Bug: chromium:1206994, chromium:1206754, chromium:1206822
Change-Id: I8ccd501c5a918613fad59afdd65ca499ee57d7a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882805
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74500}

This is a reland of b271648e

Unfortunately the test can still throw a fatal error, since there are
other possible paths for OOM.

Original change's description:
> [runtime] Add length check in ConvertElementsWithCapacity
>
> This also propagates the exception through all the users of
> ConvertElementsWithCapacity.
>
> Bug: chromium:1201626
> Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74412}

Bug: chromium:1201626
Change-Id: I164ca1aca21ad6f45ccf8893fb07a47cd5ed079a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2877833Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74433}

This reverts commit b271648e.

Reason for revert: New test fails: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/42282/overview

Original change's description:
> [runtime] Add length check in ConvertElementsWithCapacity
>
> This also propagates the exception through all the users of
> ConvertElementsWithCapacity.
>
> Bug: chromium:1201626
> Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74412}

Bug: chromium:1201626
Change-Id: I764256e9d0dcc69ea3a2f3c77afaca73a910bb66
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876861
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74414}

This also propagates the exception through all the users of
ConvertElementsWithCapacity.

Bug: chromium:1201626
Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74412}

Bug: v8:11074
Change-Id: I1cbe60d9e9adc7f7836aceda6cb864f2245c7a45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2525545Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71031}

Bug: v8:10201
Change-Id: I72cbe15912395b9b06ffdccce935abae6e7a050e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093508Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66808}

This adds static types to the argument class that accesss the arguments in the
stack. kRuntime arguments are used by runtime functions and kJS arguments
are used to access the JS stack (eg. builtins).

The distinction allows the reversal of arguments in the JS stack without
changing the runtime arguments order.

Bug: v8:10201
Change-Id: I7c08164d53c4071c7910836fa733dee8ff7fa680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066985
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66470}

Bug: v8:4153
Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65164}

... in an uintptr friendly way.

Drive-by-fix:
1) IsForceSlowPath() check is integrated into Cast<FastJSArray>
2) disable tests incompatible with --force-slow-path in "slow_path" variant

Bug: v8:8906, v8:4153
Change-Id: I427f117073bc295120aa52fb3fe023ee04d58302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899988
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64799}

instead of plain uint32_t as entry. This provides some type safety,
because the compiler will check that we are not mixing up indexes
and entries. It also paves the way to consistently using size_t for
TypedArray indexes.

Bug: v8:4153
Change-Id: Ie0eb63693c871efda9860d3d288896819868b66a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852765Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64236}

This change allows the KeyAccumulator to throw a range error if there
are too many properties to be enumerated.

This CL introduces extensive checks during key enumeration in the run-time,
and might introduce regressions. If so, feel free to revert.

Bug: chromium:918301
Change-Id: I6166c0b15f1a05eac7116a979f12ba4833d1d1b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545902
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63430}

... for defining isolate-full getters.

Bug: v8:9353
Change-Id: I91aa11bfe41ab61b2fa72c21018fc38753a846bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676286Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62375}

Also generally cleanup the Copy* code in elements.cc a bit.

Bug: v8:9183
Change-Id: I4a56db1f0b382a4b9583cae3b47e4ce572393d9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634249Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61908}

These are unused and unmaintained, there are probably a lot of paths by
now which don't funnel through this, so remove them.

Bug: v8:9183
Change-Id: I4b48034e396b3ee481ae87283ab9a860f2f41d1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632155
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61900}

This is only used by ElementsKindToString(!).

Implement ElementsKindToString with a big 'ol switch. The compiler
will give us an error if we forget an ElementsKind.

Bug: v8:9183
Change-Id: I1ed73ecac33aa7318a97f31794473d9afa16961c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624802
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61773}

TBR=bmeurer@chromium.org,leszeks@chromium.org

Bug: v8:9247
Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61769}

Code that is being moved primarily deal with layout of a JSObject,
accessing properties and elements, and map transitions.

