From d6249d0b4a47b9a073a06e6d2f183d9a66fc367c Mon Sep 17 00:00:00 2001 From: Trevor Norris Date: Tue, 10 Feb 2015 17:09:26 -0700 Subject: [PATCH 1/4] deps: update V8 to 3.28.71.19 The 3.28.73 update was technically unstable code. This reverts the code to the latest 3.28 stable release. --- deps/v8/.DEPS.git | 108 - deps/v8/.clang-format | 4 - deps/v8/.gitignore | 82 - deps/v8/ChangeLog | 5 - deps/v8/build/features.gypi | 2 +- deps/v8/include/v8.h | 11 - deps/v8/src/api.cc | 6 + deps/v8/src/array-iterator.js | 2 +- deps/v8/src/array.js | 1 - deps/v8/src/base/platform/platform-posix.cc | 15 +- deps/v8/src/base/platform/platform.h | 1 - deps/v8/src/bootstrapper.cc | 8 +- deps/v8/src/codegen.cc | 2 +- deps/v8/src/compiler/change-lowering.cc | 260 -- deps/v8/src/compiler/change-lowering.h | 79 - deps/v8/src/compiler/node-properties-inl.h | 20 +- deps/v8/src/compiler/node-properties.h | 16 +- deps/v8/src/compiler/pipeline.cc | 33 +- deps/v8/src/compiler/representation-change.h | 37 +- deps/v8/src/date.h | 40 +- deps/v8/src/debug-debugger.js | 2 +- deps/v8/src/factory.cc | 8 - deps/v8/src/factory.h | 1 - deps/v8/src/flag-definitions.h | 4 +- deps/v8/src/generator.js | 4 +- deps/v8/src/globals.h | 15 +- deps/v8/src/heap/heap-inl.h | 21 +- deps/v8/src/heap/heap.cc | 14 +- deps/v8/src/heap/heap.h | 9 - deps/v8/src/heap/spaces.cc | 9 +- deps/v8/src/heap/store-buffer.cc | 7 +- deps/v8/src/hydrogen-instructions.cc | 13 +- deps/v8/src/hydrogen.cc | 16 +- deps/v8/src/isolate.cc | 8 +- deps/v8/src/isolate.h | 1 - deps/v8/src/json-parser.h | 59 +- deps/v8/src/lookup.h | 13 +- deps/v8/src/math.js | 22 +- deps/v8/src/objects-inl.h | 8 - deps/v8/src/objects-printer.cc | 3 +- deps/v8/src/objects.cc | 101 +- deps/v8/src/objects.h | 8 - deps/v8/src/ostreams.cc | 17 +- deps/v8/src/ostreams.h | 15 +- deps/v8/src/property-details-inl.h | 12 - deps/v8/src/property-details.h | 2 - deps/v8/src/runtime.cc | 96 +- deps/v8/src/runtime.h | 1 - deps/v8/src/unique.h | 2 +- deps/v8/src/v8natives.js | 4 +- deps/v8/src/version.cc | 4 +- deps/v8/test/benchmarks/benchmarks.status | 7 +- .../cctest/compiler/graph-builder-tester.cc | 1 - .../compiler/test-representation-change.cc | 17 +- .../compiler/test-simplified-lowering.cc | 20 +- deps/v8/test/cctest/test-api.cc | 26 - deps/v8/test/cctest/test-spaces.cc | 22 + deps/v8/test/compiler-unittests/DEPS | 3 +- .../arm/instruction-selector-arm-unittest.cc | 2 +- .../change-lowering-unittest.cc | 257 -- .../compiler-unittests/compiler-unittests.gyp | 3 - .../compiler-unittests/compiler-unittests.h | 23 +- .../instruction-selector-unittest.cc | 4 +- .../test/compiler-unittests/node-matchers.cc | 454 --- .../test/compiler-unittests/node-matchers.h | 71 - deps/v8/test/mjsunit/cross-realm-filtering.js | 69 - deps/v8/test/mjsunit/es6/array-iterator.js | 17 +- deps/v8/test/mjsunit/es6/math-log1p.js | 45 +- .../test/mjsunit/es6/typed-array-iterator.js | 4 +- deps/v8/test/mjsunit/mjsunit.status | 5 +- deps/v8/test/mjsunit/own-symbols.js | 55 - deps/v8/test/mjsunit/regress/regress-3116.js | 314 ++ .../v8/test/mjsunit/regress/regress-411210.js | 22 + .../mjsunit/regress/regress-crbug-403409.js | 18 + .../mjsunit/regress/regress-crbug-407946.js | 12 + .../mjsunit/regress/regress-crbug-423687.js | 10 + .../regress-force-constant-representation.js | 18 + .../regress/regress-json-parse-index.js | 6 + .../regress-reset-dictionary-elements.js | 14 + .../runtime-gen/createprivateownsymbol.js | 5 - deps/v8/test/mjsunit/tools/profviz-test.log | 2613 +++++++++++++++++ .../tools/tickprocessor-test-func-info.log | 11 + .../test/mjsunit/tools/tickprocessor-test.log | 25 + .../Object-getOwnPropertyNames-expected.txt | 2 +- .../fast/js/Object-getOwnPropertyNames.js | 2 +- deps/v8/test/webkit/webkit.status | 3 + deps/v8/testing/gtest-type-names.h | 34 - deps/v8/testing/gtest.gyp | 1 - deps/v8/third_party/fdlibm/fdlibm.cc | 13 +- deps/v8/third_party/fdlibm/fdlibm.h | 4 +- deps/v8/third_party/fdlibm/fdlibm.js | 192 +- deps/v8/tools/gen-postmortem-metadata.py | 20 +- deps/v8/tools/generate-runtime-tests.py | 7 +- deps/v8/tools/gyp/v8.gyp | 4 +- deps/v8/tools/run-tests.py | 43 +- deps/v8/tools/v8.xcodeproj/README.txt | 11 + deps/v8/tools/whitespace.txt | 2 +- 97 files changed, 3530 insertions(+), 2212 deletions(-) delete mode 100644 deps/v8/.DEPS.git delete mode 100644 deps/v8/.clang-format delete mode 100644 deps/v8/.gitignore delete mode 100644 deps/v8/src/compiler/change-lowering.cc delete mode 100644 deps/v8/src/compiler/change-lowering.h delete mode 100644 deps/v8/test/compiler-unittests/change-lowering-unittest.cc delete mode 100644 deps/v8/test/compiler-unittests/node-matchers.cc delete mode 100644 deps/v8/test/compiler-unittests/node-matchers.h delete mode 100644 deps/v8/test/mjsunit/own-symbols.js create mode 100644 deps/v8/test/mjsunit/regress/regress-3116.js create mode 100644 deps/v8/test/mjsunit/regress/regress-411210.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-403409.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-407946.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-423687.js create mode 100644 deps/v8/test/mjsunit/regress/regress-force-constant-representation.js create mode 100644 deps/v8/test/mjsunit/regress/regress-json-parse-index.js create mode 100644 deps/v8/test/mjsunit/regress/regress-reset-dictionary-elements.js delete mode 100644 deps/v8/test/mjsunit/runtime-gen/createprivateownsymbol.js create mode 100644 deps/v8/test/mjsunit/tools/profviz-test.log create mode 100644 deps/v8/test/mjsunit/tools/tickprocessor-test-func-info.log create mode 100644 deps/v8/test/mjsunit/tools/tickprocessor-test.log delete mode 100644 deps/v8/testing/gtest-type-names.h create mode 100644 deps/v8/tools/v8.xcodeproj/README.txt diff --git a/deps/v8/.DEPS.git b/deps/v8/.DEPS.git deleted file mode 100644 index 7775744953a..00000000000 --- a/deps/v8/.DEPS.git +++ /dev/null @@ -1,108 +0,0 @@ -# DO NOT EDIT EXCEPT FOR LOCAL TESTING. -# THIS IS A GENERATED FILE. -# ALL MANUAL CHANGES WILL BE OVERWRITTEN. -# SEE http://code.google.com/p/chromium/wiki/UsingGit -# FOR HOW TO ROLL DEPS -vars = { - 'webkit_url': - 'https://chromium.googlesource.com/chromium/blink.git', - 'git_url': - 'https://chromium.googlesource.com' -} - -deps = { - 'v8/build/gyp': - Var('git_url') + '/external/gyp.git@a3e2a5caf24a1e0a45401e09ad131210bf16b852', - 'v8/buildtools': - Var('git_url') + '/chromium/buildtools.git@fb782d4369d5ae04f17a2fceef7de5a63e50f07b', - 'v8/testing/gmock': - Var('git_url') + '/external/googlemock.git@896ba0e03f520fb9b6ed582bde2bd00847e3c3f2', - 'v8/testing/gtest': - Var('git_url') + '/external/googletest.git@4650552ff637bb44ecf7784060091cbed3252211', - 'v8/third_party/icu': - Var('git_url') + '/chromium/deps/icu52.git@26d8859357ac0bfb86b939bf21c087b8eae22494', -} - -deps_os = { - 'win': - { - 'v8/third_party/cygwin': - Var('git_url') + '/chromium/deps/cygwin.git@06a117a90c15174436bfa20ceebbfdf43b7eb820', - 'v8/third_party/python_26': - Var('git_url') + '/chromium/deps/python_26.git@67d19f904470effe3122d27101cc5a8195abd157', - }, -} - -include_rules = [ - '+include', - '+unicode', - '+third_party/fdlibm' -] - -skip_child_includes = [ - 'build', - 'third_party' -] - -hooks = [ - { - 'action': - [ - 'download_from_google_storage', - '--no_resume', - '--platform=win32', - '--no_auth', - '--bucket', - 'chromium-clang-format', - '-s', - 'v8/buildtools/win/clang-format.exe.sha1' -], - 'pattern': - '.', - 'name': - 'clang_format_win' -}, - { - 'action': - [ - 'download_from_google_storage', - '--no_resume', - '--platform=darwin', - '--no_auth', - '--bucket', - 'chromium-clang-format', - '-s', - 'v8/buildtools/mac/clang-format.sha1' -], - 'pattern': - '.', - 'name': - 'clang_format_mac' -}, - { - 'action': - [ - 'download_from_google_storage', - '--no_resume', - '--platform=linux*', - '--no_auth', - '--bucket', - 'chromium-clang-format', - '-s', - 'v8/buildtools/linux64/clang-format.sha1' -], - 'pattern': - '.', - 'name': - 'clang_format_linux' -}, - { - 'action': - [ - 'python', - 'v8/build/gyp_v8' -], - 'pattern': - '.' -} -] diff --git a/deps/v8/.clang-format b/deps/v8/.clang-format deleted file mode 100644 index d9bbf504a6f..00000000000 --- a/deps/v8/.clang-format +++ /dev/null @@ -1,4 +0,0 @@ -# Defines the Google C++ style for automatic reformatting. -# http://clang.llvm.org/docs/ClangFormatStyleOptions.html -BasedOnStyle: Google -MaxEmptyLinesToKeep: 2 diff --git a/deps/v8/.gitignore b/deps/v8/.gitignore deleted file mode 100644 index d0d4b436df1..00000000000 --- a/deps/v8/.gitignore +++ /dev/null @@ -1,82 +0,0 @@ -*.a -*.exe -*.idb -*.lib -*.log -*.map -*.mk -*.ncb -*.pdb -*.pyc -*.scons* -*.sdf -*.sln -*.so -*.suo -*.user -*.vcproj -*.vcxproj -*.vcxproj.filters -*.xcodeproj -#*# -*~ -.cpplint-cache -.cproject -.d8_history -.gclient_entries -.project -.pydevproject -.settings -.