- 08 May, 2017 2 commits
-
-
Ross McIlroy authored
This reverts commit 662aa425. Reason for revert: Crashing on Canary BUG=chromium:718891 Original change's description: > Reland: [TypeFeedbackVector] Store optimized code in the vector > > Since the feedback vector is itself a native context structure, why > not store optimized code for a function in there rather than in > a map from native context to code? This allows us to get rid of > the optimized code map in the SharedFunctionInfo, saving a pointer, > and making lookup of any optimized code quicker. > > Original patch by Michael Stanton <mvstanton@chromium.org> > > BUG=v8:6246 > TBR=yangguo@chromium.org,ulan@chromium.org > > Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327 > Reviewed-on: https://chromium-review.googlesource.com/494487 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45084} TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. BUG=v8:6246 Change-Id: Idab648d6fe260862c2a0e35366df19dcecf13a82 Reviewed-on: https://chromium-review.googlesource.com/498633Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45174}
-
Ross McIlroy authored
This reverts commit ec619cbd. Reason for revert: Crashing on Canary BUG=chromium:718891 Original change's description: > [Interpreter] Transition JSFunctions to call optimized code when possible. > > Now that the optimized code hangs off the feedback vector, it is possible > to check whether a function has optimized code available every time it's > called in the interpreter entry trampoline. If optimized code exists, the > interpreter entry trampoline 'self-heals' the closure to point to the > optimized code and links the closure into the optimized code list. > > BUG=v8:6246 > > Change-Id: If1bd7c555bb0551bfe04b36baa6bcf949604717e > Reviewed-on: https://chromium-review.googlesource.com/488026 > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45103} TBR=rmcilroy@chromium.org,mvstanton@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. BUG=v8:6246 Change-Id: Ibda719be90fddf1d116c03a2a0c3018bcbe76018 Reviewed-on: https://chromium-review.googlesource.com/498632Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45169}
-
- 05 May, 2017 4 commits
-
-
mvstanton authored
As a first step towards improving generator creation, create a builtin that can do it without a call to the runtime. Thread that builtin into the interpreter via an intrinsic. BUG=v8:6352 R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2861983002 Cr-Commit-Position: refs/heads/master@{#45145}
-
jgruber authored
At this point, last_index is definitely a canonicalized non-negative number, which implies that any non-Smi last_index is greater than the maximal string length. That in turn means that the matcher will definitely fail, and we can avoid the expensive runtime call. BUG=v8:6365,v8:6344 Review-Url: https://codereview.chromium.org/2863643004 Cr-Commit-Position: refs/heads/master@{#45143}
-
jgruber authored
This CL migrates the CPP builtin to CSA with fast paths for strings that can be unpacked to direct one-byte strings. Short strings are handled directly in CSA, others need to call into C for conversion. Microbenchmarks for "abcd".toLowerCase() show speedups of 2.5x. BUG=v8:6353,v8:6344 Review-Url: https://codereview.chromium.org/2859203002 Cr-Commit-Position: refs/heads/master@{#45141}
-
Toon Verwaest authored
Bug: v8:6364,v8:6344 Change-Id: I13bf1ec89a17c64b38b757694ee8b7df30d4f45f Reviewed-on: https://chromium-review.googlesource.com/497428 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#45133}
-
- 04 May, 2017 3 commits
-
-
bjaideep authored
Port 662aa425 Original Commit Message: Since the feedback vector is itself a native context structure, why not store optimized code for a function in there rather than in a map from native context to code? This allows us to get rid of the optimized code map in the SharedFunctionInfo, saving a pointer, and making lookup of any optimized code quicker. Original patch by Michael Stanton <mvstanton@chromium.org> R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6246 LOG=N Review-Url: https://codereview.chromium.org/2861863003 Cr-Commit-Position: refs/heads/master@{#45111}
-
Ross McIlroy authored
