maps a pc offset to a pair of {line_number, inlining_id}. If the
inlining_id is valid, then it can be used to look up the inlining stack
which is stored in inline_locations, but is now keyed by inlining_id
rather than pc offset. This also has the nice effect of de-duplicating
inline stacks which we previously duplicated.
The new structure is similar to how this data is stored by the compiler,
except that we convert 'source positions' (char offset in a file) into
line numbers as we go, because we only care about attributing ticks to
a given line.
Also remove the helper RecordInliningInfo() as this is only actually
used to add inline stacks by one caller (where it is now inlined). The
other callers would always bail out or are only called from
test-cpu-profiler.
Remove AddInlineStack and replace it with SetInlineStacks which adds all
of the stacks at once. We need to do it this way because the source pos
table is passed into the constructor of CodeEntry, so we need to create
it before the CodeEntry, but the inline stacks are not (they are part of
rare_data which is not always present), so we need to add them after
construction. Given that we calculate both the source pos table and the
inline stacks before construction, it's just easier to add them all at
once.
Also add a print() method to CodeEntry to make future debugging easier
as I'm constantly rewriting this locally.
Bug: v8:8575, v8:7719, v8:7203
Change-Id: I39324d6ea13d116d5da5d0a0d243cae76a749c79
Reviewed-on: https://chromium-review.googlesource.com/c/1392195
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58554}
This CL adds more TypeScript types and inserts some instanceof checks to
ensure typing. The CL also selects es2018 as target and loads es6/es2018
libs for TypeScript types. This ensures that RegExp groups matching
results are properly typed.
Notry: true
Bug: v8:7327
Change-Id: I1a59a1047188a49579c975149b336cc232c05eef
Reviewed-on: https://chromium-review.googlesource.com/c/1396095
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58553}
This CL updates TypeScript, rollup and d3 to newer versions.
Drive-bys:
- Remove unused source file lang-disassembly.
- Fix typing problem with FileReader callback
The rollup version update also ensures that watch mode works again:
npm run-script watch
Change-Id: If852bc4287760017c185fbcb6dd9d2e36db36a04
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396091
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58551}
- Move helper functions to utils
- Use let/const instead of var
- Fix display bug when schedule view was initially selected
Bug: v8:7327
Notry: true
Change-Id: I7caf3dd17b725a4553d035293716f452b9999ed8
Reviewed-on: https://chromium-review.googlesource.com/c/1396088
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58550}
This CL splits out a Graph class from the GraphView, which improves
maintainability and is a first step towards preserving node positions
during phase view changes.
This CL also removes duplication of node storage on the graph and
provides a generator function instead. The only storage for nodes
in the graph is now the {nodeMap}.
Bug: v8:7327
Notry: true
Change-Id: I1659ecfe46f62a12d2fb3c40ccd6f4936f081b53
Reviewed-on: https://chromium-review.googlesource.com/c/1396087
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58549}
"Finishing" currently only means decrementing a counter and notifying
users via the callback if baseline compilation or tier-up finished.
We can totally do this from background, if we spawn foreground tasks to
actually call the callback.
R=ahaas@chromium.org
Bug: v8:7921, v8:8423
Change-Id: I815964d07a4d9111248097c41ebbd650842304c3
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1375662
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58547}
The reference implementation used in the tests does not fully match
the spec, so for the diverging cases we need to explicitly specify
the correct expectation.
Every single change in this patch has been verified against every
major JavaScript engine using eshost + jsvu. All implementations
match the spec (and the V8 implementation), with the following two
exceptions:
- One expectation was wrong because of a JavaScriptCore bug (that
is, we inherited the incorrect expectation when importing the
tests from WebKit). A comment was added for that one.
