The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4413
LOG=n
Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
Cr-Commit-Position: refs/heads/master@{#30627}
Review URL: https://codereview.chromium.org/1311013008
Cr-Commit-Position: refs/heads/master@{#30629}
Reason for revert:
Breaks nosnap, needs investigation
Original issue's description:
> [builtins] Unify the various versions of [[Call]] with a Call builtin.
>
> The new Call and CallFunction builtins supersede the current
> CallFunctionStub (and CallIC magic) and will be the single bottleneck
> for all calling, including the currently special Function.prototype.call
> and Function.prototype.apply builtins, which had handwritten (and
> not fully compliant) versions of CallFunctionStub, and also the
> CallIC(s), which where also slightly different.
>
> This also reduces the overhead for API function calls, which is still
> unnecessary high, but let's do that step-by-step.
>
> This also fixes a bunch of cases where the implicit ToObject for
> sloppy receivers was done in the wrong context (in the caller
> context instead of the callee context), which basically meant
> that we allowed cross context access to %ObjectPrototype%.
>
> MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
>
> R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
> Cr-Commit-Position: refs/heads/master@{#30627}
TBR=rmcilroy@chromium.org,jarin@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413
Review URL: https://codereview.chromium.org/1328963004
Cr-Commit-Position: refs/heads/master@{#30628}
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1311013008
Cr-Commit-Position: refs/heads/master@{#30627}
Reason for revert:
[Sheriff] Changes several layout test expectations. Please fix upstream first if intended. E.g.:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/1729
Several lines change from PASS to FAIL.
Original issue's description:
> [es5] Class of object is "Function" if object has [[Call]].
>
> The concept of class was mostly removed from ES6, but we still use the
> class of objects to distinguish object kinds in our builtins. So update
> this to be in sync with IsCallable (thereby getting rid of the previous
> instance type based tests for callable things completely).
>
> R=jarin@chromium.org, jkummerow@chromium.org
>
> Committed: https://crrev.com/af778389947f1b01fb036756ea3cb8ed8ab98452
> Cr-Commit-Position: refs/heads/master@{#30566}
TBR=jarin@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1306303005
Cr-Commit-Position: refs/heads/master@{#30568}
The concept of class was mostly removed from ES6, but we still use the
class of objects to distinguish object kinds in our builtins. So update
this to be in sync with IsCallable (thereby getting rid of the previous
instance type based tests for callable things completely).
R=jarin@chromium.org, jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1307943013
Cr-Commit-Position: refs/heads/master@{#30566}
Use a single JSIteratorResult type for all implementation provided
iterator results (i.e. the String, Array and collection iterators,
and also for generators). This removes one source of unnecessary
polymorphism in for-of loops. It is accomplished by a new intrinsic
%_CreateIterResultObject() that should be used to create iterator
result objects from JavaScript builtins (there's a matching factory
method for C++ code).
Also restructure the %StringIteratorPrototype%.next() and
%ArrayIteratorPrototype%.next() functions to be a bit more friendly
to optimizing compilers.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1302173007
Cr-Commit-Position: refs/heads/master@{#30557}
This turns the has_instance_call_handler bit on Map into an is_callable
bit, that matches the spec definition of IsCallable (i.e. instances have
[[Call]] internal methods).
Also fix the typeof operator to properly say "function" for everything
that is callable.
Also remove the (unused) premature %_GetPrototype optimization from
Crankshaft, which just complicated the Map bit swap.
R=mstarzinger@chromium.org, rossberg@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
Review URL: https://codereview.chromium.org/1316933002
Cr-Commit-Position: refs/heads/master@{#30552}
This way we don't need to expose JSReceiver::OrdinaryToPrimitive
as runtime function, and we don't need the separate JS trampoline.
This also adds tests for ToPrimitive on date objects, which are
special.
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1324713002
Cr-Commit-Position: refs/heads/master@{#30473}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
Adds a (currently unused) constant_pool() field to BytecodeArray objects.
This field points to a FixedArray object which will be used to hold constants.
The BytecodeArray is now a mixed values object type, with the
kConstantPoolOffset object holding a tagged pointer, but the remainder of the
object holding raw bytes (which could look like tagged pointers but are not).
