Many values stored in the preparse data for the skippable functions
fit in one byte most of the time. The varint encoding uses a single
continue bit per byte to tell whether there is a following byte.
Change-Id: Ia0a622ba42a338fc91eea1e0c1a72d2582d9f867
Reviewed-on: https://chromium-review.googlesource.com/c/1400842
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58972}
This current fails, since {mmap} fails with EINVAL for empty mappings.
The destructor already has special handling for a {nullptr} mapping, so
we can just use {nullptr} for empty files. We get a similar error on
windows, and can fix it the same way.
On order to make presubmit checks happy, we have to skip copyright
checking and checking for terminating newlines for empty files.
R=mlippautz@chromium.org
Change-Id: I2b73da7ff6df72d8bdd40df1fff6422e0a46881e
Reviewed-on: https://chromium-review.googlesource.com/c/1424861
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58970}
This removes the unused "argument count" field from the safepoint table
as the field was unused by now and always contained the value zero.
Also note that associating a callee's argument count with the call-site
is not compatible with tail-call support. When tail-calling a function
with a different number of arguments, the information associated with
the call-site becomes stale. The number of arguments is a property of
the callee, not of the call-site in the caller. For this reason the
field in question is not usable to support reference types in function
arguments (at least when tail-calls are also supported).
R=ahaas@chromium.org
Change-Id: If667d729267f2dd2642b755c54235cc08ca9b141
Reviewed-on: https://chromium-review.googlesource.com/c/1402548
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58969}
The purpose of the {WireBytesStorage} (typically held in a shared_ptr
itself) is to keep the actual wire bytes alive. Thus implement it this
way for the {NativeModuleWireBytesStorage}.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: I8f171b4fa8b80b517badb1b1d3228503a32830dd
Reviewed-on: https://chromium-review.googlesource.com/c/1421362
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58966}
The change is just a refactoring without functional changes.
Bug: chromium:923361
Change-Id: Ie633c56122ff72658f0238dc40db698350a7b8e7
Reviewed-on: https://chromium-review.googlesource.com/c/1421363
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58963}
The temp registers might be needed by the assembler, so avoid using them
in LiftoffAssembler. Use Liftoff cache registers instead. This might
introduce additional spills if all registers are in use, but this is
unlikely.
This also simplifies the logic to ensure non-aliasing of certain
registers.
R=ahaas@chromium.org
Bug: chromium:922933, v8:6600
Change-Id: Ie929d9de0b6f4f41c6117d820b6a367dd0a342f7
Reviewed-on: https://chromium-review.googlesource.com/c/1424862
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58961}
This allows us to stop tracking variables_ in the preparser.
This currently makes us track slightly more variables than neccessary in the
case `for (var ...` since `var ... of` needs to check conflicts with out simple
catch variables. We should probably track the names through a ScopedPtrList
instead of a ZonePtrList anyway. Then it won't matter anymore.
Change-Id: I64e3f9ab13af8269456439cf15b0bc4d5b9e5380
Reviewed-on: https://chromium-review.googlesource.com/c/1421360
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58960}
This is a reland of 4e1d7c87b9.
Failure on arm and arm64 is fixed by https://crrev.com/c/1411885.
Original change's description:
> [wasm] Split compilation in three stages
>
> In order to refactor ownership between objects in wasm compilation, the
> compilation (executed by background tasks) is split in three stages:
> getting a compilation unit (while holding a mutex), executing the work
> (without any mutex and without keeping the NativeModule alive), and
> submitting the work (with a mutex again).
>
> This CL prepares this design by splitting compilation from submission.
> Both steps are still executed right after each other. This will be
> changed in a follow-up CL.
>
> R=titzer@chromium.org
> CC=mstarzinger@chromium.org
>
> Bug: v8:8689
> Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
> Reviewed-on: https://chromium-review.googlesource.com/c/1414920
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58929}
TBR=titzer@chromium.org
Bug: v8:8689
Change-Id: I58ff07d0e0ac8df0f6ee23c416f992954f4673d2
Reviewed-on: https://chromium-review.googlesource.com/c/1422748
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58959}
This extends the CodeReference class to be able to hold a pointer to
a CodeDesc struct which represents finished but unpublished wasm
code.
