• Benedikt Meurer's avatar
    [cleanup] Cleanup JSArrayBuffer and TurboFan's handling of neutering. · beebb236
    Benedikt Meurer authored
    Cleanup the JSArrayBuffer bit fields to use the proper object macros
    that are now otherwise used consistently across the code base. Also
    change TurboFan to consistently bailout when it sees an array buffer
    that was previously neutered, so that the generic path / builtins are
    again the chokepoints for the spec violations (the fact that we don't
    always raise exceptions when we see a neutered array buffer), except
    for the ArrayBufferView accessor inlining in the JSCallReducer, where
    we still turn the values into zero (because we don't have access to
    a CALL_IC speculation guard in the common case).
    
    This also removes the ArrayBufferWasNeutered simplified operator, and
    does regular LoadField + Number bitwise operations instead, which is
    good enough and allows us to get rid of a lot of unnecessary complexity.
    
    Bug: v8:4153, v8:7881, v8:8015, v8:8171, v8:8178
    Change-Id: I4ce79ece762c632e6318f2ab7bcc6b2f82383947
    Reviewed-on: https://chromium-review.googlesource.com/1226887Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#55958}
    beebb236
js-native-context-specialization.cc 129 KB