Modify the BytecodeArray GC visitors to deal with this and test that the
field is migrated properly when evacuated.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1314953004
Cr-Commit-Position: refs/heads/master@{#30404}
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1303403004
Cr-Commit-Position: refs/heads/master@{#30403}
The PLACEHOLDER code kind is used when compiling a code object that has
direct calls to other code objects, but those other code objects do not
yet exist because they have not yet been compiled. It serves as a
placeholder to break the cycle, e.g. in WASM.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1308393003
Cr-Commit-Position: refs/heads/master@{#30348}
The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).
The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).
As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.
BUG=v8:4376
LOG=y
Review URL: https://codereview.chromium.org/1304633002
Cr-Commit-Position: refs/heads/master@{#30342}
Adds Uint32x4, Uint16x8, and Uint8x16 types.
Adds all functions in the current spec, except for loads and stores.
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1294513004
Cr-Commit-Position: refs/heads/master@{#30322}
This CL is a nightmare! For the utterly irrelevant edge case of a sloppy function with non-simple parameters and a call to direct eval, like here,
let x = 1;
function f(g = () => x) {
var y
eval("var x = 2")
return g() + x // f() = 3
}
we have to do all of the following, on top of the declaration block ("varblock") contexts we already introduce around the body:
- Introduce the ability for varblock contexts to have both a ScopeInfo and an extension object (e.g., the body varblock in the example will contain both a static var y and a dynamic var x). No other scope needs that. Since there are no context slots left, a special new struct is introduced that pairs up scope info and extension object.
- When declaring lookup slots in the runtime, this new struct is allocated in the case where an extension object has to be added to a block scope (at which point the block's extension slot still contains a plain ScopeInfo).
- While at it, introduce some abstraction to access context extension slots in a more controlled manner, in order to keep special-casing to a minimum.
- Make sure that even empty varblock contexts do not get optimised away when they contain a sloppy eval, so that they can host the potential extension object.
- Extend dynamic search for declaration contexts (used by sloppy direct eval) to recognize varblock contexts.
- In the parser, if a function has a sloppy direct eval, introduce an additional varblock scope around each non-simple (desugared) parameter, as required by the spec to contain possible dynamic var bindings.
- In the pattern rewriter, add the ability to hoist the named variables the pattern declares to an outer scope. That is required because the actual destructuring has to be evaluated inside the protecting varblock scope, but the bindings that the desugaring introduces are in the outer scope.
- ScopeInfos need to save the information whether a block is a varblock, to make sloppy eval calls work correctly that deserialise them as part of the scope chain.
- Add the ability to materialize block scopes with extension objects in the debugger. Likewise, enable setting extension variables in block scopes via the debugger interface.
- While at it, refactor and unify some respective code in the debugger.
Sorry, this CL is large. I could try to split it up, but everything is rather entangled.
@mstarzinger: Please review the changes to contexts.
@yangguo: Please have a look at the debugger stuff.
R=littledan@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:811,v8:2160
LOG=N
Review URL: https://codereview.chromium.org/1292753007
Cr-Commit-Position: refs/heads/master@{#30295}
We can use the script type to determine that instead. Script of type
TYPE_NATIVE are considered builtins, TYPE_NORMAL are not. The only exception
to this rule is the empty function, for which the script is TYPE_NATIVE
(observable by the debugger), but should be stringified to "function () {}"
instead of "function () { [native code] }". For this, I introduce a
hide_source flag on the script object.
We also use IsBuiltin and IsSubjectToDebugging interchangeably. For debugger,
we now use the latter, hiding the detail that only non-builtins are debuggable.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1292283004
Cr-Commit-Position: refs/heads/master@{#30285}
This make inclusion of unicode-inl.h in object.h absolete. Now most
compilation units don't require that header. It also breaks a cycle
within declarations of the scanner.h header.
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.
Note that this change still leaves 3 violations of that rule in the
code, checked with the "tools/check-inline-includes.sh" tool.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1287893006
Cr-Commit-Position: refs/heads/master@{#30268}
Bytecode generator for local assignment and basic binary operations.
Command-line flag for printing bytecodes.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1294543002
Cr-Commit-Position: refs/heads/master@{#30221}
Add Object::StrictEquals to unify the implementation of strict equality
comparison in the runtime and the api (the api was already missing a
case for SIMD). Now we (almost) have a single bottleneck for strict
equality, we just need to reduce the amount of unnecessary complexity
for the code stub.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1298603002
Cr-Commit-Position: refs/heads/master@{#30186}
This CL is a pure refactoring that makes an empty compilation unit
including just "foo.h" but not "foo-inl.h" compile without warnings or
errors. This is needed to further reduce the header dependency tangle.