Now that the optimized code hangs off the feedback vector, it is possible to check whether a function has optimized code available every time it's called in the interpreter entry trampoline. If optimized code exists, the interpreter entry trampoline 'self-heals' the closure to point to the optimized code and links the closure into the optimized code list. BUG=v8:6246 Change-Id: If1bd7c555bb0551bfe04b36baa6bcf949604717e Reviewed-on: https://chromium-review.googlesource.com/488026Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45103}
-
Ross McIlroy authored
Since the feedback vector is itself a native context structure, why not store optimized code for a function in there rather than in a map from native context to code? This allows us to get rid of the optimized code map in the SharedFunctionInfo, saving a pointer, and making lookup of any optimized code quicker. Original patch by Michael Stanton <mvstanton@chromium.org> BUG=v8:6246 TBR=yangguo@chromium.org,ulan@chromium.org Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327 Reviewed-on: https://chromium-review.googlesource.com/494487Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45084}
-
- 03 May, 2017 3 commits
-
-
jkummerow authored
When deleting the most recently added fast property from an object by undoing its last map transition, we must clear any recorded slots. This can only be done in C++, so this functionality must move out of the stub. Also update a CHECK in the JSObject verifier to allow backing stores sticking around after such property deletions. BUG=chromium:716912,chromium:714981 Review-Url: https://codereview.chromium.org/2854373002 Cr-Commit-Position: refs/heads/master@{#45069}
-
jkummerow authored
by pulling parameterizable things out of the case-blocks. No change in functionality. BUG=chromium:714894 Review-Url: https://codereview.chromium.org/2854273004 Cr-Commit-Position: refs/heads/master@{#45066}
-
mvstanton authored
More care must be taken to remain on the fast path in the face of @@species constructors. BUG=chromium:716044 Review-Url: https://codereview.chromium.org/2846963003 Cr-Commit-Position: refs/heads/master@{#45065}
-
- 02 May, 2017 4 commits
-
-
mathias authored
During code review, `CASE` was renamed to `TFJ_CASE`, but one occurrence still refers to the old name. This patch fixes that. Ref. 2c995c8c R=danno@chromium.org BUG=v8:1956 LOG=N Review-Url: https://codereview.chromium.org/2854913002 Cr-Commit-Position: refs/heads/master@{#45040}
-
danno authored
Previously, the parameter count for CSA-generated array builtins needed to be specified both in the TFJ list of builtins as well as in the bootstrapper when installing each builtin. This patch adds a utility function that returns the arity of builtins, including CSA-generated array builtins, given the builtin's name. This function is now used by the bootstrapper and thus removes the need for the explicit duplication. R=ishell@chromium.org BUG=v8:1956 LOG=N Review-Url: https://codereview.chromium.org/2852833002 Cr-Commit-Position: refs/heads/master@{#45033}
-
Michael Achenbach authored
This reverts commit c5ad9c6d. Reason for revert: Fails on gc stress: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/12661 Original change's description: > [TypeFeedbackVector] Store optimized code in the vector > > Since the feedback vector is itself a native context structure, why > not store optimized code for a function in there rather than in > a map from native context to code? This allows us to get rid of > the optimized code map in the SharedFunctionInfo, saving a pointer, > and making lookup of any optimized code quicker. > > Original patch by Michael Stanton <mvstanton@chromium.org> > > BUG=v8:6246 > > Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5 > Reviewed-on: https://chromium-review.googlesource.com/476891 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45022} TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,mvstanton@chromium.org,jarin@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6246 Change-Id: I9cd5735b03898cae6ae7adea0f19d32fceb31619 Reviewed-on: https://chromium-review.googlesource.com/493287Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45027}
-
Ross McIlroy authored