- This work resulted in the discovery of bugs in Moddable/XS:
https://github.com/Moddable-OpenSource/moddable/issues/112
Change-Id: I05d91d7acc5c8765e941fcd68c1086c2694c710c
Reviewed-on: https://chromium-review.googlesource.com/c/1396081
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58546}
Currently in both kCallerLineNumbers and kLeafNodeLineNumbers modes, we
correctly capture inline stacks. In leaf number mode, this is simple as
we simply add the path onto the existing tree. For caller line numbers
mode this is more complex, because each path through various inlined
function should be represented in the tree, even when there are
multiple callsites to the same function inlined.
Currently we don't correctly show line numbers for inlined functions.
We do actually have this information though, which is generated by
turbofan and stored in the source_position_table data structure on the
code object.
This also changes the behavior of the SourcePositionTable class. A
problem we uncovered is that the PC that the sampler provides for every
frame except the leaf is the return address of the calling frame. This
address is *after* the call has already happened. It can be attributed
to the next line of the function, rather than the calling line, which
is wrong. We fix that here by using lower_bound in GetSourceLineNumber.
The same problem happens in GetInlineStack - the PC of the caller is
actually the instruction after the call. The information turbofan
generates assumes that the instruction after the call is not part of
the call (fair enough). To fix this we do the same thing as above - use
lower_bound and then iterate back by one.
TBR=alph@chromium.org
Bug: v8:8575, v8:8606
Change-Id: Idc4bd4bdc8fb70b70ecc1a77a1e3744a86f83483
Reviewed-on: https://chromium-review.googlesource.com/c/1374290
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58545}
The {movsx_b} instruction can only take byte registers (or operands) as
source. Ensure that for i8 sign extensions to i64, the src register is
moved to a temporary byte register first, similar to the same operation
on i32 a few lines above.
R=ahaas@chromium.org
Bug: chromium:918149, v8:6600
Change-Id: I17bc942127baee57279a7fc0caac9d82bd7c6bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1394555
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58542}
The high GC stressing in this tests causes bytecode flushing which breaks some
invariants in the test.
BUG=v8:8629
Change-Id: I7efff098ed4fa96006c8200e174132a6297bd36f
Reviewed-on: https://chromium-review.googlesource.com/c/1394743
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58541}
regress-6989 uses assertOptimized and will hence fail randomly depending
on GC timing. This means we should not run it under GC stress.
This can be verified by running the test under GC stress and changing the
--gc-interval. It is easy to find values for which the test fails, and
values for which the test passes.
Change-Id: Ibd8bfbc1712ad60830255e4d89ea795023134891
Reviewed-on: https://chromium-review.googlesource.com/c/1396078
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58540}
One spec test is failing at the moment. I disabled it for now and
created an bugtracker issue:
https://crbug.com/v8/8633R=gdeepti@chromium.org
Change-Id: Ibc3087d0582b95395d45d261155f6ac7e1a47f0c
Reviewed-on: https://chromium-review.googlesource.com/c/1394551
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58538}
Make the function return Maybe<std::string> to propagate error.
Bug: chromium:917151
Change-Id: I4330b0c54c122b1eddd3b37e21e0f387cb5d803a
Reviewed-on: https://chromium-review.googlesource.com/c/1392205
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58535}
Port 71180e5447
Original Commit Message:
This changes the CompileLazyDeoptimizedCode call to use the standard
builtin calling sequence, which (for optimized code) creates an
inlined off-heap trampoline instead of embedding a CODE_TARGET.
missing only for the case of inlined trampolines.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie81856899dd5d1b1e745b748ed714d98b4dab7ac
Reviewed-on: https://chromium-review.googlesource.com/c/1394806
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58532}
Port f1cb51ad4e
Original Commit Message:
instead of Object* (which is deprecated) or ObjectPtr (which is
unsuitable for cases where we need to control the ABI exactly).