This realizes above state for "spaces.h" and "mark-compact.h".
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1288413002
Cr-Commit-Position: refs/heads/master@{#30171}
This CL us a pure refactoring that makes an empty compilation unit
including just "object.h" but not "object-inl.h" compile without
warnings or errors. This is needed to further reduce the header
dependency tangle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1286403002
Cr-Commit-Position: refs/heads/master@{#30152}
Reason for revert:
This performance hack is no longer necessary.
Original issue's description:
> Group lexical context variables for faster look up.
>
> Currently, looking up a lexical context variable requires looking up
> the variable name and then checking its mode. This can be a bottleneck
> in Runtime_DeclareGlobals, even when no lexical context variables are
> declared.
>
> R=rossberg@chromium.org
> BUG=crbug:517778
> LOG=N
>
> Committed: https://crrev.com/a45ed17bb6aca02e940f13bbf456d660cccc86ae
> Cr-Commit-Position: refs/heads/master@{#30075}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=crbug:517778
Review URL: https://codereview.chromium.org/1290053002
Cr-Commit-Position: refs/heads/master@{#30145}
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust. Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.
We use the inobject properties field of Map, which is invalid primitive
maps anyway.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1276533003
Cr-Commit-Position: refs/heads/master@{#30119}
First step to simplify the TypeofStub. This is similar to the
optimization that we use for ToNumber and ToString on Oddballs already.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1272763005
Cr-Commit-Position: refs/heads/master@{#30108}
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1273353003
Cr-Commit-Position: refs/heads/master@{#30107}
When a (prototype) map registers as a user of its own prototype, it now remembers the index in that prototype's registry where it is listed.
This remembered index is used on un-registration to find the right slot to clear without walking the entire registry.
Compaction of the registry must update all entries' remembered indices.
BUG=chromium:517778,chromium:517406
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1276353004
Cr-Commit-Position: refs/heads/master@{#30079}
Only walk the heap clearing KeyedStoreICs when the dictionary in question belongs to an object that's used as a prototype.
This is a temporary mitigation until we have a way to clear such ICs without having to walk the heap.
BUG=v8:4335
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1275363002
Cr-Commit-Position: refs/heads/master@{#30076}
Currently, looking up a lexical context variable requires looking up
the variable name and then checking its mode. This can be a bottleneck
in Runtime_DeclareGlobals, even when no lexical context variables are
declared.
R=rossberg@chromium.org
BUG=crbug:517778
LOG=N
Review URL: https://codereview.chromium.org/1281883002
Cr-Commit-Position: refs/heads/master@{#30075}
The heuristic can cause weird behavior when bootstrapping.
The memory savings is not worth this hassle.
Review URL: https://codereview.chromium.org/1265983006
Cr-Commit-Position: refs/heads/master@{#30019}
This introduces a CopyFixedArrayAndGrow method on Factory that takes
the "grow amount" instead of the "new size" as an argument. The new
interface is safer because it allows for mutations by the GC that
potentially trim the source array.
This also fixes a bug in SharedFunctionInfo::AddToOptimizedCodeMap
where the aformentioned scenario led to unused entries within the
optimized code map.
Note that FixedArray::CopySize is hereby deprecated because it is
considered unsafe and should no longer be used.
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-513507
BUG=chromium:513507
LOG=n
Review URL: https://codereview.chromium.org/1255173006
Cr-Commit-Position: refs/heads/master@{#30012}
The heuristic can cause weird behavior when bootstrapping.
The memory savings is not worth this hassle.
Review URL: https://codereview.chromium.org/1265983006
Cr-Commit-Position: refs/heads/master@{#29992}
There is only one use case for it: String.prototype.search converts a
string argument into a RegExp. The cache is used to avoid repeating that
conversion. However, this does not make the added complexity worthwhile.
Review URL: https://codereview.chromium.org/1267493006
Cr-Commit-Position: refs/heads/master@{#29985}
No need to pass the name explicitly to the stubs; the runtime can
extract the name from the ScopeInfo (the extension of the
ScriptContext) on-demand easily without any performance impact.
Review URL: https://codereview.chromium.org/1259963002
Cr-Commit-Position: refs/heads/master@{#29886}
- Ensure frame_size is always set during allocation.