For readability, it refactors the implementation of the dispatch for
the different CodeReference kinds.
R=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: Idd031dffaa9d80740c073b6cca0fc3561c5df0c1
Reviewed-on: https://chromium-review.googlesource.com/c/1411885
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58958}
- Use unique ptrs for owned objects
- Remove friendship with CpuProfiler and replace with public API
- Remove unused method LogFailure()
- Remove StopProfiler() which was only used by LogFailure() (removed)
and one test, which can use StopProfilerThread() instead
- Remove 'paused' state which was only used by the above
- Remove 'engage' state. There is no reason we need this as along as
users keep track of Engage/Disengage calls
Drive-by cleanup:
- Remove import of log.h from profile-generator.h
- Remove unnecessary includes of log.h
Change-Id: Ifc4ca156bef038c40953f8361ffea17788e3a59b
Reviewed-on: https://chromium-review.googlesource.com/c/1424338
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58957}
Fix fixes a minor DCHECK error, which fired because usually only
LiftoffRegisters of the same type should be compared against each
other. In the RegisterReuseMap we store both register pairs and single
registers, hence check for pair vs non-pair comparisons explicitly.
R=ahaas@chromium.org
Bug: v8:6600, chromium:922670
Change-Id: I18beb61b6b1906cc42bcf6e7dfdd5eb803e874d7
Reviewed-on: https://chromium-review.googlesource.com/c/1421921
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58956}
Simplify the internal state of Sampler a bit. There are basically two
users of Sampler - the CpuSampler used by the CpuProfiler and the
Ticker used by log.cc. Ticker calls Start/Stop to manage the Sampler
lifetime, but CpuProfiler does not. This leads to much confusion and
overlap of functionality.
Fix that here by removing the distinction between active, registered
and isProfiling states. These are now all the same thing and are
represented by IsActive(). The state is set to active when Start is
called, and set inactive when Stop is called. Both users of Sampler
now call Start and Stop at appropriate times.
The concept of profiling depth was not used - each Sampler would
only ever have a sampling depth of 1. We still need to call
SignalHandler::IncreaseSamplerCount(), so we do that in Start
and the corresponding DecreaseSamplerCount() in Stop.
Change-Id: I16a9435d26169a7dd00b1c7876e66af45f12e4b0
Reviewed-on: https://chromium-review.googlesource.com/c/1424337
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58955}
Use variable tracking from ExpressionScopes rather than the PatternRewriter and
PreParserExpression::variables_ to declare variables.
We only figure out that variables are non-simple parameters once we see the
first non-simple parameter. This still uses the pattern rewriter to make
variables non-simple (kLet instead of kVar).
Change-Id: I4a4ee4852d667c26806bb24896722cfea3e093f2
Reviewed-on: https://chromium-review.googlesource.com/c/1417630
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58954}
Since the PreparseData now directly contains the byte data inline it can
grow very large as well.
Bug: chromium:923264
Change-Id: I456d5bcbfb40587b283584f726d9e084061fd30f
Reviewed-on: https://chromium-review.googlesource.com/c/1421321
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58953}
This CL adds a stack check to the TFS builtin "FlattenIntoArray" as it
is called recursively and can cause a SEGV with a large enough
"depth" argument.