Since the feedback vector is itself a native context structure, why not store optimized code for a function in there rather than in a map from native context to code? This allows us to get rid of the optimized code map in the SharedFunctionInfo, saving a pointer, and making lookup of any optimized code quicker. Original patch by Michael Stanton <mvstanton@chromium.org> BUG=v8:6246 Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5 Reviewed-on: https://chromium-review.googlesource.com/476891 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45022}
-
- 29 Apr, 2017 5 commits
-
-
danno authored
This CL changes certain frequently-called Array builtins to use CodeStubArguments rather than peek at the stack frames above array builtins to determine if options arguments have been passed into them. Previous failure likely due to unfortunate/unluckily timed GC that moved due to changed timing/allocation from this CL. Test mitigation for allocation-site-info.js included. BUG=v8:1956 LOG=N Review-Url: https://codereview.chromium.org/2829093004 Cr-Commit-Position: refs/heads/master@{#44998}
-
danno authored
Revert of [turbofan] Avoid going through ArgumentsAdaptorTrampoline for CSA/C++ builtins (patchset #8 id:140001 of https://codereview.chromium.org/2829093004/ ) Reason for revert: Still fails. Likely has to do with gc heap size for allocation site tests, mitigation pending... Original issue's description: > [turbofan] Reland: Avoid going through ArgumentsAdaptorTrampoline for select CSA array builtins > > This CL changes certain frequently-called Array builtins to use CodeStubArguments > rather than peek at the stack frames above array builtins to determine if options > arguments have been passed into them. > > Previous failure cannot be reproed with failing config. Flake? > > BUG=v8:1956 > LOG=N > > Review-Url: https://codereview.chromium.org/2829093004 > Cr-Commit-Position: refs/heads/master@{#44996} > Committed: https://chromium.googlesource.com/v8/v8/+/7ca381e84792b83581d0199dfae2888781785273 TBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:1956 Review-Url: https://codereview.chromium.org/2851063002 Cr-Commit-Position: refs/heads/master@{#44997}
-
danno authored
This CL changes certain frequently-called Array builtins to use CodeStubArguments rather than peek at the stack frames above array builtins to determine if options arguments have been passed into them. Previous failure cannot be reproed with failing config. Flake? BUG=v8:1956 LOG=N Review-Url: https://codereview.chromium.org/2829093004 Cr-Commit-Position: refs/heads/master@{#44996}
-
danno authored
Revert of [turbofan] Avoid going through ArgumentsAdaptorTrampoline for CSA/C++ builtins (patchset #8 id:140001 of https://codereview.chromium.org/2829093004/ ) Reason for revert: Nosnap failure Original issue's description: > [turbofan] Avoid going through ArgumentsAdaptorTrampoline for select CSA/C++ builtins > > This CL changes certain frequently-called Array builtins to use CodeStubArguments > rather than peek at the stack frames above array builtins to determine if options > arguments have been passed into them. > > BUG=v8:1956 > LOG=N > > Review-Url: https://codereview.chromium.org/2829093004 > Cr-Commit-Position: refs/heads/master@{#44994} > Committed: https://chromium.googlesource.com/v8/v8/+/680356278ddc7577e3b967fcc92055522ce00856 TBR=mvstanton@chromium.org,ishell@chromium.org,bmeurer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:1956 Review-Url: https://codereview.chromium.org/2851703005 Cr-Commit-Position: refs/heads/master@{#44995}
-
danno authored
This CL changes certain frequently-called Array builtins to use CodeStubArguments rather than peek at the stack frames above array builtins to determine if options arguments have been passed into them. BUG=v8:1956 LOG=N Review-Url: https://codereview.chromium.org/2829093004 Cr-Commit-Position: refs/heads/master@{#44994}
-
- 28 Apr, 2017 4 commits
-
-
neis authored
When a FunctionTemplate-based function is used as a constructor and returns a JSProxy, we incorrectly treated that result the same as a non-object result. Now it is treated like any other object result, i.e., it becomes the result of the constructor call. R=verwaest@chromium.org BUG=v8:6294 Review-Url: https://codereview.chromium.org/2845123002 Cr-Commit-Position: refs/heads/master@{#44970}
-
Camillo Bruni authored
Bug: v8:6325 Change-Id: I20f59cfd4f309f456ff95aa8eb0aa4c8f9a55da6 Reviewed-on: https://chromium-review.googlesource.com/490066Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#44967}
