This will enable tail call optimization even across inlining. Plus it
might enable some other interesting optimizations as well. In order to
avoid blowing up the generated code, we can still canonicalize the
epilogue in the CodeGenerator, similar to what fullcodegen does.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1215623002
Cr-Commit-Position: refs/heads/master@{#29311}
Reserving space for deserialization can cause GC, which
can evict entries from the string table. Having more deleted
entries now, StringTable::EnsureCapacity could cause a GC
later during deserialization even when we actually still
have enough capacity.
Instead, we now keep new internalized strings in a separate list
and commit them to the string table at the end.
R=ulan@chromium.org
BUG=chromium:502085
LOG=N
Review URL: https://codereview.chromium.org/1204863006
Cr-Commit-Position: refs/heads/master@{#29308}
The issue is that Worker.prototype.terminate was deleting the C++ Worker
object, and then Worker.prototype.getMessage was trying to read messages from
the queue.
The simplest solution is to keep workers in a zombie state when they have been
terminated. They won't be reaped until Shell::CleanupWorkers is called.
I've also fixed some threading issues with Workers:
* Workers can be created by another Worker, so the Shell::workers_ variable
must be protected by a mutex.
* An individual Worker can typically only be accessed by the isolate that
created it, but the main thread can always terminate it, so the Worker::state_
must be accessed in a thread-safe way.
BUG=chromium:504136
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1208733002
Cr-Commit-Position: refs/heads/master@{#29306}
Port d783b76362
Original commit message:
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.
BUG=4206
LOG=N
Review URL: https://codereview.chromium.org/1204903004
Cr-Commit-Position: refs/heads/master@{#29305}
Port 9e7af9efc5
Original commit message:
It's useful for the megamorphic keyed store case to not require a
vector and slot as input. Analogous to the load case, we have a dummy
one-ic-slot vector to aid. Since the only kind of MISS is for
megamorphic cache stub failures, we don't need the real vector.
The reason is that megamorphic cache stub failures don't result in any
change to the type feedback vector state.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1212493002
Cr-Commit-Position: refs/heads/master@{#29302}
Now that we keep tabs on shared function infos from a script, we can speed up finding shared function infos for debugging. However, in case we have to compile a function that cannot be lazily compiled without context, we fall back to the slow heap iteration.
R=mstarzinger@chromium.org
BUG=v8:4132,v8:4052
LOG=N
Review URL: https://codereview.chromium.org/1206573004
Cr-Commit-Position: refs/heads/master@{#29296}
Currently DebugInfo objects can be created independently from whether
the debugger is active. When tearing down the isolate, we would go
through DebugInfo objects and iterate through break locations,
causing this assertion to fail.
R=ulan@chromium.org
BUG=v8:4241
LOG=N
Review URL: https://codereview.chromium.org/1210813002
Cr-Commit-Position: refs/heads/master@{#29286}
It's useful for the megamorphic keyed store case to not require a
vector and slot as input. Analogous to the load case, we have a dummy
one-ic-slot vector to aid. Since the only kind of MISS is for
megamorphic cache stub failures, we don't need the real vector.
The reason is that megamorphic cache stub failures don't result in any
change to the type feedback vector state.
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1210583002
Cr-Commit-Position: refs/heads/master@{#29280}
This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1210523002
Cr-Commit-Position: refs/heads/master@{#29275}
We need to do the ToName before the ToObject.
BUG=v8:4229
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1211663002
Cr-Commit-Position: refs/heads/master@{#29272}
If the replacer array contains a number wrapper we should use the
toString result and not valueOf.
BUG=v8:4228
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1207013002
Cr-Commit-Position: refs/heads/master@{#29270}
The i18n.js code was calling a lot of methods, which might have been
removed or replaced by user code.
Make sure we use the original functions.
BUG=v8:4220
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1199813004
Cr-Commit-Position: refs/heads/master@{#29268}
Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.
This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.
BUG=chromium:503968
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1211433003
Cr-Commit-Position: refs/heads/master@{#29265}