R=jgruber@chromium.org
Bug: v8:8708
Change-Id: I833506531bcff1c4703b9a21678028cf0e63638d
Reviewed-on: https://chromium-review.googlesource.com/c/1424858
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58952}
With and without infra_staging flag testrunner behaves the same for old
features. This CL removes duplicate tests testing the same behavior.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
No-Try: true
Bug: v8:8174
Change-Id: Icf7bea15b2343b90697016d050fa0d918a99997d
Reviewed-on: https://chromium-review.googlesource.com/c/1424859
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58951}
There's no reason to use our self-baked atomics anymore. Also
- Changes two boolean values to use a boolean instead of an int
- Uses a unique ptr for data_
- Removes has_processing_thread_ which is not used
- Moves most initialization inline into the class
- Removes SetUp/TearDown which weren't needed
Change-Id: I8f50133636961502d56351abd2fb17196603a01a
Reviewed-on: https://chromium-review.googlesource.com/c/1422918
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58950}
With this change, we use the same heuristics for picking free registers
and for picking a blocked register to spill. This is mostly cleanup to
make results less surprising.
Change-Id: I09d031c758ffbd02798d573bc9e68a474e916418
Reviewed-on: https://chromium-review.googlesource.com/c/1411607
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58948}
This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: Iae84d16a037386bebfeaa7e8fb0648da295653b4
Reviewed-on: https://chromium-review.googlesource.com/c/1419225
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58947}
Moved class definitions into header
Change-Id: I2d3e5ec6f8f5068284cdbaa6900797950fc7e01a
Reviewed-on: https://chromium-review.googlesource.com/c/1422739
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58946}
There is no reason to use the custom map here anymore. This lets us
get rid of the custom hash and a lot of casts.
We can also store the SamplerList by value in the map rather than a
pointer, then we don't have to manage the lifetime explicitly.
Also move the SamplerList typedef inside of SamplerManager because it's
an internal detail. Remove the include for <map> because we aren't using
this anywhere anyway.
Change-Id: I787a1b6c3ffc331ec3f36e66d5e07bd115c4cbb4
Reviewed-on: https://chromium-review.googlesource.com/c/1419317
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58945}
Moving to a lazy test loading approach makes counting the total number of tests
non-trivial.
For CI runs, we output the total number of tests after the run.
For users, progress indicator signals the status of the run.
R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174
Change-Id: I0731964515aac60a3629acee6c7243433a2b4e04
Reviewed-on: https://chromium-review.googlesource.com/c/1420677
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58944}
Fix WebAssembly's table/get-set js-api. The argument is a unsigned long,
this change refactors most of arithmetic and bounds checks type from
int64 to uint32_t, according to the spec.
Bug: v8:8319
Change-Id: I088f631c6805b0e5ba29089b08ea15e78fe5852d
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1414914
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58941}
Use more idiomatic c++ and add slightly better comments.
Change-Id: Id6397a25851915eb10a0370d23dc41ca7fce3c2e
Reviewed-on: https://chromium-review.googlesource.com/c/1418194
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58937}
Fix WebAssembly's table/grow js-api. The argument is a unsigned long,
this change refactors most of arithmetic and bounds checks type from
int64 to uint32_t, according to the spec.
Bug: v8:8319
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: Ia29121c930d7fb930668e54a5a769dae25234f2c
Reviewed-on: https://chromium-review.googlesource.com/c/1351006
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58936}
Though I'm not (yet) a much of a wasm code expert, I have made and
reviewed a number of changes to this file, and feel pretty comfortable
with it, so I figured it might be reasonable starting place.
Change-Id: I8d5d0b219def6adeba52e752467bb0405554ee01
Reviewed-on: https://chromium-review.googlesource.com/c/1418593
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58935}
Turns on --harmony-hashbang when experimental JS features are enabled.
BUG=v8:8523
R=gsathya@chromium.org, adamk@chromium.org
Change-Id: I2b1e6c146d900cb8a998060b4b93127f907b6728
Reviewed-on: https://chromium-review.googlesource.com/c/1417382
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58933}
This reverts commit 4e1d7c87b9.
Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/14986
Original change's description:
> [wasm] Split compilation in three stages
>
> In order to refactor ownership between objects in wasm compilation, the
> compilation (executed by background tasks) is split in three stages:
> getting a compilation unit (while holding a mutex), executing the work
> (without any mutex and without keeping the NativeModule alive), and
> submitting the work (with a mutex again).
>
> This CL prepares this design by splitting compilation from submission.