-
Benedikt Meurer authored
Also add support for JSFunction::prototype and JSString::length accessors to CodeStubAssembler::CallGetterIfAccessor and remove the special case hack from the LoadIC_Uninitialized. Also address the TODO to unify the implementation with the LoadIC_FunctionPrototype handler. BUG=v8:5269,v8:6325 R=ishell@chromium.org Change-Id: Ic51221e35a051c403d3a86dc41213c913e8f9d85 Reviewed-on: https://chromium-review.googlesource.com/489946 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#44964}
-
jgruber authored
The spec requires that a null @@split / @@replace symbol is treated exactly the same as if it were undefined, i.e. execution should move on to the default implementation instead of throwing a TypeError. BUG=v8:6313 Review-Url: https://codereview.chromium.org/2845153002 Cr-Commit-Position: refs/heads/master@{#44959}
-
- 27 Apr, 2017 3 commits
-
-
cbruni authored
With this CL we reduce the difference between directly using a null prototype in a literal or using Object.create(null). - The EmitFastCloneShallowObject builtin now supports cloning slow object boilerplates. - Unified behavior to find the matching Map and instantiating it for Object.create(null) and literals with a null prototype. - Cleanup of literal type parameter of CompileTimeValue, now in sync with ObjectLiteral flags. Review-Url: https://codereview.chromium.org/2445333002 Cr-Commit-Position: refs/heads/master@{#44941}
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=n Review-Url: https://codereview.chromium.org/2839343003 Cr-Commit-Position: refs/heads/master@{#44939}
-
bjaideep authored
Revert of PPC/s390: SmiUntag only for 32bit (patchset #1 id:1 of https://codereview.chromium.org/2842843005/ ) Reason for revert: few tests are failing with stack overflow, will reland with the fix. Original issue's description: > PPC/s390: SmiUntag only for 32bit > > R=joransiu@ca.ibm.com, jyan@ca.ibm.com > BUG= > LOG=n > > Review-Url: https://codereview.chromium.org/2842843005 > Cr-Commit-Position: refs/heads/master@{#44908} > Committed: https://chromium.googlesource.com/v8/v8/+/76dfdb7a32c4be41190ff6a01b23905976e5e0ff TBR=joransiu@ca.ibm.com,jyan@ca.ibm.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2852433002 Cr-Commit-Position: refs/heads/master@{#44936}
-
- 26 Apr, 2017 6 commits
-
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=n Review-Url: https://codereview.chromium.org/2842843005 Cr-Commit-Position: refs/heads/master@{#44908}
-
Adam Klein authored
This allows us to avoid a separate receiver typecheck in a few places without regressing the error messages generated. As more Array methods move to C++, this will get more usage. Bug: v8:3577 Change-Id: Ibdd17c781548520172ce62442bc3a800e5c09e99 Reviewed-on: https://chromium-review.googlesource.com/486103Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44904}
-
kozyatinskiy authored
To reduce size of Builtins::CallableFor function we can add only case which we actually use. BUG=chromium:714893 R=ishell@chromium.org Review-Url: https://codereview.chromium.org/2839933003 Cr-Commit-Position: refs/heads/master@{#44900}
-
yangguo authored
Also move the responsibility of marking builtins as initialized to the deserializer. R=jkummerow@chromium.org Review-Url: https://codereview.chromium.org/2840493002 Cr-Original-Commit-Position: refs/heads/master@{#44802} Committed: https://chromium.googlesource.com/v8/v8/+/a2b3a2fbc562584ec298dfe674c97662a125a59e Review-Url: https://codereview.chromium.org/2840493002 Cr-Commit-Position: refs/heads/master@{#44884}
-
yangguo authored
R=jarin@chromium.org BUG=chromium:714696 Review-Url: https://codereview.chromium.org/2838143002 Cr-Original-Commit-Position: refs/heads/master@{#44854} Committed: https://chromium.googlesource.com/v8/v8/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9 Review-Url: https://codereview.chromium.org/2838143002 Cr-Commit-Position: refs/heads/master@{#44880}
-
cwhan.tunz authored
- Throw TypeError in ValidateTypedArray, matching JSC, SpiderMonkey and ChakraCore. - Validate typed arrays at start of each typed array prototype methods in src/js/typedarrays.js - Add tests to check detached buffers - Remove an unnecessary parameter of TypedArraySpeciesCreate in src/js/typedarrays.js - Standardize TypedArray.prototype.subarray - Update test262.status to pass detached buffer tests Reland of https://codereview.chromium.org/2778623003 BUG=v8:4648, v8:4665, v8:4953 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Review-Url: https://codereview.chromium.org/2827443002 Cr-Commit-Position: refs/heads/master@{#44878}