NOTREECHECKS=true
NOTRY=true

Bug: v8:9247
Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61638}

This CL also removes the ElementsAccessor "slice" implementation, as
the runtime function is the last use site.

R=verwaest@chromium.org

Bug: v8:9183
Change-Id: If268e20120e7c7bb4a58d9560482b35896b0992f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617662Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61635}

Tbr: ahaas@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Bug: v8:3770
Change-Id: Ia6530fbb70dac05e9972283781c3550d8b50e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/1390116
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58470}

Bug: v8:3770
Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50
Reviewed-on: https://chromium-review.googlesource.com/c/1363822
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58112}

Removing the temporarily duplicated classes FixedArrayPtr and
FixedArrayBasePtr.

Bug: v8:3770
Change-Id: I056ad74ff69593e9f134ef5c976766812c4d9275
Reviewed-on: https://chromium-review.googlesource.com/c/1345913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57807}

Bug: v8:3770
Change-Id: I07f48b1ee8814a006e6787ad8261fa8388b4298d
Reviewed-on: https://chromium-review.googlesource.com/c/1345327
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57771}

Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibc5124e06f5774e7695029e2d21084a7efb965e6
Reviewed-on: https://chromium-review.googlesource.com/1224412
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56065}

Before, splice was implemented with a C++ fast path and a
comprehensive JavaScript version.

This impl. is entirely in Torque with a fastpath for SMI,
DOUBLE and OBJECT arrays, and a comprehensive slow path.
The same level of "sparse" array support as given by the
array.js implementation is included.

This reland addresses several issues:

* Removed "sparse" array support from splice.
* Addressed ClusterFuzz issue 876443:
  The test and code that uses the fix is in this CL.
  The fix in isolation can be seen here:
  https://chromium-review.googlesource.com/c/v8/v8/+/1199403
* Removed dead code in elements.cc

BUG=chromium:876443, v8:8131, v8:1956, v8:7221

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2d4a66c24ba1edabeca34e27e6ff8ee6136ed5f1
Reviewed-on: https://chromium-review.googlesource.com/1201783
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55610}

Bug: v8:7754,v8:7490,v8:7965
Change-Id: I574dbade6dc21204461be4d83b138f7341016305
Reviewed-on: https://chromium-review.googlesource.com/1152819Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54779}

This moves the static handle() helper function to handles-inl.h as
it ultimately depends on handles-inl.h anyway. To make this
possible, also move some other code to -inl.h files and split up
some header files into a -inl.h part.

Bug: v8:7490
Change-Id: I0f68e0728ba082b87ffa911aaf205d9b1523d2c9
Reviewed-on: https://chromium-review.googlesource.com/1146723Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54617}

ReadOnlyRoots means that some added Isolate parameters are no longer
needed. So, we can remove them.

This patch was generated mostly automatically with a bespoke tool.

Bug: v8:7786
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493
Reviewed-on: https://chromium-review.googlesource.com/1136305
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54526}

Remove the one-argument Handle constructor and "handle" factory method,
replacing them with Isolates where available and GetIsolate() methods
otherwise.

TBR=verwaest@chromium.org

Bug: v8:7786
Change-Id: I8ee92ef727c05382c984a3e4c290198d0b312619
Reviewed-on: https://chromium-review.googlesource.com/1113542Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54025}

Pipe through Isolate into several elements.cc functions, to avoid using
HeapObject::GetIsolate. In some cases, uses ReadOnlyObject::GetIsolate
which is allowed.

(Autogenerated using Leszek's clang-bubble-getisolate)

Bug: v8:7786
Change-Id: Idcbfaadf95c3c2b96d03b606da5594774bac2f7e
Reviewed-on: https://chromium-review.googlesource.com/1107706Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53932}

MUST_USE_RESULT was deprecated for some time. This removes it and
replaces all uses by the equivalent V8_WARN_UNUSED_RESULT.