*.sw? -bsuite -d8 -d8_g -gccauses -gcsuspects -shell -shell_g -/_* -/build/Debug -/build/gyp -/build/ipch/ -/build/Release -/buildtools -/hydrogen.cfg -/obj -/out -/perf.data -/perf.data.old -/test/benchmarks/CHECKED_OUT_* -/test/benchmarks/downloaded_* -/test/benchmarks/kraken -/test/benchmarks/octane -/test/benchmarks/sunspider -/test/mozilla/CHECKED_OUT_VERSION -/test/mozilla/data -/test/mozilla/data.old -/test/mozilla/downloaded_* -/test/promises-aplus/promises-tests -/test/promises-aplus/promises-tests.tar.gz -/test/promises-aplus/sinon -/test/test262/data -/test/test262/data.old -/test/test262/tc39-test262-* -/testing/gmock -/testing/gtest -/third_party/icu -/third_party/llvm -/tools/jsfunfuzz -/tools/jsfunfuzz.zip -/tools/oom_dump/oom_dump -/tools/oom_dump/oom_dump.o -/tools/visual_studio/Debug -/tools/visual_studio/Release -/v8.log.ll -/xcodebuild -TAGS -*.Makefile -GTAGS -GRTAGS -GSYMS -GPATH -gtags.files diff --git a/deps/v8/ChangeLog b/deps/v8/ChangeLog index 0b2872a7c21..98c9b7c5484 100644 --- a/deps/v8/ChangeLog +++ b/deps/v8/ChangeLog @@ -1,8 +1,3 @@ -2014-08-13: Version 3.28.73 - - Performance and stability improvements on all platforms. - - 2014-08-12: Version 3.28.71 ToNumber(Symbol) should throw TypeError (issue 3499). diff --git a/deps/v8/build/features.gypi b/deps/v8/build/features.gypi index 7ce66e4c98e..8201ea9eaa1 100644 --- a/deps/v8/build/features.gypi +++ b/deps/v8/build/features.gypi @@ -115,7 +115,7 @@ 'Release': { 'variables': { 'v8_enable_extra_checks%': 0, - 'v8_enable_handle_zapping%': 1, + 'v8_enable_handle_zapping%': 0, }, 'conditions': [ ['v8_enable_extra_checks==1', { diff --git a/deps/v8/include/v8.h b/deps/v8/include/v8.h index f3fb966de0e..ef0bda63f43 100644 --- a/deps/v8/include/v8.h +++ b/deps/v8/include/v8.h @@ -4186,17 +4186,6 @@ class V8_EXPORT Isolate { */ static Isolate* GetCurrent(); - /** - * Custom callback used by embedders to help V8 determine if it should abort - * when it throws and no internal handler can catch the exception. - * If FLAG_abort_on_uncaught_exception is true, then V8 will abort if either: - * - no custom callback is set. - * - the custom callback set returns true. - * Otherwise it won't abort. - */ - typedef bool (*abort_on_uncaught_exception_t)(); - void SetAbortOnUncaughtException(abort_on_uncaught_exception_t callback); - /** * Methods below this point require holding a lock (using Locker) in * a multi-threaded environment. diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc index b04a3e62de6..3d9e9d8310a 100644 --- a/deps/v8/src/api.cc +++ b/deps/v8/src/api.cc @@ -5543,6 +5543,11 @@ bool v8::String::CanMakeExternal() { i::Handle obj = Utils::OpenHandle(this); i::Isolate* isolate = obj->GetIsolate(); + // TODO(yangguo): Externalizing sliced/cons strings allocates. + // This rule can be removed when all code that can + // trigger an access check is handlified and therefore GC safe. + if (isolate->heap()->old_pointer_space()->Contains(*obj)) return false; + if (isolate->string_tracker()->IsFreshUnusedString(obj)) return false; int size = obj->Size(); // Byte size of the original string. if (size < i::ExternalString::kShortSize) return false; @@ -6731,6 +6736,7 @@ void v8::Isolate::LowMemoryNotification() { } } + int v8::Isolate::ContextDisposedNotification() { i::Isolate* isolate = reinterpret_cast(this); return isolate->heap()->NotifyContextDisposed(); diff --git a/deps/v8/src/array-iterator.js b/deps/v8/src/array-iterator.js index f04d6c974a4..cd5cd835bc7 100644 --- a/deps/v8/src/array-iterator.js +++ b/deps/v8/src/array-iterator.js @@ -120,8 +120,8 @@ function ExtendArrayPrototype() { %CheckIsBootstrapping(); InstallFunctions($Array.prototype, DONT_ENUM, $Array( + // No 'values' since it breaks webcompat: http://crbug.com/409858 'entries', ArrayEntries, - 'values', ArrayValues, 'keys', ArrayKeys )); diff --git a/deps/v8/src/array.js b/deps/v8/src/array.js index cf99aceb699..337e1400201 100644 --- a/deps/v8/src/array.js +++ b/deps/v8/src/array.js @@ -1480,7 +1480,6 @@ function SetUpArray() { find: true, findIndex: true, keys: true, - values: true, }; %AddNamedProperty($Array.prototype, symbolUnscopables, unscopables, DONT_ENUM | READ_ONLY); diff --git a/deps/v8/src/base/platform/platform-posix.cc b/deps/v8/src/base/platform/platform-posix.cc index a5128d0db20..252d2137552 100644 --- a/deps/v8/src/base/platform/platform-posix.cc +++ b/deps/v8/src/base/platform/platform-posix.cc @@ -321,15 +321,11 @@ int OS::GetCurrentProcessId() { int OS::GetCurrentThreadId() { -#if V8_OS_MACOSX - return static_cast(pthread_mach_thread_np(pthread_self())); -#elif V8_OS_LINUX +#if defined(ANDROID) return static_cast(syscall(__NR_gettid)); -#elif V8_OS_ANDROID - return static_cast(gettid()); #else - return static_cast(pthread_self()); -#endif + return static_cast(syscall(SYS_gettid)); +#endif // defined(ANDROID) } @@ -608,8 +604,9 @@ void Thread::Join() { void Thread::YieldCPU() { - const timespec delay = { 0, 1 }; - nanosleep(&delay, NULL); + int result = sched_yield(); + DCHECK_EQ(0, result); + USE(result); } diff --git a/deps/v8/src/base/platform/platform.h b/deps/v8/src/base/platform/platform.h index 9567572d800..8a541262685 100644 --- a/deps/v8/src/base/platform/platform.h +++ b/deps/v8/src/base/platform/platform.h @@ -35,7 +35,6 @@ namespace std { int signbit(double x); } # endif -#include #endif #if V8_OS_QNX diff --git a/deps/v8/src/bootstrapper.cc b/deps/v8/src/bootstrapper.cc index 240be719187..361960dc22f 100644 --- a/deps/v8/src/bootstrapper.cc +++ b/deps/v8/src/bootstrapper.cc @@ -2655,17 +2655,19 @@ Genesis::Genesis(Isolate* isolate, NONE).Assert(); // Initialize trigonometric lookup tables and constants. - const int constants_size = ARRAY_SIZE(fdlibm::MathConstants::constants); + const int constants_size = + ARRAY_SIZE(fdlibm::TrigonometricConstants::constants); const int table_num_bytes = constants_size * kDoubleSize; v8::Local trig_buffer = v8::ArrayBuffer::New( reinterpret_cast(isolate), - const_cast(fdlibm::MathConstants::constants), table_num_bytes); + const_cast(fdlibm::TrigonometricConstants::constants), + table_num_bytes); v8::Local trig_table = v8::Float64Array::New(trig_buffer, 0, constants_size); Runtime::DefineObjectProperty( builtins, - factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR("kMath")), + factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR("kTrig")), Utils::OpenHandle(*trig_table), NONE).Assert(); } diff --git a/deps/v8/src/codegen.cc b/deps/v8/src/codegen.cc index a24220d9d0a..6b12d64563f 100644 --- a/deps/v8/src/codegen.cc +++ b/deps/v8/src/codegen.cc @@ -190,7 +190,7 @@ void CodeGenerator::PrintCode(Handle code, CompilationInfo* info) { function->end_position() - function->start_position() + 1; for (int i = 0; i < source_len; i++) { if (stream.HasMore()) { - os << AsReversiblyEscapedUC16(stream.GetNext()); + os << AsUC16(stream.GetNext()); } } os << "\n\n"; diff --git a/deps/v8/src/compiler/change-lowering.cc b/deps/v8/src/compiler/change-lowering.cc deleted file mode 100644 index 3f8e45b9e71..00000000000 --- a/deps/v8/src/compiler/change-lowering.cc +++ /dev/null @@ -1,260 +0,0 @@ -// Copyright 2014 the V8 project authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "src/compiler/change-lowering.h" - -#include "src/compiler/common-node-cache.h" -#include "src/compiler/graph.h" - -namespace v8 { -namespace internal { -namespace compiler { - -ChangeLoweringBase::ChangeLoweringBase(Graph* graph, Linkage* linkage, - CommonNodeCache* cache) - : graph_(graph), - isolate_(graph->zone()->isolate()), - linkage_(linkage), - cache_(cache), - common_(graph->zone()), - machine_(graph->zone()) {} - - -ChangeLoweringBase::~ChangeLoweringBase() {} - - -Node* ChangeLoweringBase::ExternalConstant(ExternalReference reference) { - Node** loc = cache()->FindExternalConstant(reference); - if (*loc == NULL) { - *loc = graph()->NewNode(common()->ExternalConstant(reference)); - } - return *loc; -} - - -Node* ChangeLoweringBase::HeapConstant(PrintableUnique value) { - // TODO(bmeurer): Use common node cache. - return graph()->NewNode(common()->HeapConstant(value)); -} - - -Node* ChangeLoweringBase::ImmovableHeapConstant(Handle value) { - return HeapConstant( - PrintableUnique::CreateImmovable(graph()->zone(), value)); -} - - -Node* ChangeLoweringBase::Int32Constant(int32_t value) { - Node** loc = cache()->FindInt32Constant(value); - if (*loc == NULL) { - *loc = graph()->NewNode(common()->Int32Constant(value)); - } - return *loc; -} - - -Node* ChangeLoweringBase::NumberConstant(double value) { - Node** loc = cache()->FindNumberConstant(value); - if (*loc == NULL) { - *loc = graph()->NewNode(common()->NumberConstant(value)); - } - return *loc; -} - - -Node* ChangeLoweringBase::CEntryStubConstant() { - if (!c_entry_stub_constant_.is_set()) { - c_entry_stub_constant_.set( - ImmovableHeapConstant(CEntryStub(isolate(), 1).GetCode())); - } - return c_entry_stub_constant_.get(); -} - - -Node* ChangeLoweringBase::TrueConstant() { - if (!true_constant_.is_set()) { - true_constant_.set( - ImmovableHeapConstant(isolate()->factory()->true_value())); - } - return true_constant_.get(); -} - - -Node* ChangeLoweringBase::FalseConstant() { - if (!false_constant_.is_set()) { - false_constant_.set( - ImmovableHeapConstant(isolate()->factory()->false_value())); - } - return false_constant_.get(); -} - - -Reduction ChangeLoweringBase::ChangeBitToBool(Node* val, Node* control) { - Node* branch = graph()->NewNode(common()->Branch(), val, control); - - Node* if_true = graph()->NewNode(common()->IfTrue(), branch); - Node* true_value = TrueConstant(); - - Node* if_false = graph()->NewNode(common()->IfFalse(), branch); - Node* false_value = FalseConstant(); - - Node* merge = graph()->NewNode(common()->Merge(2), if_true, if_false); - Node* phi = - graph()->NewNode(common()->Phi(2), true_value, false_value, merge); - - return Replace(phi); -} - - -template -ChangeLowering::ChangeLowering(Graph* graph, Linkage* linkage) - : ChangeLoweringBase(graph, linkage, - new (graph->zone()) CommonNodeCache(graph->zone())) {} - - -template -Reduction ChangeLowering::Reduce(Node* node) { - Node* control = graph()->start(); - Node* effect = control; - switch (node->opcode()) { - case IrOpcode::kChangeBitToBool: - return ChangeBitToBool(node->InputAt(0), control); - case IrOpcode::kChangeBoolToBit: - return ChangeBoolToBit(node->InputAt(0)); - case IrOpcode::kChangeInt32ToTagged: - return ChangeInt32ToTagged(node->InputAt(0), effect, control); - case IrOpcode::kChangeTaggedToFloat64: - return ChangeTaggedToFloat64(node->InputAt(0), effect, control); - default: - return