03324e6c03
FunctionBlueprint holds a SharedFunctionInfo, FeedbackVector and a Hints object that represents what we know about the Context of the "function-to-be." Since we occasionally synthesize a FunctionBlueprint object from a JSFunction (when we have it), it can happen that sometimes the Context hint is a concrete Context object, and other times it's a VirtualContext, representing a context created sometime during the bytecode execution of the function under optimization. Moreover, both such FunctionBlueprints can exist in the same run due to the vagaries of CALL_IC feedback (ie, sometimes you have a JSFunction, other times you don't). More details in doc: https://docs.google.com/document/d/1F1FxoDzlaYP5l5T6ZcZacV3LCUp5elcez05KWj-Mp78/edit?usp=sharing Bug: crbug:1024282 Change-Id: Id4055531333b3dcbdb93afd23d9a226728292e11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926151 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65127}
29 lines
686 B
JavaScript
29 lines
686 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --expose-gc
|
|
|
|
assertThrows = function assertThrows(code) {};
|
|
%PrepareFunctionForOptimization(assertThrows);
|
|
|
|
function foo(val) {
|
|
var arr = [];
|
|
function bar() {
|
|
function m1() {}
|
|
%PrepareFunctionForOptimization(m1);
|
|
assertThrows(m1);
|
|
0 in arr;
|
|
}
|
|
%PrepareFunctionForOptimization(bar);
|
|
bar(); // virtual context distance of 1 from native_context
|
|
gc();
|
|
bar(true);
|
|
}
|
|
|
|
%PrepareFunctionForOptimization(foo);
|
|
foo();
|
|
foo();
|
|
%OptimizeFunctionOnNextCall(foo);
|
|
foo();
|