1db94eddb8
Previously only Builtins declared TFJ or CPP in builtins-definitions.h were converted to direct calls in ReduceJSCall. This allows all builtins with JS linkage to be converted. To facilitate this, it adds Builtins::HasJSLinkage(id) that returns true for any builtins with JSTrampolineDescriptor as their call descriptor. It also ensures that any JS functions installed by the bootstrapper are also required to have JS linkage to catch early errors. Change-Id: I2fddca41f9ab1c7c9633aa0ab4847a5c108e2bb2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883549 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#64698}
30 lines
896 B
JavaScript
30 lines
896 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Flags: --allow-natives-syntax
|
|
|
|
function check(x) { assertEquals(x, "foo"); }
|
|
|
|
var r = Realm.createAllowCrossRealmAccess();
|
|
var f = Realm.eval(r, `
|
|
function f(func) {
|
|
// The call to Function.prototype.apply is across native contexts so
|
|
// cannot be elided. However the compiler should be able to call the
|
|
// builtin directly rather than via the trampoline Code object. This isn't
|
|
// easy to test, but here we at least check that it doesn't crash due to
|
|
// calling a builtin Code object incorrectly (Function.Prototype.apply).
|
|
return func.apply(undefined, ["foo"]);
|
|
}
|
|
|
|
f;`);
|
|
|
|
%PrepareFunctionForOptimization(f);
|
|
|
|
f(check);
|
|
f(check);
|
|
|
|
%OptimizeFunctionOnNextCall(f);
|
|
|
|
f(check);
|