NoChange(); - } - UNREACHABLE(); - return NoChange(); -} - - -template <> -Reduction ChangeLowering<4>::ChangeBoolToBit(Node* val) { - return Replace( - graph()->NewNode(machine()->Word32Equal(), val, TrueConstant())); -} - - -template <> -Reduction ChangeLowering<8>::ChangeBoolToBit(Node* val) { - return Replace( - graph()->NewNode(machine()->Word64Equal(), val, TrueConstant())); -} - - -template <> -Reduction ChangeLowering<4>::ChangeInt32ToTagged(Node* val, Node* effect, - Node* control) { - Node* context = NumberConstant(0); - - Node* add = graph()->NewNode(machine()->Int32AddWithOverflow(), val, val); - Node* ovf = graph()->NewNode(common()->Projection(1), add); - - Node* branch = graph()->NewNode(common()->Branch(), ovf, control); - - Node* if_true = graph()->NewNode(common()->IfTrue(), branch); - Node* number = graph()->NewNode(machine()->ChangeInt32ToFloat64(), val); - - // TODO(bmeurer): Inline allocation if possible. - const Runtime::Function* fn = - Runtime::FunctionForId(Runtime::kAllocateHeapNumber); - DCHECK_EQ(0, fn->nargs); - CallDescriptor* desc = linkage()->GetRuntimeCallDescriptor( - fn->function_id, 0, Operator::kNoProperties); - Node* heap_number = - graph()->NewNode(common()->Call(desc), CEntryStubConstant(), - ExternalConstant(ExternalReference(fn, isolate())), - Int32Constant(0), context, effect, if_true); - - Node* store = graph()->NewNode( - machine()->Store(kMachineFloat64, kNoWriteBarrier), heap_number, - Int32Constant(HeapNumber::kValueOffset - kHeapObjectTag), number, effect, - heap_number); - - Node* if_false = graph()->NewNode(common()->IfFalse(), branch); - Node* smi = graph()->NewNode(common()->Projection(0), add); - - Node* merge = graph()->NewNode(common()->Merge(2), store, if_false); - Node* phi = graph()->NewNode(common()->Phi(2), heap_number, smi, merge); - - return Replace(phi); -} - - -template <> -Reduction ChangeLowering<8>::ChangeInt32ToTagged(Node* val, Node* effect, - Node* control) { - return Replace(graph()->NewNode( - machine()->Word64Shl(), val, - Int32Constant(SmiTagging<8>::kSmiShiftSize + kSmiTagSize))); -} - - -template <> -Reduction ChangeLowering<4>::ChangeTaggedToFloat64(Node* val, Node* effect, - Node* control) { - Node* branch = graph()->NewNode( - common()->Branch(), - graph()->NewNode(machine()->Word32And(), val, Int32Constant(kSmiTagMask)), - control); - - Node* if_true = graph()->NewNode(common()->IfTrue(), branch); - Node* load = graph()->NewNode( - machine()->Load(kMachineFloat64), val, - Int32Constant(HeapNumber::kValueOffset - kHeapObjectTag), if_true); - - Node* if_false = graph()->NewNode(common()->IfFalse(), branch); - Node* number = graph()->NewNode( - machine()->ChangeInt32ToFloat64(), - graph()->NewNode( - machine()->Word32Sar(), val, - Int32Constant(SmiTagging<4>::kSmiShiftSize + kSmiTagSize))); - - Node* merge = graph()->NewNode(common()->Merge(2), if_true, if_false); - Node* phi = graph()->NewNode(common()->Phi(2), load, number, merge); - - return Replace(phi); -} - - -template <> -Reduction ChangeLowering<8>::ChangeTaggedToFloat64(Node* val, Node* effect, - Node* control) { - Node* branch = graph()->NewNode( - common()->Branch(), - graph()->NewNode(machine()->Word64And(), val, Int32Constant(kSmiTagMask)), - control); - - Node* if_true = graph()->NewNode(common()->IfTrue(), branch); - Node* load = graph()->NewNode( - machine()->Load(kMachineFloat64), val, - Int32Constant(HeapNumber::kValueOffset - kHeapObjectTag), if_true); - - Node* if_false = graph()->NewNode(common()->IfFalse(), branch); - Node* number = graph()->NewNode( - machine()->ChangeInt32ToFloat64(), - graph()->NewNode( - machine()->ConvertInt64ToInt32(), - graph()->NewNode( - machine()->Word64Sar(), val, - Int32Constant(SmiTagging<8>::kSmiShiftSize + kSmiTagSize)))); - - Node* merge = graph()->NewNode(common()->Merge(2), if_true, if_false); - Node* phi = graph()->NewNode(common()->Phi(2), load, number, merge); - - return Replace(phi); -} - - -template class ChangeLowering<4>; -template class ChangeLowering<8>; - -} // namespace compiler -} // namespace internal -} // namespace v8 diff --git a/deps/v8/src/compiler/change-lowering.h b/deps/v8/src/compiler/change-lowering.h deleted file mode 100644 index 3e16d800de7..00000000000 --- a/deps/v8/src/compiler/change-lowering.h +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2014 the V8 project authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef V8_COMPILER_CHANGE_LOWERING_H_ -#define V8_COMPILER_CHANGE_LOWERING_H_ - -#include "include/v8.h" -#include "src/compiler/common-operator.h" -#include "src/compiler/graph-reducer.h" -#include "src/compiler/machine-operator.h" - -namespace v8 { -namespace internal { -namespace compiler { - -// Forward declarations. -class CommonNodeCache; -class Linkage; - -class ChangeLoweringBase : public Reducer { - public: - ChangeLoweringBase(Graph* graph, Linkage* linkage, CommonNodeCache* cache); - virtual ~ChangeLoweringBase(); - - protected: - Node* ExternalConstant(ExternalReference reference); - Node* HeapConstant(PrintableUnique value); - Node* ImmovableHeapConstant(Handle value); - Node* Int32Constant(int32_t value); - Node* NumberConstant(double value); - Node* CEntryStubConstant(); - Node* TrueConstant(); - Node* FalseConstant(); - - Reduction ChangeBitToBool(Node* val, Node* control); - - Graph* graph() const { return graph_; } - Isolate* isolate() const { return isolate_; } - Linkage* linkage() const { return linkage_; } - CommonNodeCache* cache() const { return cache_; } - CommonOperatorBuilder* common() { return &common_; } - MachineOperatorBuilder* machine() { return &machine_; } - - private: - Graph* graph_; - Isolate* isolate_; - Linkage* linkage_; - CommonNodeCache* cache_; - CommonOperatorBuilder common_; - MachineOperatorBuilder machine_; - - SetOncePointer c_entry_stub_constant_; - SetOncePointer true_constant_; - SetOncePointer false_constant_; -}; - - -template -class ChangeLowering V8_FINAL : public ChangeLoweringBase { - public: - ChangeLowering(Graph* graph, Linkage* linkage); - ChangeLowering(Graph* graph, Linkage* linkage, CommonNodeCache* cache) - : ChangeLoweringBase(graph, linkage, cache) {} - virtual ~ChangeLowering() {} - - virtual Reduction Reduce(Node* node) V8_OVERRIDE; - - private: - Reduction ChangeBoolToBit(Node* val); - Reduction ChangeInt32ToTagged(Node* val, Node* effect, Node* control); - Reduction ChangeTaggedToFloat64(Node* val, Node* effect, Node* control); -}; - -} // namespace compiler -} // namespace internal -} // namespace v8 - -#endif // V8_COMPILER_CHANGE_LOWERING_H_ diff --git a/deps/v8/src/compiler/node-properties-inl.h b/deps/v8/src/compiler/node-properties-inl.h index 2d63b0cc1b7..ea58b4d8a19 100644 --- a/deps/v8/src/compiler/node-properties-inl.h +++ b/deps/v8/src/compiler/node-properties-inl.h @@ -23,12 +23,13 @@ namespace compiler { // Inputs are always arranged in order as follows: // 0 [ values, context, effects, control ] node->InputCount() -inline int NodeProperties::FirstValueIndex(Node* node) { return 0; } -inline int NodeProperties::FirstContextIndex(Node* node) { +inline int NodeProperties::GetContextIndex(Node* node) { return PastValueIndex(node); } +inline int NodeProperties::FirstValueIndex(Node* node) { return 0; } + inline int NodeProperties::FirstEffectIndex(Node* node) { return PastContextIndex(node); } @@ -44,7 +45,7 @@ inline int NodeProperties::PastValueIndex(Node* node) { } inline int NodeProperties::PastContextIndex(Node* node) { - return FirstContextIndex(node) + + return GetContextIndex(node) + OperatorProperties::GetContextInputCount(node->op()); } @@ -70,7 +71,7 @@ inline Node* NodeProperties::GetValueInput(Node* node, int index) { inline Node* NodeProperties::GetContextInput(Node* node) { DCHECK(OperatorProperties::HasContextInput(node->op())); - return node->InputAt(FirstContextIndex(node)); + return node->InputAt(GetContextIndex(node)); } inline Node* NodeProperties::GetEffectInput(Node* node, int index) { @@ -105,7 +106,7 @@ inline bool NodeProperties::IsValueEdge(Node::Edge edge) { inline bool NodeProperties::IsContextEdge(Node::Edge edge) { Node* node = edge.from(); - return IsInputRange(edge, FirstContextIndex(node), + return IsInputRange(edge, GetContextIndex(node), OperatorProperties::GetContextInputCount(node->op())); } @@ -133,14 +134,13 @@ inline bool NodeProperties::IsControl(Node* node) { // ----------------------------------------------------------------------------- // Miscellaneous mutators. -inline void NodeProperties::ReplaceControlInput(Node* node, Node* control) { - node->ReplaceInput(FirstControlIndex(node), control); -} - inline void NodeProperties::ReplaceEffectInput(Node* node, Node* effect, int index) { DCHECK(index < OperatorProperties::GetEffectInputCount(node->op())); - return node->ReplaceInput(FirstEffectIndex(node) + index, effect); + return node->ReplaceInput( + OperatorProperties::GetValueInputCount(node->op()) + + OperatorProperties::GetContextInputCount(node->op()) + index, + effect); } inline void NodeProperties::RemoveNonValueInputs(Node* node) { diff --git a/deps/v8/src/compiler/node-properties.h b/deps/v8/src/compiler/node-properties.h index 6088a0a3a06..eaa4d66ada1 100644 --- a/deps/v8/src/compiler/node-properties.h +++ b/deps/v8/src/compiler/node-properties.h @@ -5,13 +5,15 @@ #ifndef V8_COMPILER_NODE_PROPERTIES_H_ #define V8_COMPILER_NODE_PROPERTIES_H_ -#include "src/compiler/node.h" +#include "src/v8.h" + #include "src/types.h" namespace v8 { namespace internal { namespace compiler { +class Node; class Operator; // A facade that simplifies access to the different kinds of inputs to a node. @@ -29,7 +31,6 @@ class NodeProperties { static inline bool IsControl(Node* node); - static inline void