- Add DCHECKs that frame_size is a valid value
- Remove locals_count, which we don't need yet (possibly every)
- Add a newline at the end of BytecodeArray::Dissassemble
for each bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254873002
Cr-Commit-Position: refs/heads/master@{#29852}
The layout of fixed typed array base is then capable of handling
external typed arrays as well. In a follow-up CL, I'll delete external
typed arrays, and use fixed typed array base instead
BUG=v8:3996
R=jarin@chromium.org,mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1248483007
Cr-Commit-Position: refs/heads/master@{#29786}
Prior to this patch, we enter a global debug mode whenever a break point
is set. By entering this mode, all code is deoptimized and activated
frames are recompiled and redirected to newly compiled debug code.
After this patch, we only deoptimize/redirect for functions we want to
debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
object attached to the SFI prevents optimization/inlining.
The result is that we can have optimized code for functions without break
points alongside functions that do have break points, which are not
optimized.
R=mstarzinger@chromium.org, ulan@chromium.org
BUG=v8:4132
LOG=Y
Review URL: https://codereview.chromium.org/1233073005
Cr-Commit-Position: refs/heads/master@{#29758}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29712}
This helps reasoning about setting break points. Functions that
have debug info is also guaranteed to be able to set break points.
R=ulan@chromium.org
BUG=v8:4132
LOG=N
Review URL: https://codereview.chromium.org/1227213003
Cr-Commit-Position: refs/heads/master@{#29698}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29689}
By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.
R=ulan@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1234833003
Cr-Commit-Position: refs/heads/master@{#29672}
- split relocation info for debug break slots for
- calls (with call arguments count as data)
- construct calls
- normal slots
- renamed DEBUG_BREAK into DEBUGGER_STATEMENT
- removed unused IC state for Debug stubs
R=ulan@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1232803002
Cr-Commit-Position: refs/heads/master@{#29603}
Up until now we were unable to have profiler ticks beyong 255, which
basically disabled OSR for moderately large functions.
BUG=chromium:508741
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1224173003
Cr-Commit-Position: refs/heads/master@{#29597}
Note that there are currently no objects that require a pre-allocated
properties backing store, all such slots are in-object properties from
the begining. Hence {unused + pre_allocated - inobject == 0} holds.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1226203011
Cr-Commit-Position: refs/heads/master@{#29590}
For now it uses a pretty slow path for accessing strings by wrapping it into a new temporary wrapper.
BUG=v8:4042, v8:3088
LOG=y
Review URL: https://codereview.chromium.org/1221303019
Cr-Commit-Position: refs/heads/master@{#29576}
Additionally speed up instantiation of ObjectTemplates by preallocating enough space in the descriptor arrays
BUG=v8:4184
LOG=n
Review URL: https://codereview.chromium.org/1218403002
Cr-Commit-Position: refs/heads/master@{#29468}
This was added in https://chromium.googlesource.com/v8/v8/+/4a709dd65,
but the only check for it that remained in the final patch is inside
a DCHECK. It appears that the approach for checking use of class names
in methods evolved quite a bit over the review of the original patch.
Review URL: https://codereview.chromium.org/1219993002
Cr-Commit-Position: refs/heads/master@{#29428}
We now consistently ignore native and extension scripts for debugging. Only native scripts and extension scripts can disallow lazy compilation. So we can make sure that break points are only set to code that are compiled with debug break slots.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1216193002
Cr-Commit-Position: refs/heads/master@{#29400}
Revert "Revert relanded strong property access CL"
Regression issues should be solved. Initial patchset is the original, subsequent patchsets are the fixing modifications.
This reverts commit 4ac7be5656.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1199983002
Cr-Commit-Position: refs/heads/master@{#29384}
This allows context-independent code generated by TurboFan to be cached
in the optimized code map and reused across native contexts. Note that
currently this cache is still flushed at GC time.
R=bmeurer@chromium.org,mvstanton@chromium.org
TEST=cctest/test-compiler/OptimizedCodeSharing
Review URL: https://codereview.chromium.org/1208013002
Cr-Commit-Position: refs/heads/master@{#29313}
Reserving space for deserialization can cause GC, which
can evict entries from the string table. Having more deleted
entries now, StringTable::EnsureCapacity could cause a GC
later during deserialization even when we actually still
have enough capacity.
Instead, we now keep new internalized strings in a separate list
and commit them to the string table at the end.
R=ulan@chromium.org
BUG=chromium:502085
LOG=N
Review URL: https://codereview.chromium.org/1204863006
Cr-Commit-Position: refs/heads/master@{#29308}