> Both steps are still executed right after each other. This will be
> changed in a follow-up CL.
>
> R=titzer@chromium.org
> CC=mstarzinger@chromium.org
>
> Bug: v8:8689
> Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
> Reviewed-on: https://chromium-review.googlesource.com/c/1414920
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58929}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: Ic3d0287b354ef5f834b76bc2cdc096d2231f4477
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8689
Reviewed-on: https://chromium-review.googlesource.com/c/1422917
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58932}
- Introduce NodeSpace that holds allocation related logic.
- Provide std compatible iterator for node iteration.
This allows for creating a different internal node type.
The change is just a refactoring without functional changes.
Bug: chromium:923361
Change-Id: I424f821d96b3a82f64024aedff6c289d3eec11a2
Reviewed-on: https://chromium-review.googlesource.com/c/1418192
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58931}
In order to refactor ownership between objects in wasm compilation, the
compilation (executed by background tasks) is split in three stages:
getting a compilation unit (while holding a mutex), executing the work
(without any mutex and without keeping the NativeModule alive), and
submitting the work (with a mutex again).
This CL prepares this design by splitting compilation from submission.
Both steps are still executed right after each other. This will be
changed in a follow-up CL.
R=titzer@chromium.orgCC=mstarzinger@chromium.org
Bug: v8:8689
Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
Reviewed-on: https://chromium-review.googlesource.com/c/1414920
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58929}
testrunner has tests asserting about the implementation details, assertions
about the behavior of the testrunner (already in-place) provides robust coverage
already.
This cl remove the brittle assertions.
R=machenbach@chromium.orgCC=yangguo@chromium.org,sergiyb@chromium.org
Bug: v8:8174
Change-Id: I6583c971b7cf7eb2eb7dfa2b6737d6aa67957feb
Reviewed-on: https://chromium-review.googlesource.com/c/1421359
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58928}
MIPS32 doesn't have constraint for maximum code range or maximum PC
relative code range, and allocation of kMaxPCRelativeCodeRangeInMB
memory results in OOM failure from allocator.
This patch also skips verifying transitive builtins for 64-bit MIPS
because it doesn't have implemented pc-relative calls and jumps yet.
Change-Id: I7cad154827c2a9fd274901895a5a54c5ce176b03
Reviewed-on: https://chromium-review.googlesource.com/c/1414853
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58927}
By using a shared byte buffer on the preparser we can drastically
reduce the number of ZoneChunkLists.
Each PreparseDataBuilder now explicitly keeps track of all inner
builders/functions and writes out the data in consecutive order.
Change-Id: I0aada118d869b150108c1f633d9960474ad2f9a1
Reviewed-on: https://chromium-review.googlesource.com/c/1411600
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58926}
This reverts commit d5e63b03bf.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/5312
Original change's description:
> Reland "[GC] Ensure JSFunctions with flushed bytecode are flushed during GC."
>
> This is a reland of f5729f1cda
>
> TBR=ulan@chromium.org
>
> Original change's description:
> > [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
> >
> > When bytecode is flushed from a SFI, the JSFunctions still retain their
> > FeedbackVector's and point to the interpreter entry trampoline. They are
> > reset if re-executed, however if not they could hold onto the feedback
> > vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> > need to be reset, and performs the reset at the end of GC.
> >
> > BUG=v8:8395
> >
> > Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> > Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58775}
>
> Bug: v8:8395
> Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
> Reviewed-on: https://chromium-review.googlesource.com/c/1414859
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58924}
TBR=ulan@chromium.org,rmcilroy@chromium.org
Change-Id: I5d3012d4c7277ae792b0488780ff426d51dd602f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8395
Reviewed-on: https://chromium-review.googlesource.com/c/1421838
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58925}
This is a reland of f5729f1cdaTBR=ulan@chromium.org
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
Bug: v8:8395
Change-Id: I9bc84b62332575a080561c51f08b699b91e41e4a
Reviewed-on: https://chromium-review.googlesource.com/c/1414859
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58924}