ReplaceControlInput(Node* node, Node* control); static inline void ReplaceEffectInput(Node* node, Node* effect, int index = 0); static inline void RemoveNonValueInputs(Node* node); @@ -37,9 +38,9 @@ class NodeProperties { static inline Bounds GetBounds(Node* node); static inline void SetBounds(Node* node, Bounds bounds); - private: + static inline int GetContextIndex(Node* node); + static inline int FirstValueIndex(Node* node); - static inline int FirstContextIndex(Node* node); static inline int FirstEffectIndex(Node* node); static inline int FirstControlIndex(Node* node); static inline int PastValueIndex(Node* node); @@ -49,9 +50,8 @@ class NodeProperties { static inline bool IsInputRange(Node::Edge edge, int first, int count); }; - -} // namespace compiler -} // namespace internal -} // namespace v8 +} +} +} // namespace v8::internal::compiler #endif // V8_COMPILER_NODE_PROPERTIES_H_ diff --git a/deps/v8/src/compiler/pipeline.cc b/deps/v8/src/compiler/pipeline.cc index b0b3eb76efe..fa0ff173b25 100644 --- a/deps/v8/src/compiler/pipeline.cc +++ b/deps/v8/src/compiler/pipeline.cc @@ -14,7 +14,6 @@ #include "src/compiler/js-context-specialization.h" #include "src/compiler/js-generic-lowering.h" #include "src/compiler/js-typed-lowering.h" -#include "src/compiler/phi-reducer.h" #include "src/compiler/register-allocator.h" #include "src/compiler/schedule.h" #include "src/compiler/scheduler.h" @@ -23,7 +22,6 @@ #include "src/compiler/verifier.h" #include "src/hydrogen.h" #include "src/ostreams.h" -#include "src/utils.h" namespace v8 { namespace internal { @@ -75,25 +73,9 @@ class PhaseStats { void Pipeline::VerifyAndPrintGraph(Graph* graph, const char* phase) { if (FLAG_trace_turbo) { - char buffer[256]; - Vector filename(buffer, sizeof(buffer)); - SmartArrayPointer functionname = - info_->shared_info()->DebugName()->ToCString(); - if (strlen(functionname.get()) > 0) { - SNPrintF(filename, "turbo-%s-%s.dot", functionname.get(), phase); - } else { - SNPrintF(filename, "turbo-%p-%s.dot", static_cast(info_), phase); - } - std::replace(filename.start(), filename.start() + filename.length(), ' ', - '_'); - FILE* file = base::OS::FOpen(filename.start(), "w+"); - OFStream of(file); - of << AsDOT(*graph); - fclose(file); - OFStream os(stdout); - os << "-- " << phase << " graph printed to file " << filename.start() - << "\n"; + os << "-- " << phase << " graph -----------------------------------\n" + << AsDOT(*graph); } if (VerifyGraphs()) Verifier::Run(graph); } @@ -162,17 +144,6 @@ Handle Pipeline::GenerateCode() { graph_builder.CreateGraph(); context_node = graph_builder.GetFunctionContext(); } - { - PhaseStats phi_reducer_stats(info(), PhaseStats::CREATE_GRAPH, - "phi reduction"); - PhiReducer phi_reducer; - GraphReducer graph_reducer(&graph); - graph_reducer.AddReducer(&phi_reducer); - graph_reducer.ReduceGraph(); - // TODO(mstarzinger): Running reducer once ought to be enough for everyone. - graph_reducer.ReduceGraph(); - graph_reducer.ReduceGraph(); - } VerifyAndPrintGraph(&graph, "Initial untyped"); diff --git a/deps/v8/src/compiler/representation-change.h b/deps/v8/src/compiler/representation-change.h index bd5fb5f7934..94225bb2ef2 100644 --- a/deps/v8/src/compiler/representation-change.h +++ b/deps/v8/src/compiler/representation-change.h @@ -88,7 +88,7 @@ class RepresentationChanger { } else if (use_type & rFloat64) { return GetFloat64RepresentationFor(node, output_type); } else if (use_type & rWord32) { - return GetWord32RepresentationFor(node, output_type, use_type & tUint32); + return GetWord32RepresentationFor(node, output_type); } else if (use_type & rBit) { return GetBitRepresentationFor(node, output_type); } else if (use_type & rWord64) { @@ -165,8 +165,10 @@ class RepresentationChanger { if (output_type & rWord32) { if (output_type & tUint32) { op = machine()->ChangeUint32ToFloat64(); - } else { + } else if (output_type & tInt32) { op = machine()->ChangeInt32ToFloat64(); + } else { + return TypeError(node, output_type, rFloat64); } } else if (output_type & rTagged) { op = simplified()->ChangeTaggedToFloat64(); @@ -176,23 +178,22 @@ class RepresentationChanger { return jsgraph()->graph()->NewNode(op, node); } - Node* GetWord32RepresentationFor(Node* node, RepTypeUnion output_type, - bool use_unsigned) { + Node* GetWord32RepresentationFor(Node* node, RepTypeUnion output_type) { // Eagerly fold representation changes for constants. switch (node->opcode()) { case IrOpcode::kInt32Constant: return node; // No change necessary. case IrOpcode::kNumberConstant: case IrOpcode::kFloat64Constant: { - double value = ValueOf(node->op()); - if (value < 0) { - DCHECK(IsInt32Double(value)); - int32_t iv = static_cast(value); - return jsgraph()->Int32Constant(iv); + if (output_type & tUint32) { + int32_t value = static_cast( + static_cast(ValueOf(node->op()))); + return jsgraph()->Int32Constant(value); + } else if (output_type & tInt32) { + int32_t value = FastD2I(ValueOf(node->op())); + return jsgraph()->Int32Constant(value); } else { - DCHECK(IsUint32Double(value)); - int32_t iv = static_cast(static_cast(value)); - return jsgraph()->Int32Constant(iv); + return TypeError(node, output_type, rWord32); } } default: @@ -201,16 +202,20 @@ class RepresentationChanger { // Select the correct X -> Word32 operator. Operator* op = NULL; if (output_type & rFloat64) { - if (output_type & tUint32 || use_unsigned) { + if (output_type & tUint32) { op = machine()->ChangeFloat64ToUint32(); - } else { + } else if (output_type & tInt32) { op = machine()->ChangeFloat64ToInt32(); + } else { + return TypeError(node, output_type, rWord32); } } else if (output_type & rTagged) { - if (output_type & tUint32 || use_unsigned) { + if (output_type & tUint32) { op = simplified()->ChangeTaggedToUint32(); - } else { + } else if (output_type & tInt32) { op = simplified()->ChangeTaggedToInt32(); + } else { + return TypeError(node, output_type, rWord32); } } else if (output_type & rBit) { return node; // Sloppy comparison -> word32. diff --git a/deps/v8/src/date.h b/deps/v8/src/date.h index 633dd9f38e7..813d3126ede 100644 --- a/deps/v8/src/date.h +++ b/deps/v8/src/date.h @@ -103,14 +103,52 @@ class DateCache { } // ECMA 262 - 15.9.1.9 + // LocalTime(t) = t + LocalTZA + DaylightSavingTA(t) int64_t ToLocal(int64_t time_ms) { return time_ms + LocalOffsetInMs() + DaylightSavingsOffsetInMs(time_ms); } // ECMA 262 - 15.9.1.9 + // UTC(t) = t - LocalTZA - DaylightSavingTA(t - LocalTZA) int64_t ToUTC(int64_t time_ms) { + // We need to compute UTC time that corresponds to the given local time. + // Literally following spec here leads to incorrect time computation at + // the points were we transition to and from DST. + // + // The following shows that using DST for (t - LocalTZA - hour) produces + // correct conversion. + // + // Consider transition to DST at local time L1. + // Let L0 = L1 - hour, L2 = L1 + hour, + // U1 = UTC time that corresponds to L1, + // U0 = U1 - hour. + // Transitioning to DST moves local clock one hour forward L1 => L2, so + // U0 = UTC time that corresponds to L0 = L0 - LocalTZA, + // U1 = UTC time that corresponds to L1 = L1 - LocalTZA, + // U1 = UTC time that corresponds to L2 = L2 - LocalTZA - hour. + // Note that DST(U0 - hour) = 0, DST(U0) = 0, DST(U1) = 1. + // U0 = L0 - LocalTZA - DST(L0 - LocalTZA - hour), + // U1 = L1 - LocalTZA - DST(L1 - LocalTZA - hour), + // U1 = L2 - LocalTZA - DST(L2 - LocalTZA - hour). + // + // Consider transition from DST at local time L1. + // Let L0 = L1 - hour, + // U1 = UTC time that corresponds to L1, + // U0 = U1 - hour, U2 = U1 + hour. + // Transitioning from DST moves local clock one hour back L1 => L0, so + // U0 = UTC time that corresponds to L0 (before transition) + // = L0 - LocalTZA - hour. + // U1 = UTC time that corresponds to L0 (after transition) + // = L0 - LocalTZA = L1 - LocalTZA - hour + // U2 = UTC time that corresponds to L1 = L1 - LocalTZA. + // Note that DST(U0) = 1, DST(U1) = 0, DST(U2) = 0. + // U0 = L0 - LocalTZA - DST(L0 - LocalTZA - hour) = L0 - LocalTZA - DST(U0). + // U2 = L1 - LocalTZA - DST(L1 - LocalTZA - hour) = L1 - LocalTZA - DST(U1). + // It is impossible to get U1 from local time. + + const int kMsPerHour = 3600 * 1000; time_ms -= LocalOffsetInMs(); - return time_ms - DaylightSavingsOffsetInMs(time_ms); + return time_ms - DaylightSavingsOffsetInMs(time_ms - kMsPerHour); } diff --git a/deps/v8/src/debug-debugger.js b/deps/v8/src/debug-debugger.js index f24a14a79c2..a4c8801ea6d 100644 --- a/deps/v8/src/debug-debugger.js +++ b/deps/v8/src/debug-debugger.js @@ -430,7 +430,7 @@ ScriptBreakPoint.prototype.set = function (script) { if (IS_NULL(position)) return; // Create a break point object and set the break point. - var break_point = MakeBreakPoint(position, this); + break_point = MakeBreakPoint(position, this); break_point.setIgnoreCount(this.ignoreCount()); var actual_position = %SetScriptBreakPoint(script, position, this.position_alignment_, diff --git a/deps/v8/src/factory.cc b/deps/v8/src/factory.cc index 39e32806b7b..934ab25abbf 100644 --- a/deps/v8/src/factory.cc +++ b/deps/v8/src/factory.cc @@ -664,14 +664,6 @@ Handle Factory::NewPrivateSymbol() { } -Handle Factory::NewPrivateOwnSymbol() { - Handle symbol = NewSymbol(); - symbol->set_is_private(true); - symbol->set_is_own(true); - return symbol; -} - - Handle Factory::NewNativeContext() { Handle array = NewFixedArray(Context::NATIVE_CONTEXT_SLOTS); array->set_map_no_write_barrier(*native_context_map()); diff --git a/deps/v8/src/factory.h b/deps/v8/src/factory.h index aa1f94d8145..f09d24719c7 100644 --- a/deps/v8/src/factory.h +++ b/deps/v8/src/factory.h @@ -221,7 +221,6 @@ class Factory V8_FINAL { // Create a symbol. Handle NewSymbol(); Handle NewPrivateSymbol(); - Handle