-
- 25 Apr, 2017 6 commits
-
-
hablich authored
Revert of [snapshot] full setup delegate should also be able to deserialize. (patchset #2 id:20001 of https://codereview.chromium.org/2840493002/ ) Reason for revert: prime suspect for https://bugs.chromium.org/p/chromium/issues/detail?id=714976 Original issue's description: > [snapshot] full setup delegate should also be able to deserialize. > > Also move the responsibility of marking builtins as initialized > to the deserializer. > > R=jkummerow@chromium.org > > Review-Url: https://codereview.chromium.org/2840493002 > Cr-Commit-Position: refs/heads/master@{#44802} > Committed: https://chromium.googlesource.com/v8/v8/+/a2b3a2fbc562584ec298dfe674c97662a125a59e TBR=jkummerow@chromium.org,yangguo@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:714976 Review-Url: https://codereview.chromium.org/2841993002 Cr-Commit-Position: refs/heads/master@{#44870}
-
yangguo authored
Revert of [d8] console methods must not throw. (patchset #1 id:1 of https://codereview.chromium.org/2838143002/ ) Reason for revert: Breaks no-intl builds. Original issue's description: > [d8] console methods must not throw. > > R=jarin@chromium.org > BUG=chromium:714696 > > Review-Url: https://codereview.chromium.org/2838143002 > Cr-Commit-Position: refs/heads/master@{#44854} > Committed: https://chromium.googlesource.com/v8/v8/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9 TBR=jarin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:714696 Review-Url: https://codereview.chromium.org/2840853002 Cr-Commit-Position: refs/heads/master@{#44856}
-
yangguo authored
R=jarin@chromium.org BUG=chromium:714696 Review-Url: https://codereview.chromium.org/2838143002 Cr-Commit-Position: refs/heads/master@{#44854}
-
ulan authored
This patch adds a new interface called RootVisitor and changes the root iteration functions to accept a RootVisitor instead of an ObjectVisitor. Future CLs will change ObjectVisitor to provide the host object to all visiting functions, which will bring it in sync with static visitors. Having separate visitors for roots and objects removes ambiguity in VisitPointers and reduces chances of forgetting to record slots. This is intended as pure refactoring. All places that require behavior change are marked with TODO and will addressed in future CLs. BUG=chromium:709075 Review-Url: https://codereview.chromium.org/2801073006 Cr-Commit-Position: refs/heads/master@{#44852}
-
Peter Marshall authored
This CL is purely refactoring, no behavior changes. Remove InitializeBasedOnLength and combine it with a new Stub-ified TypedArrayInitialize which now allocates the buffer in both the on-heap and off-heap cases. Add TypedArrayInitializeWithBuffer because this was essentially a special case that didn't share much logic with Initialize. Factor out the common pieces into SetupTypedArray and AttachBuffer. We can also always pass in the elementsSize, so there is no need to calculate this again. LoadMapAndElementsSize is changed to LoadMapForType. This reduces code size by ~8k. Bug: chromium:711275,chromium:701768 Change-Id: I6ad8701e9c72f53bfd9484725fb82055be568c25 Reviewed-on: https://chromium-review.googlesource.com/483481 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#44850}
-
Miran.Karic authored
Until now JIC and JIALC compact branches were emited without using their offset. Here we optimize their use by using offset after addition and/or load immediate operations. The CL also fixes a problem with deserialization that occurs when a code object ends with an optimized LUI/AUI and JIC/JIALC instruction pair. Deserializer processed these instruction pairs by moving to a location immediately after it, but when this location is the end of the object it would finish with the current object before doing relocation. This is fixed by moving the deserializer one instruction before the location of the instruction pair end. BUG= Review-Url: https://codereview.chromium.org/2542403002 Cr-Commit-Position: refs/heads/master@{#44841}
-