Callers in generated code expect a plain tagged value, so return
precisely that. Same for C++ Builtins.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I8055c9a9c99dbe8716f810c6b6cc1967bed9c3de
Reviewed-on: https://chromium-review.googlesource.com/c/1393920
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58531}
Port fa3cbf60d5
Original Commit Message:
This changes Torque's builtin pointers to use a Smi representation
underneath instead of storing the Code target object. Callsites look
up the target entry point through IsolateData::builtin_entry_table.
The notable effect of this CL is that builtin pointer calls no longer
call any on-heap Code.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I49bb08de916fd93e576936a56b0e1a0e21072289
Reviewed-on: https://chromium-review.googlesource.com/c/1394301
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58530}
We currently trigger a GC when creating a module while the remaining
uncommitted code space is below 32MB. For bigger modules, this is not
enough. Instead, make this limit relative: Trigger GC if we fall below
50% of the available code space, and re-adjust this limit after each GC
to avoid repeated GCs that do not free anything.
R=ahaas@chromium.org
Bug: v8:8624
Change-Id: I7abfad3b57663d528a26d29232ad6bc2dc63cef4
Reviewed-on: https://chromium-review.googlesource.com/c/1391753
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58527}
This is a partial reland of d3d13e4bb1, which
made an incorrect assumption about how the typer visits the graph.
Bug: chromium:906567
Change-Id: I55b70fdf7e655973e6ae33b64e127252c745517f
Reviewed-on: https://chromium-review.googlesource.com/c/1394549
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58526}
Port f323a5f415
Original Commit Message:
Currently, Torque's builtin pointers store a Code target underneath and
callsites generate a kArchCallCodeObject opcode. When embedded builtins
are enabled, the call thus first calls the on-heap trampoline, which
finally jumps to the target off-heap builtin code.
This will no longer be possible in jitless mode, since on-heap code must
not be executable.
As a step towards changing the way builtin pointers are called
(function pointers will hold the builtin index as a Smi, and callsites
look up the off-heap target address and jump there), this CL adds a
dedicated opcode for builtin pointer calls to the compiler pipeline.
The calling mechanism itself is unchanged, changes there will happen
in a follow-up.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2d2229227e1c62e7c2515d4f5cb3d4dae49b3dd4
Reviewed-on: https://chromium-review.googlesource.com/c/1393913
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58525}
The number of registers is very small, so any integer type is big
enough anyway. Just use the simplest one, which is int.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I9762a5c934848b810b7937ee603cd183f883d557
Reviewed-on: https://chromium-review.googlesource.com/c/1394548
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58524}
We currently de-duplicate used registers also in regions which do not
need merging. In those regions though it can never happen that we need
to pass different values from any merge input. Apart from introducing
unnecessary register moves, this also causes a DCHECK to fail, because
we might later want to merge back different registers into one.
Assume this initial stack state (where each letter is a register):
[A B B C]
If in any child block the two Bs get de-duplicated so something like
[A B D C]
then we run into trouble when merging back this state into the parent
state, because both B and D would need to be put into B.
In this case we can statically infer that B and D must hold the same
value anyway, but having this situation does not make much sense in the
first place, so the DCHECK fires correctly.
R=titzer@chromium.org
Bug: v8:8423, chromium:917412
Change-Id: I24c36b062e04a134cf7051725afab98126753f31
Reviewed-on: https://chromium-review.googlesource.com/c/1392190
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58522}
On x64 the {kScratchRegister} cannot be held in a {LiftoffRegister},
since it is not a valid cache register. Also, the code unnecessarily
checked whether there is an unused cache register, but then didn't use
it. Simplify the logic to always use the scratch register, just
distinguish between 4-byte and 8-byte moves.
On ia32 we did not move 64-bit values correctly if we didn't have
unused registers and needed to move via the stack.
R=titzer@chromium.org
Bug: v8:6600, chromium:917588, chromium:917450
Change-Id: I0bbe946c6ac8fca62f85711ae47afdac9c02ae6b
Reviewed-on: https://chromium-review.googlesource.com/c/1391755
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58521}