NewPrivateOwnSymbol(); // Create a global (but otherwise uninitialized) context. Handle NewNativeContext(); diff --git a/deps/v8/src/flag-definitions.h b/deps/v8/src/flag-definitions.h index 55af2e67400..591fd4f1104 100644 --- a/deps/v8/src/flag-definitions.h +++ b/deps/v8/src/flag-definitions.h @@ -460,9 +460,7 @@ DEFINE_BOOL(enable_liveedit, true, "enable liveedit experimental feature") DEFINE_BOOL(hard_abort, true, "abort by crashing") // execution.cc -// Slightly less than 1MB, since Windows' default stack size for -// the main execution thread is 1MB for both 32 and 64-bit. -DEFINE_INT(stack_size, 984, +DEFINE_INT(stack_size, V8_DEFAULT_STACK_SIZE_KB, "default size of stack region v8 is allowed to use (in kBytes)") // frames.cc diff --git a/deps/v8/src/generator.js b/deps/v8/src/generator.js index c62fe2c7713..1c7c4ec2723 100644 --- a/deps/v8/src/generator.js +++ b/deps/v8/src/generator.js @@ -47,9 +47,7 @@ function GeneratorFunctionConstructor(arg1) { // length == 1 var global_proxy = %GlobalProxy(global); // Compile the string in the constructor and not a helper so that errors // appear to come from here. - var f = %CompileString(source, true); - if (!IS_FUNCTION(f)) return f; - f = %_CallFunction(global_proxy, f); + var f = %_CallFunction(global_proxy, %CompileString(source, true)); %FunctionMarkNameShouldPrintAsAnonymous(f); return f; } diff --git a/deps/v8/src/globals.h b/deps/v8/src/globals.h index 258707493ef..89940ccaeea 100644 --- a/deps/v8/src/globals.h +++ b/deps/v8/src/globals.h @@ -31,7 +31,8 @@ #else #define V8_TURBOFAN_BACKEND 0 #endif -#if V8_TURBOFAN_BACKEND && !(V8_OS_WIN && V8_TARGET_ARCH_X64) +#if V8_TURBOFAN_BACKEND && !V8_TARGET_ARCH_ARM64 && \ + !(V8_OS_WIN && V8_TARGET_ARCH_X64) #define V8_TURBOFAN_TARGET 1 #else #define V8_TURBOFAN_TARGET 0 @@ -68,6 +69,18 @@ namespace internal { // Determine whether the architecture uses an out-of-line constant pool. #define V8_OOL_CONSTANT_POOL 0 +#ifdef V8_TARGET_ARCH_ARM +// Set stack limit lower for ARM than for other architectures because +// stack allocating MacroAssembler takes 120K bytes. +// See issue crbug.com/405338 +#define V8_DEFAULT_STACK_SIZE_KB 864 +#else +// Slightly less than 1MB, since Windows' default stack size for +// the main execution thread is 1MB for both 32 and 64-bit. +#define V8_DEFAULT_STACK_SIZE_KB 984 +#endif + + // Support for alternative bool type. This is only enabled if the code is // compiled with USE_MYBOOL defined. This catches some nasty type bugs. // For instance, 'bool b = "false";' results in b == true! This is a hidden diff --git a/deps/v8/src/heap/heap-inl.h b/deps/v8/src/heap/heap-inl.h index adb6e25bb71..3b6a8033a29 100644 --- a/deps/v8/src/heap/heap-inl.h +++ b/deps/v8/src/heap/heap-inl.h @@ -31,18 +31,12 @@ void PromotionQueue::insert(HeapObject* target, int size) { NewSpacePage::FromAddress(reinterpret_cast
(rear_)); DCHECK(!rear_page->prev_page()->is_anchor()); rear_ = reinterpret_cast(rear_page->prev_page()->area_end()); - ActivateGuardIfOnTheSamePage(); } - if (guard_) { - DCHECK(GetHeadPage() == - Page::FromAllocationTop(reinterpret_cast
(limit_))); - - if ((rear_ - 2) < limit_) { - RelocateQueueHead(); - emergency_stack_->Add(Entry(target, size)); - return; - } + if ((rear_ - 2) < limit_) { + RelocateQueueHead(); + emergency_stack_->Add(Entry(target, size)); + return; } *(--rear_) = reinterpret_cast(target); @@ -55,13 +49,6 @@ void PromotionQueue::insert(HeapObject* target, int size) { } -void PromotionQueue::ActivateGuardIfOnTheSamePage() { - guard_ = guard_ || - heap_->new_space()->active_space()->current_page()->address() == - GetHeadPage()->address(); -} - - template <> bool inline Heap::IsOneByte(Vector str, int chars) { // TODO(dcarney): incorporate Latin-1 check when Latin-1 is supported? diff --git a/deps/v8/src/heap/heap.cc b/deps/v8/src/heap/heap.cc index fd08c8292f8..3208c3519b1 100644 --- a/deps/v8/src/heap/heap.cc +++ b/deps/v8/src/heap/heap.cc @@ -1373,7 +1373,6 @@ void PromotionQueue::Initialize() { front_ = rear_ = reinterpret_cast(heap_->new_space()->ToSpaceEnd()); emergency_stack_ = NULL; - guard_ = false; } @@ -1971,15 +1970,16 @@ class ScavengingVisitor : public StaticVisitorBase { HeapObject* target = NULL; // Initialization to please compiler. if (allocation.To(&target)) { + // Order is important here: Set the promotion limit before storing a + // filler for double alignment or migrating the object. Otherwise we + // may end up overwriting promotion queue entries when we migrate the + // object. + heap->promotion_queue()->SetNewLimit(heap->new_space()->top()); + if (alignment != kObjectAlignment) { target = EnsureDoubleAligned(heap, target, allocation_size); } - // Order is important here: Set the promotion limit before migrating - // the object. Otherwise we may end up overwriting promotion queue - // entries when we migrate the object. - heap->promotion_queue()->SetNewLimit(heap->new_space()->top()); - // Order is important: slot might be inside of the target if target // was allocated over a dead object and slot comes from the store // buffer. @@ -2834,7 +2834,7 @@ void Heap::CreateInitialObjects() { // Allocate the dictionary of intrinsic function names. Handle intrinsic_names = - NameDictionary::New(isolate(), Runtime::kNumFunctions, TENURED); + NameDictionary::New(isolate(), Runtime::kNumFunctions); Runtime::InitializeIntrinsicFunctionNames(isolate(), intrinsic_names); set_intrinsic_function_names(*intrinsic_names); diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h index c313333362f..b21951cd922 100644 --- a/deps/v8/src/heap/heap.h +++ b/deps/v8/src/heap/heap.h @@ -393,18 +393,11 @@ class PromotionQueue { emergency_stack_ = NULL; } - inline void ActivateGuardIfOnTheSamePage(); - Page* GetHeadPage() { return Page::FromAllocationTop(reinterpret_cast
(rear_)); } void SetNewLimit(Address limit) { - if (!guard_) { - return; - } - - DCHECK(GetHeadPage() == Page::FromAllocationTop(limit)); limit_ = reinterpret_cast(limit); if (limit_ <= rear_) { @@ -461,8 +454,6 @@ class PromotionQueue { intptr_t* rear_; intptr_t* limit_; - bool guard_; - static const int kEntrySizeInWords = 2; struct Entry { diff --git a/deps/v8/src/heap/spaces.cc b/deps/v8/src/heap/spaces.cc index 9be53e03f28..e197f5a33e8 100644 --- a/deps/v8/src/heap/spaces.cc +++ b/deps/v8/src/heap/spaces.cc @@ -193,8 +193,10 @@ Address CodeRange::AllocateRawMemory(const size_t requested_size, const size_t commit_size, size_t* allocated) { DCHECK(commit_size <= requested_size); - DCHECK(current_allocation_block_index_ < allocation_list_.length()); - if (requested_size > allocation_list_[current_allocation_block_index_].size) { + DCHECK(allocation_list_.length() == 0 || + current_allocation_block_index_ < allocation_list_.length()); + if (allocation_list_.length() == 0 || + requested_size > allocation_list_[current_allocation_block_index_].size) { // Find an allocation block large enough. if (!GetNextAllocationBlock(requested_size)) return NULL; } @@ -218,7 +220,7 @@ Address CodeRange::AllocateRawMemory(const size_t requested_size, allocation_list_[current_allocation_block_index_].size -= *allocated; if (*allocated == current.size) { // This block is used up, get the next one. - if (!GetNextAllocationBlock(0)) return NULL; + GetNextAllocationBlock(0); } return current.start; } @@ -1365,7 +1367,6 @@ bool NewSpace::AddFreshPage() { Address limit = NewSpacePage::FromLimit(top)->area_end(); if (heap()->gc_state() == Heap::SCAVENGE) { heap()->promotion_queue()->SetNewLimit(limit); - heap()->promotion_queue()->ActivateGuardIfOnTheSamePage(); } int remaining_in_page = static_cast(limit - top); diff --git a/deps/v8/src/heap/store-buffer.cc b/deps/v8/src/heap/store-buffer.cc index b48e1a40493..48e98a3decf 100644 --- a/deps/v8/src/heap/store-buffer.cc +++ b/deps/v8/src/heap/store-buffer.cc @@ -486,10 +486,11 @@ void StoreBuffer::IteratePointersToNewSpace(ObjectSlotCallback slot_callback, heap_object = iterator.Next()) { // We skip free space objects. if (!heap_object->IsFiller()) { + DCHECK(heap_object->IsMap()); FindPointersToNewSpaceInRegion( - heap_object->address() + HeapObject::kHeaderSize, - heap_object->address() + heap_object->Size(), slot_callback, - clear_maps); + heap_object->address() + Map::kPointerFieldsBeginOffset, + heap_object->address() + Map::kPointerFieldsEndOffset, + slot_callback, clear_maps); } } } else { diff --git a/deps/v8/src/hydrogen-instructions.cc b/deps/v8/src/hydrogen-instructions.cc index b75bec0f5ec..5065d4ce390 100644 --- a/deps/v8/src/hydrogen-instructions.cc +++ b/deps/v8/src/hydrogen-instructions.cc @@ -1511,17 +1511,8 @@ HInstruction* HForceRepresentation::New(Zone* zone, HValue* context, HValue* value, Representation representation) { if (FLAG_fold_constants && value->IsConstant()) { HConstant* c = HConstant::cast(value); - if (c->HasNumberValue()) { - double double_res = c->DoubleValue(); - if (representation.IsDouble()) { - return HConstant::New(zone, context, double_res); - - } else if (representation.CanContainDouble(double_res)) { - return HConstant::New(zone, context, - static_cast(double_res), - representation); - } - } + c = c->CopyToRepresentation(representation, zone); + if (c != NULL) return c; } return new(zone) HForceRepresentation(value, representation); } diff --git a/deps/v8/src/hydrogen.cc b/deps/v8/src/hydrogen.cc index 63174aa5db8..9f3945f275d 100644 --- a/deps/v8/src/hydrogen.cc +++ b/deps/v8/src/hydrogen.cc @@ -3498,7 +3498,7 @@ int HGraph::TraceInlinedFunction( shared->end_position() - shared->start_position() + 1; for (int i = 0; i < source_len; i++) { if (stream.HasMore()) { - os << AsReversiblyEscapedUC16(stream.GetNext()); + os << AsUC16(stream.GetNext()); } } } @@ -8800,6 +8800,12 @@ HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver, Push(graph()->GetConstantMinus1()); if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) { + // Make sure that we can actually compare numbers correctly below, see + // https://code.google.com/p/chromium/issues/detail?id=407946 for details. + search_element = AddUncasted( + search_element, IsFastSmiElementsKind(kind) ? Representation::Smi() + : Representation::Double()); + LoopBuilder loop(this, context(), direction); { HValue* index = loop.BeginBody(initial, terminating, token); @@ -8807,12 +8813,8 @@ HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver, elements, index, static_cast(NULL), kind, ALLOW_RETURN_HOLE); IfBuilder if_issame(this); - if (IsFastDoubleElementsKind(kind)) { - if_issame.If( - element, search_element, Token::EQ_STRICT); - } else { - if_issame.If(element, search_element); - } + if_issame.If(element, search_element, + Token::EQ_STRICT); if_issame.Then(); { Drop(1); diff --git a/deps/v8/src/isolate.cc b/deps/v8/src/isolate.cc index 25f42f6ccb1..215296d735c 100644 --- a/deps/v8/src/isolate.cc +++ b/deps/v8/src/isolate.cc @@ -1090,9 +1090,10 @@ void Isolate::DoThrow(Object* exception, MessageLocation* location) { thread_local_top()->pending_message_end_pos_ = location->end_pos(); } - // If the abort-on-uncaught-exception flag is specified, and if the - // exception is not caught by JavaScript (even when an external handler is - // present). + // If the abort-on-uncaught-exception flag is specified, abort on any + // exception not caught by JavaScript, even when an external handler is + // present. This flag is intended for use by JavaScript developers, so + // print a user-friendly stack trace (not an internal one). if (fatal_exception_depth == 0 && FLAG_abort_on_uncaught_exception && (report_exception || can_be_caught_externally)) { @@ -1297,6 +1298,7 @@ void Isolate::SetCaptureStackTraceForUncaughtExceptions( stack_trace_for_uncaught_exceptions_options_ = options; } + Handle Isolate::native_context() { return handle(context()->native_context()); } diff --git a/deps/v8/src/isolate.h b/deps/v8/src/isolate.h index de0cb49512a..9ef6fc732a9 100644 --- a/deps/v8/src/isolate.h +++ b/deps/v8/src/isolate.h @@ -1326,7 +1326,6 @@ class Isolate { v8::Isolate::UseCounterCallback use_counter_callback_; - friend class ExecutionAccess; friend class HandleScopeImplementer; friend class IsolateInitializer; diff --git a/deps/v8/src/json-parser.h b/deps/v8/src/json-parser.h index c23e50dbb4d..19cffde0c9a 100644 --- a/deps/v8/src/json-parser.h +++ b/deps/v8/src/json-parser.h @@ -182,6 +182,9 @@ class JsonParser BASE_EMBEDDED { private: Zone* zone() { return &zone_; } + void CommitStateToJsonObject(Handle json_object, Handle map, + ZoneList >* properties); + Handle source_; int source_length_; Handle seq_source_; @@ -408,13 +411,7 @@ Handle JsonParser::ParseJsonObject() { } // Commit the intermediate state to the object and stop transitioning. - JSObject::AllocateStorageForMap(json_object, map); - int length = properties.length(); - for (int i = 0; i < length; i++) { - Handle value = properties[i]; - FieldIndex index = FieldIndex::ForPropertyIndex(*map, i); - json_object->FastPropertyAtPut(index, *value); - } + CommitStateToJsonObject(json_object, map, &properties); } else { key = ParseJsonInternalizedString(); if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter(); @@ -424,8 +421,7 @@ Handle JsonParser::ParseJsonObject() { if (value.is_null()) return ReportUnexpectedCharacter(); } - JSObject::SetOwnPropertyIgnoreAttributes( - json_object, key, value, NONE).Assert(); + Runtime::DefineObjectProperty(json_object, key, value, NONE).Check(); } while (MatchSkipWhiteSpace(',')); if (c0_ != '}') { return ReportUnexpectedCharacter(); @@ -433,19 +429,50 @@ Handle JsonParser::ParseJsonObject() { // If we transitioned until the very end, transition the map now. if (transitioning) { - JSObject::AllocateStorageForMap(json_object, map); - int length = properties.length(); - for (int i = 0; i < length; i++) { - Handle value = properties[i]; - FieldIndex index = FieldIndex::ForPropertyIndex(*map, i); - json_object->FastPropertyAtPut(index, *value); - } + CommitStateToJsonObject(json_object, map, &properties); } } AdvanceSkipWhitespace(); return scope.CloseAndEscape(json_object); } + +template +void JsonParser::CommitStateToJsonObject( + Handle json_object, Handle map, + ZoneList >* properties) { + JSObject::AllocateStorageForMap(json_object, map); + DCHECK(!json_object->map()->is_dictionary_map()); + + DisallowHeapAllocation no_gc; + Factory* factory = isolate()->factory(); + // If the |json_object|'s map is exactly the same as |map| then the + // |properties| values correspond to the |map| and nothing more has to be + // done. But if the |json_object|'s map is different then we have to + // iterate descriptors to ensure that properties still correspond to the + // map. + bool slow_case = json_object->map() != *map; + DescriptorArray* descriptors = NULL; + + int length = properties->length(); + if (slow_case) { + descriptors = json_object->map()->instance_descriptors(); + DCHECK(json_object->map()->NumberOfOwnDescriptors() == length); + } + for (int i = 0; i < length; i++) { + Handle value = (*properties)[i]; + if (slow_case && value->IsMutableHeapNumber() && + !descriptors->GetDetails(i).representation().IsDouble()) { + // Turn mutable heap numbers into immutable if the field representation + // is not double. + HeapNumber::cast(*value)->set_map(*factory->heap_number_map()); + } + FieldIndex index = FieldIndex::ForPropertyIndex(*map, i); + json_object->FastPropertyAtPut(index, *value); + } +} + + // Parse a JSON array. Position must be right at '['. template Handle JsonParser::ParseJsonArray() { diff --git a/deps/v8/src/lookup.h b/deps/v8/src/lookup.h index 2d609c5f666..923e8107fd3 100644 --- a/deps/v8/src/lookup.h +++ b/deps/v8/src/lookup.h @@ -47,7 +47,7 @@ class LookupIterator V8_FINAL BASE_EMBEDDED { LookupIterator(Handle receiver, Handle name, Configuration configuration = CHECK_ALL) - : configuration_(ComputeConfiguration(configuration, name)), + : configuration_(configuration), state_(NOT_FOUND), property_kind_(DATA), property_encoding_(DESCRIPTOR), @@ -66,7 +66,7 @@ class LookupIterator V8_FINAL BASE_EMBEDDED { Handle name, Handle holder, Configuration configuration = CHECK_ALL) - : configuration_(ComputeConfiguration(configuration, name)), + : configuration_(configuration), state_(NOT_FOUND), property_kind_(DATA), property_encoding_(DESCRIPTOR), @@ -187,15 +187,6 @@ class LookupIterator V8_FINAL BASE_EMBEDDED { return number_; } - static Configuration ComputeConfiguration( - Configuration configuration, Handle name) { - if (name->IsOwn()) { - return static_cast(configuration & CHECK_OWN); - } else { - return configuration; - } - } - Configuration configuration_; State state_; bool has_property_; diff --git a/deps/v8/src/math.js b/deps/v8/src/math.js index 13cdb31cdcf..f9139c65166 100644 --- a/deps/v8/src/math.js +++ b/deps/v8/src/math.js @@ -347,6 +347,26 @@ function MathExpm1(x) { } } +// ES6 draft 09-27-13, section 20.2.2.20. +// Use Taylor series to approximate. With y = x + 1; +// log(y) at 1 == log(1) + log'(1)(y-1)/1! + log''(1)(y-1)^2/2! + ... +// == 0 + x - x^2/2 + x^3/3 ... +// The closer x is to 0, the fewer terms are required. +function MathLog1p(x) { + if (!IS_NUMBER(x)) x = NonNumberToNumber(x); + var xabs = MathAbs(x); + if (xabs < 1E-7) { + return x * (1 - x * (1/2)); + } else if (xabs < 3E-5) { + return x * (1 - x * (1/2 - x * (1/3))); + } else if (xabs < 7E-3) { + return x * (1 - x * (1/2 - x * (1/3 - x * (1/4 - + x * (1/5 - x * (1/6 - x * (1/7))))))); + } else { // Use regular log if not close enough to 0. + return MathLog(1 + x); + } +} + // ------------------------------------------------------------------- function SetUpMath() { @@ -408,7 +428,7 @@ function SetUpMath() { "fround", MathFroundJS, "clz32", MathClz32, "cbrt", MathCbrt, - "log1p", MathLog1p, // implemented by third_party/fdlibm + "log1p", MathLog1p, "expm1", MathExpm1 )); diff --git a/deps/v8/src/objects-inl.h b/deps/v8/src/objects-inl.h index 7e1c5b1eb37..b81eeaee5ec 100644 --- a/deps/v8/src/objects-inl.h +++ b/deps/v8/src/objects-inl.h @@ -2920,9 +2920,6 @@ FixedArrayBase* Map::GetInitialElements() { GetHeap()->EmptyFixedTypedArrayForMap(this); DCHECK(!GetHeap()->InNewSpace(empty_array)); return empty_array; - } else if (has_dictionary_elements()) { - DCHECK(!GetHeap()->InNewSpace(GetHeap()->empty_slow_element_dictionary())); - return GetHeap()->empty_slow_element_dictionary(); } else { UNREACHABLE(); } @@ -3372,7 +3369,6 @@ bool Name::Equals(Handle one, Handle two) { ACCESSORS(Symbol, name, Object, kNameOffset) ACCESSORS(Symbol, flags, Smi, kFlagsOffset) BOOL_ACCESSORS(Symbol, flags, is_private, kPrivateBit) -BOOL_ACCESSORS(Symbol, flags, is_own, kOwnBit) bool String::Equals(String* other) { @@ -6497,10 +6493,6 @@ uint32_t Name::Hash() { return String::cast(this)->ComputeAndSetHash(); } -bool Name::IsOwn() { - return this->IsSymbol() && Symbol::cast(this)->is_own(); -} - StringHasher::StringHasher(int length, uint32_t seed) : length_(length), diff --git a/deps/v8/src/objects-printer.cc b/deps/v8/src/objects-printer.cc index 8fbe2182c51..5acd5e544db 100644 --- a/deps/v8/src/objects-printer.cc +++ b/deps/v8/src/objects-printer.cc @@ -430,8 +430,7 @@ void Symbol::SymbolPrint(OStream& os) { // NOLINT HeapObject::PrintHeader(os, "Symbol"); os << " - hash: " << Hash(); os << "\n - name: " << Brief(name()); - os << "\n - private: " << is_private(); - os << "\n - own: " << is_own(); + os << " - private: " << is_private(); os << "\n"; } diff --git a/deps/v8/src/objects.cc b/deps/v8/src/objects.cc index