AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ross McIlroy	994db73210	[cleanup] Add missing %PrepareFunctionForOptimize in mjsunit tests Bug: v8:8801,v8:8394,v8:9183 Change-Id: I55027b3ba0c78f40d82aaf2d160aaf957d02cab5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662292 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62214}	2019-06-17 13:14:51 +00:00
Michael Starzinger	6ee0b6cec6	[turbofan] Correct lazy deopt by {JSCreate} operation. This adds support for deoptimizing into the JSConstructStub after the receiver instantiation but before the actual constructor invocation. Such a deoptimization point is needed for cases where instantiation might be observed (e.g. when new.target is a proxy) and hence might trigger a deopt. We use this new deoptimization point for the "after" frame-state the inliner attaches to {JSCreate} nodes being inserted when constructor calls are being inlined. R=jarin@chromium.org TEST=mjsunit/regress/regress-5638b BUG=v8:5638 Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd Reviewed-on: https://chromium-review.googlesource.com/440125 Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43149}	2017-02-13 10:14:54 +00:00

Author

SHA1

Message

Date

Ross McIlroy

994db73210

[cleanup] Add missing %PrepareFunctionForOptimize in mjsunit tests

Bug: v8:8801,v8:8394,v8:9183
Change-Id: I55027b3ba0c78f40d82aaf2d160aaf957d02cab5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662292
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62214}

2019-06-17 13:14:51 +00:00

Michael Starzinger

6ee0b6cec6

[turbofan] Correct lazy deopt by {JSCreate} operation.

This adds support for deoptimizing into the JSConstructStub after the
receiver instantiation but before the actual constructor invocation.
Such a deoptimization point is needed for cases where instantiation
might be observed (e.g. when new.target is a proxy) and hence might
trigger a deopt.

We use this new deoptimization point for the "after" frame-state the
inliner attaches to {JSCreate} nodes being inserted when constructor
calls are being inlined.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-5638b
BUG=v8:5638

Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd
Reviewed-on: https://chromium-review.googlesource.com/440125
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43149}

2017-02-13 10:14:54 +00:00

2 Commits