R=mstarzinger@chromium.org

Bug: v8:7570
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I86883218638e64eeeb7a5891904319ed0844a004
Reviewed-on: https://chromium-review.googlesource.com/999533
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52486}

This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.

Bug: v8:7424

R=mstarzinger@chromium.org

Change-Id: Ia35a3ce91a8f6135767fa764e185cde8bbc889f4
Reviewed-on: https://chromium-review.googlesource.com/997932
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52436}

This reverts commit 57bf0bfe.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> [wasm] Merge the WasmContext into WasmInstanceObject
> 
> This change makes lifetime management of WasmCode much simpler.
> By using the WasmInstanceObject as the context for WASM code execution,
> including the pointer to the memory base and indirect function tables,
> this keeps the instance alive when WASM code is on the stack, since
> the instance object is passed as a parameter and spilled onto the stack.
> This is in preparation of sharing the code between instances and
> isolates.
> 
> Bug: v8:7424
> 
> Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
> Reviewed-on: https://chromium-review.googlesource.com/958520
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52361}

TBR=mstarzinger@chromium.org,titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I653e27b46dbc43ad773eda4292d521a508f42d79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7424
Reviewed-on: https://chromium-review.googlesource.com/995418Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52364}

This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.

Bug: v8:7424

Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
Reviewed-on: https://chromium-review.googlesource.com/958520
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52361}

Previously, Strings without an iterator would go to the runtime path
and fail on because it expected a JSReceiver type. This was in-line
with what the elements accessor expected. We can actually handle all
object types in the final slow path (using LookupIterator) so it is no
problem to change the accept types.

Bug: chromium:816289
Change-Id: Iebb8de0bb7551aee3894c8a23836d079c93726a7
Reviewed-on: https://chromium-review.googlesource.com/937461Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51574}

- Use CallCFunction to call C implementation of copying elements for
slice, instead of Runtime call
- Copy elements without allocating handles when copying different types
of typed arrays

Bug: v8:5929
Change-Id: Icd4fed8846542e71b623e600ba9aaac64062f0d4
Reviewed-on: https://chromium-review.googlesource.com/920563
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51415}

Drive-by-cleanup:
- Add InternalElementsAccessor to expose protected instance methods
  to ElementsAccessor subclasses.
- Make some more ElementsAccessor methods protected that take the
  raw entry as parameter.

Bug: chromium:798644
Change-Id: Iffd00f1953461e8dd22c123e62298410fb6e049c
Reviewed-on: https://chromium-review.googlesource.com/856816
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50480}

Pull most JSTypedArray source arguments onto the fast path.

Same source & target elements-kinds simply call memmove. Other
combinations call directly into C and reuse ElementsAccessor logic.

Only overlapping source & target args with differing elements-kinds
remain on the slow runtime path.

Bug: v8:7123, v8:3590
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I80284b61478b0e3266b8f16bde8a56bd90f080b0
Reviewed-on: https://chromium-review.googlesource.com/788857
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49643}

This adds a fast path that avoids the runtime transition for JSArray
source arguments with {packed,holey} {smi,double} elements kinds.

The fast path currently calls straight into C and copies there using
elements accessor logic.

Local tests show a 4x speedup when copying from 1-element JSArrays.
As the source array becomes larger, the time spent copying elements
begins to dominate.

Bug: v8:3590
Change-Id: I05ebe54d7b255d0a76ad46ac11ce7cfd516b8ac8
Reviewed-on: https://chromium-review.googlesource.com/789010
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49634}

Use (Seeded)NumberDictionary instead.

Change-Id: I426cd0a33df7d47fe4fec0c108be5632ef7c0f19
Reviewed-on: https://chromium-review.googlesource.com/756697Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49179}

Replace GetElement and SetElement to Get and Set, and use CopyElements,
which reduces 4x-13x overheads.

Bug: chromium:768775
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I58534b30c2035195c5f4b8f2c04e7c459bdbebaa
Reviewed-on: https://chromium-review.googlesource.com/720661Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48723}