[turbofan] Maintain the invariant to never inline cross native context.

[turbofan] Maintain the invariant to never inline cross native context.

In the JSCallReducer we'd inline certain builtins like the Array
constructor or Function builtins across native contexts, which at
this point should be mostly safe, but might lead to cross context
leaks in the future (as it's not obvious that the JSCallReducer)
doesn't maintain this invariant. So better safe than sorry.

R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2651133002
Cr-Commit-Position: refs/heads/master@{#42643}
Committed: https://chromium.googlesource.com/v8/v8/+/9a8e269a23a534bd58304ed9cbdfa6930d7b36e8

[Benedikt Meurer, 2017-01-25 05:11:27]

The CQ bit was checked by bmeurer@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-25 05:11:36]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-25 05:41:42]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-25 05:41:43]

Dry run: This issue passed the CQ dry run.

[Yang, 2017-01-25 05:56:17]

LGTM.

Michi and I talked about this recently. He would like to remove being able to
get the JSFunction in optimized frames, since these may not be materialized.
Instead, we would be able to get SharedFunctionInfos.

One use case for getting the JSFunction is, when collecting stack trace,
skipping cross-context frames, i.e JSFunctions from another native context. We
found that if we do not cross-context inline, we can just use the context of the
bottom function in the optimized frame.

[Benedikt Meurer, 2017-01-25 05:56:58]

The CQ bit was checked by bmeurer@chromium.org

[commit-bot: I haz the power, 2017-01-25 05:57:02]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-25 05:59:00]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1485323818038190, "parent_rev":
"bc1117ac03997c712c4134dd90afc18e929b9ae3", "commit_rev":
"9a8e269a23a534bd58304ed9cbdfa6930d7b36e8"}

[commit-bot: I haz the power, 2017-01-25 05:59:04]

Description was changed from

==========
[turbofan] Maintain the invariant to never inline cross native context.

In the JSCallReducer we'd inline certain builtins like the Array
constructor or Function builtins across native contexts, which at
this point should be mostly safe, but might lead to cross context
leaks in the future (as it's not obvious that the JSCallReducer)
doesn't maintain this invariant. So better safe than sorry.

R=yangguo@chromium.org
BUG=v8:5267
==========

to

==========
[turbofan] Maintain the invariant to never inline cross native context.

In the JSCallReducer we'd inline certain builtins like the Array
constructor or Function builtins across native contexts, which at
this point should be mostly safe, but might lead to cross context
leaks in the future (as it's not obvious that the JSCallReducer)
doesn't maintain this invariant. So better safe than sorry.

R=yangguo@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2651133002
Cr-Commit-Position: refs/heads/master@{#42643}
Committed:
https://chromium.googlesource.com/v8/v8/+/9a8e269a23a534bd58304ed9cbdfa6930d7...
==========

[commit-bot: I haz the power, 2017-01-25 05:59:05]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/v8/v8/+/9a8e269a23a534bd58304ed9cbdfa6930d7...