cfdb9ccb630..a994718bd07 100644 --- a/deps/v8/src/objects.cc +++ b/deps/v8/src/objects.cc @@ -693,7 +693,7 @@ void JSObject::SetNormalizedProperty(Handle object, Handle name, Handle value, PropertyDetails details) { - DCHECK(!object->HasFastProperties()); + CHECK(!object->HasFastProperties()); Handle property_dictionary(object->property_dictionary()); if (!name->IsUniqueName()) { @@ -3560,11 +3560,6 @@ void JSObject::LookupRealNamedProperty(Handle name, void JSObject::LookupRealNamedPropertyInPrototypes(Handle name, LookupResult* result) { - if (name->IsOwn()) { - result->NotFound(); - return; - } - DisallowHeapAllocation no_gc; Isolate* isolate = GetIsolate(); for (PrototypeIterator iter(isolate, this); !iter.IsAtEnd(); iter.Advance()) { @@ -4735,9 +4730,15 @@ void JSObject::MigrateSlowToFast(Handle object, void JSObject::ResetElements(Handle object) { - Heap* heap = object->GetIsolate()->heap(); - CHECK(object->map() != heap->sloppy_arguments_elements_map()); - object->set_elements(object->map()->GetInitialElements()); + Isolate* isolate = object->GetIsolate(); + CHECK(object->map() != isolate->heap()->sloppy_arguments_elements_map()); + if (object->map()->has_dictionary_elements()) { + Handle new_elements = + SeededNumberDictionary::New(isolate, 0); + object->set_elements(*new_elements); + } else { + object->set_elements(object->map()->GetInitialElements()); + } } @@ -6112,7 +6113,7 @@ void JSReceiver::LookupOwn( } js_object->LookupOwnRealNamedProperty(name, result); - if (result->IsFound() || name->IsOwn() || !search_hidden_prototypes) return; + if (result->IsFound() || !search_hidden_prototypes) return; PrototypeIterator iter(GetIsolate(), js_object); if (!iter.GetCurrent()->IsJSReceiver()) return; @@ -6131,10 +6132,6 @@ void JSReceiver::Lookup(Handle name, LookupResult* result) { !iter.IsAtEnd(); iter.Advance()) { JSReceiver::cast(iter.GetCurrent())->LookupOwn(name, result, false); if (result->IsFound()) return; - if (name->IsOwn()) { - result->NotFound(); - return; - } } result->NotFound(); } @@ -6874,25 +6871,26 @@ MaybeHandle JSObject::GetAccessor(Handle object, // interceptor calls. AssertNoContextChange ncc(isolate); - // Check access rights if needed. - if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(object, name, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); - RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); - return isolate->factory()->undefined_value(); - } - // Make the lookup and include prototypes. uint32_t index = 0; if (name->AsArrayIndex(&index)) { for (PrototypeIterator iter(isolate, object, PrototypeIterator::START_AT_RECEIVER); !iter.IsAtEnd(); iter.Advance()) { - if (PrototypeIterator::GetCurrent(iter)->IsJSObject() && - JSObject::cast(*PrototypeIterator::GetCurrent(iter)) - ->HasDictionaryElements()) { - JSObject* js_object = - JSObject::cast(*PrototypeIterator::GetCurrent(iter)); + Handle current = PrototypeIterator::GetCurrent(iter); + // Check access rights if needed. + if (current->IsAccessCheckNeeded() && + !isolate->MayNamedAccess(Handle::cast(current), name, + v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheck(Handle::cast(current), + v8::ACCESS_HAS); + RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); + return isolate->factory()->undefined_value(); + } + + if (current->IsJSObject() && + Handle::cast(current)->HasDictionaryElements()) { + JSObject* js_object = JSObject::cast(*current); SeededNumberDictionary* dictionary = js_object->element_dictionary(); int entry = dictionary->FindEntry(index); if (entry != SeededNumberDictionary::kNotFound) { @@ -6906,21 +6904,37 @@ MaybeHandle JSObject::GetAccessor(Handle object, } } } else { - for (PrototypeIterator iter(isolate, object, - PrototypeIterator::START_AT_RECEIVER); - !iter.IsAtEnd(); iter.Advance()) { - LookupResult result(isolate); - JSReceiver::cast(*PrototypeIterator::GetCurrent(iter)) - ->LookupOwn(name, &result); - if (result.IsFound()) { - if (result.IsReadOnly()) return isolate->factory()->undefined_value(); - if (result.IsPropertyCallbacks()) { - Object* obj = result.GetCallbackObject(); - if (obj->IsAccessorPair()) { - return handle(AccessorPair::cast(obj)->GetComponent(component), - isolate); + LookupIterator it(object, name, LookupIterator::SKIP_INTERCEPTOR); + for (; it.IsFound(); it.Next()) { + switch (it.state()) { + case LookupIterator::NOT_FOUND: + case LookupIterator::INTERCEPTOR: + UNREACHABLE(); + + case LookupIterator::ACCESS_CHECK: + if (it.HasAccess(v8::ACCESS_HAS)) continue; + isolate->ReportFailedAccessCheck(it.GetHolder(), + v8::ACCESS_HAS); + RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); + return isolate->factory()->undefined_value(); + + case LookupIterator::JSPROXY: + return isolate->factory()->undefined_value(); + + case LookupIterator::PROPERTY: + if (!it.HasProperty()) continue; + switch (it.property_kind()) { + case LookupIterator::DATA: + continue; + case LookupIterator::ACCESSOR: { + Handle maybe_pair = it.GetAccessors(); + if (maybe_pair->IsAccessorPair()) { + return handle( + AccessorPair::cast(*maybe_pair)->GetComponent(component), + isolate); + } + } } - } } } } @@ -11417,10 +11431,7 @@ void Code::Disassemble(const char* name, OStream& os) { // NOLINT os << "Instructions (size = " << instruction_size() << ")\n"; // TODO(svenpanne) The Disassembler should use streams, too! - { - CodeTracer::Scope trace_scope(GetIsolate()->GetCodeTracer()); - Disassembler::Decode(trace_scope.file(), this); - } + Disassembler::Decode(stdout, this); os << "\n"; if (kind() == FUNCTION) { diff --git a/deps/v8/src/objects.h b/deps/v8/src/objects.h index 2bb47e80f54..80442b46086 100644 --- a/deps/v8/src/objects.h +++ b/deps/v8/src/objects.h @@ -8954,9 +8954,6 @@ class Name: public HeapObject { // Conversion. inline bool AsArrayIndex(uint32_t* index); - // Whether name can only name own properties. - inline bool IsOwn(); - DECLARE_CAST(Name) DECLARE_PRINTER(Name) @@ -9032,10 +9029,6 @@ class Symbol: public Name { // [is_private]: whether this is a private symbol. DECL_BOOLEAN_ACCESSORS(is_private) - // [is_own]: whether this is an own symbol, that is, only used to designate - // own properties of objects. - DECL_BOOLEAN_ACCESSORS(is_own) - DECLARE_CAST(Symbol) // Dispatched behavior. @@ -9051,7 +9044,6 @@ class Symbol: public Name { private: static const int kPrivateBit = 0; - static const int kOwnBit = 1; DISALLOW_IMPLICIT_CONSTRUCTORS(Symbol); }; diff --git a/deps/v8/src/ostreams.cc b/deps/v8/src/ostreams.cc index 62304eb9081..0f5bec41d2b 100644 --- a/deps/v8/src/ostreams.cc +++ b/deps/v8/src/ostreams.cc @@ -3,7 +3,6 @@ // found in the LICENSE file. #include -#include #include #include "src/base/platform/platform.h" // For isinf/isnan with MSVC @@ -164,21 +163,11 @@ OFStream& OFStream::flush() { } -OStream& operator<<(OStream& os, const AsReversiblyEscapedUC16& c) { - char buf[10]; - const char* format = - (std::isprint(c.value) || std::isspace(c.value)) && c.value != '\\' - ? "%c" - : (c.value <= 0xff) ? "\\x%02x" : "\\u%04x"; - snprintf(buf, sizeof(buf), format, c.value); - return os << buf; -} - - OStream& operator<<(OStream& os, const AsUC16& c) { char buf[10]; - const char* format = - std::isprint(c.value) ? "%c" : (c.value <= 0xff) ? "\\x%02x" : "\\u%04x"; + const char* format = (0x20 <= c.value && c.value <= 0x7F) + ? "%c" + : (c.value <= 0xff) ? "\\x%02x" : "\\u%04x"; snprintf(buf, sizeof(buf), format, c.value); return os << buf; } diff --git a/deps/v8/src/ostreams.h b/deps/v8/src/ostreams.h index 08f53c52ac3..f70b6de230d 100644 --- a/deps/v8/src/ostreams.h +++ b/deps/v8/src/ostreams.h @@ -117,26 +117,13 @@ class OFStream: public OStream { }; -// Wrappers to disambiguate uint16_t and uc16. +// A wrapper to disambiguate uint16_t and uc16. struct AsUC16 { explicit AsUC16(uint16_t v) : value(v) {} uint16_t value; }; -struct AsReversiblyEscapedUC16 { - explicit AsReversiblyEscapedUC16(uint16_t v) : value(v) {} - uint16_t value; -}; - - -// Writes the given character to the output escaping everything outside of -// printable/space ASCII range. Additionally escapes '\' making escaping -// reversible. -OStream& operator<<(OStream& os, const AsReversiblyEscapedUC16& c); - -// Writes the given character to the output escaping everything outside -// of printable ASCII range. OStream& operator<<(OStream& os, const AsUC16& c); } } // namespace v8::internal diff --git a/deps/v8/src/property-details-inl.h b/deps/v8/src/property-details-inl.h index eaa596f9daf..efb27b31914 100644 --- a/deps/v8/src/property-details-inl.h +++ b/deps/v8/src/property-details-inl.h @@ -13,18 +13,6 @@ namespace v8 { namespace internal { -inline bool Representation::CanContainDouble(double value) { - if (IsDouble() || is_more_general_than(Representation::Double())) { - return true; - } - if (IsInt32Double(value)) { - if (IsInteger32()) return true; - if (IsSmi()) return Smi::IsValid(static_cast(value)); - } - return false; -} - - Representation Representation::FromType(Type* type) { DisallowHeapAllocation no_allocation; if (type->Is(Type::None())) return Representation::None(); diff --git a/deps/v8/src/property-details.h b/deps/v8/src/property-details.h index 7eb2e4ea9da..c5f6a8ee13a 100644 --- a/deps/v8/src/property-details.h +++ b/deps/v8/src/property-details.h @@ -124,8 +124,6 @@ class Representation { return other.is_more_general_than(*this) || other.Equals(*this); } - bool CanContainDouble(double value); - Representation generalize(Representation other) { if (other.fits_into(*this)) return *this; if (other.is_more_general_than(*this)) return other; diff --git a/deps/v8/src/runtime.cc b/deps/v8/src/runtime.cc index 1fbedc6adc3..d29c861017b 100644 --- a/deps/v8/src/runtime.cc +++ b/deps/v8/src/runtime.cc @@ -608,17 +608,6 @@ RUNTIME_FUNCTION(Runtime_CreatePrivateSymbol) { } -RUNTIME_FUNCTION(Runtime_CreatePrivateOwnSymbol) { - HandleScope scope(isolate); - DCHECK(args.length() == 1); - CONVERT_ARG_HANDLE_CHECKED(Object, name, 0); - RUNTIME_ASSERT(name->IsString() || name->IsUndefined()); - Handle symbol = isolate->factory()->NewPrivateOwnSymbol(); - if (name->IsString()) symbol->set_name(*name); - return *symbol; -} - - RUNTIME_FUNCTION(Runtime_CreateGlobalPrivateSymbol) { HandleScope scope(isolate); DCHECK(args.length() == 1); @@ -9767,59 +9756,6 @@ bool CodeGenerationFromStringsAllowed(Isolate* isolate, } -// Walk up the stack expecting: -// - Runtime_CompileString -// - JSFunction callee (eval, Function constructor, etc) -// - call() (maybe) -// - apply() (maybe) -// - bind() (maybe) -// - JSFunction caller (maybe) -// -// return true if the caller has the same security token as the callee -// or if an exit frame was hit, in which case allow it through, as it could -// have come through the api. -static bool TokensMatchForCompileString(Isolate* isolate) { - MaybeHandle callee; - bool exit_handled = true; - bool tokens_match = true; - bool done = false; - for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) { - StackFrame* raw_frame = it.frame(); - if (!raw_frame->is_java_script()) { - if (raw_frame->is_exit()) exit_handled = false; - continue; - } - JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame); - List frames(FLAG_max_inlining_levels + 1); - outer_frame->Summarize(&frames); - for (int i = frames.length() - 1; i >= 0 && !done; --i) { - FrameSummary& frame = frames[i]; - Handle fun = frame.function(); - // Capture the callee function. - if (callee.is_null()) { - callee = fun; - exit_handled = true; - continue; - } - // Exit condition. - Handle context(callee.ToHandleChecked()->context()); - if (!fun->context()->HasSameSecurityTokenAs(*context)) { - tokens_match = false; - done = true; - continue; - } - // Skip bound functions in correct origin. - if (fun->shared()->bound()) { - exit_handled = true; - continue; - } - done = true; - } - } - return !exit_handled || tokens_match; -} - - RUNTIME_FUNCTION(Runtime_CompileString) { HandleScope scope(isolate); DCHECK(args.length() == 2); @@ -9829,11 +9765,6 @@ RUNTIME_FUNCTION(Runtime_CompileString) { // Extract native context. Handle context(isolate->native_context()); - // Filter cross security context calls. - if (!TokensMatchForCompileString(isolate)) { - return isolate->heap()->undefined_value(); - } - // Check if native context allows code generation from // strings. Throw an exception if it doesn't. if (context->allow_code_gen_from_strings()->IsFalse() && @@ -10541,10 +10472,10 @@ RUNTIME_FUNCTION(Runtime_ArrayConcat) { Handle storage = isolate->factory()->NewFixedDoubleArray(estimate_result_length); int j = 0; + bool failure = false; if (estimate_result_length > 0) { Handle double_storage = Handle::cast(storage); - bool failure = false; for (int i = 0; i < argument_count; i++) { Handle obj(elements->get(i), isolate); if (obj->IsSmi()) { @@ -10565,6 +10496,11 @@ RUNTIME_FUNCTION(Runtime_ArrayConcat) { FixedDoubleArray::cast(array->elements()); for (uint32_t i = 0; i < length; i++) { if (elements->is_the_hole(i)) { + // TODO(jkummerow/verwaest): We could be a bit more clever + // here: Check if there are no elements/getters on the + // prototype chain, and if so, allow creation of a holey + // result array. + // Same thing below (holey smi case). failure = true; break; } @@ -10591,6 +10527,7 @@ RUNTIME_FUNCTION(Runtime_ArrayConcat) { break; } case FAST_HOLEY_ELEMENTS: + case FAST_ELEMENTS: DCHECK_EQ(0, length); break; default: @@ -10600,14 +10537,17 @@ RUNTIME_FUNCTION(Runtime_ArrayConcat) { if (failure) break; } } - Handle array = isolate->factory()->NewJSArray(0); - Smi* length = Smi::FromInt(j); - Handle map; - map = JSObject::GetElementsTransitionMap(array, kind); - array->set_map(*map); - array->set_length(length); - array->set_elements(*storage); - return *array; + if (!failure) { + Handle array = isolate->factory()->NewJSArray(0); + Smi* length = Smi::FromInt(j); + Handle map; + map = JSObject::GetElementsTransitionMap(array, kind); + array->set_map(*map); + array->set_length(length); + array->set_elements(*storage); + return *array; + } + // In case of failure, fall through. } Handle storage; diff --git a/deps/v8/src/runtime.h b/deps/v8/src/runtime.h index 4a78edb897d..93185cc82fc 100644 --- a/deps/v8/src/runtime.h +++ b/deps/v8/src/runtime.h @@ -260,7 +260,6 @@ namespace internal { F(CreateSymbol, 1, 1) \ F(CreatePrivateSymbol, 1, 1) \ F(CreateGlobalPrivateSymbol, 1, 1) \ - F(CreatePrivateOwnSymbol, 1, 1) \ F(NewSymbolWrapper, 1, 1) \ F(SymbolDescription, 1, 1) \ F(SymbolRegistry, 0, 1) \ diff --git a/deps/v8/src/unique.h b/deps/v8/src/unique.h index ffc659fa10a..373a5bea8a5 100644 --- a/deps/v8/src/unique.h +++ b/deps/v8/src/unique.h @@ -174,7 +174,7 @@ class PrintableUnique : public Unique { return PrintableUnique(zone, reinterpret_cast
(*handle), handle); } - const char* string() const { return string_; } + const char* string() { return string_; } private: const char* string_; diff --git a/deps/v8/src/v8natives.js b/deps/v8/src/v8natives.js index 9612f16f961..1353f885ae4 100644 --- a/deps/v8/src/v8natives.js +++ b/deps/v8/src/v8natives.js @@ -1855,9 +1855,7 @@ function FunctionConstructor(arg1) { // length == 1 var global_proxy = %GlobalProxy(global); // Compile the string in the constructor and not a helper so that errors // appear to come from here. - var f = %CompileString(source, true); - if (!IS_FUNCTION(f)) return f; - f = %_CallFunction(global_proxy, f); + var f = %_CallFunction(global_proxy, %CompileString(source, true)); %FunctionMarkNameShouldPrintAsAnonymous(f); return f; } diff --git a/deps/v8/src/version.cc b/deps/v8/src/version.cc index c6f087d04b5..28b9de3a7a9 100644 --- a/deps/v8/src/version.cc +++ b/deps/v8/src/version.cc @@ -34,8 +34,8 @@ // system so their names cannot be changed without changing the scripts. #define MAJOR_VERSION 3 #define MINOR_VERSION 28 -#define BUILD_NUMBER 73 -#define PATCH_LEVEL 0 +#define BUILD_NUMBER 71 +#define PATCH_LEVEL 19 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 diff --git a/deps/v8/test/benchmarks/benchmarks.status b/deps/v8/test/benchmarks/benchmarks.status index 1afd5eca247..8dab238b182 100644 --- a/deps/v8/test/benchmarks/benchmarks.status +++ b/deps/v8/test/benchmarks/benchmarks.status @@ -25,11 +25,14 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + [ [ALWAYS, { - # Too slow in Debug mode. - 'octane/mandreel': [PASS, ['mode == debug', SKIP]], + # Too slow in Debug mode. TODO(mstarzinger): Too slow for TF. + 'octane/mandreel': [PASS, NO_VARIANTS, ['mode == debug', SKIP]], # TODO(mstarzinger,ishell): Timeout with TF in predictable mode. 'octane/richards': [PASS, NO_VARIANTS], + # TODO(mstarzinger): Out of mem with TF. + 'octane/zlib': [PASS, NO_VARIANTS], }], # ALWAYS ] diff --git a/deps/v8/test/cctest/compiler/graph-builder-tester.cc b/deps/v8/test/cctest/compiler/graph-builder-tester.cc index fb6e4a28ce9..2aaaf892740 100644 --- a/deps/v8/test/cctest/compiler/graph-builder-tester.cc +++ b/deps/v8/test/cctest/compiler/graph-builder-tester.cc @@ -31,7 +31,6 @@ void MachineCallHelper::InitParameters(GraphBuilder* builder, byte* MachineCallHelper::Generate() { DCHECK(parameter_count() == 0 || parameters_ != NULL); - if (!Pipeline::SupportedBackend()) return NULL; if (code_.is_null()) { Zone* zone = graph_->zone(); CompilationInfo info(zone->isolate(), zone); diff --git a/deps/v8/test/cctest/compiler/test-representation-change.cc b/deps/v8/test/cctest/compiler/test-representation-change.cc index 092a5f7d90c..d28cf4b4b82 100644 --- a/deps/v8/test/cctest/compiler/test-representation-change.cc +++ b/deps/v8/test/cctest/compiler/test-representation-change.cc @@ -192,11 +192,18 @@ TEST(SingleChanges) { TEST(SignednessInWord32) { RepresentationChangerTester r; - // TODO(titzer): assume that uses of a word32 without a sign mean tInt32. - CheckChange(IrOpcode::kChangeTaggedToInt32, rTagged, rWord32 | tInt32); - CheckChange(IrOpcode::kChangeTaggedToUint32, rTagged, rWord32 | tUint32); - CheckChange(IrOpcode::kChangeInt32ToFloat64, rWord32, rFloat64); - CheckChange(IrOpcode::kChangeFloat64ToInt32, rFloat64, rWord32); + // TODO(titzer): these are currently type errors because the output type is + // not specified. Maybe the RepresentationChanger should assume anything to or + // from {rWord32} is {tInt32}, i.e. signed, if not it is explicitly otherwise? + r.CheckTypeError(rTagged, rWord32 | tInt32); + r.CheckTypeError(rTagged, rWord32 | tUint32); + r.CheckTypeError(rWord32, rFloat64); + r.CheckTypeError(rFloat64, rWord32); + + // CheckChange(IrOpcode::kChangeTaggedToInt32, rTagged, rWord32 | tInt32); + // CheckChange(IrOpcode::kChangeTaggedToUint32, rTagged, rWord32 | tUint32); + // CheckChange(IrOpcode::kChangeInt32ToFloat64, rWord32, rFloat64); + // CheckChange(IrOpcode::kChangeFloat64ToInt32, rFloat64, rWord32); } diff --git a/deps/v8/test/cctest/compiler/test-simplified-lowering.cc b/deps/v8/test/cctest/compiler/test-simplified-lowering.cc index 18f4136b904..62101981564 100644 --- a/deps/v8/test/cctest/compiler/test-simplified-lowering.cc +++ b/deps/v8/test/cctest/compiler/test-simplified-lowering.cc @@ -114,9 +114,9 @@ TEST(RunLoadMap) { t.Return(load); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle src = TestObject(); Handle src_map(src->map()); Object* result = t.Call(*src); // TODO(titzer): raw pointers in call @@ -132,9 +132,9 @@ TEST(RunStoreMap) { t.Return(t.jsgraph.TrueConstant()); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle src = TestObject(); Handle src_map(src->map()); Handle dst = TestObject(); @@ -152,9 +152,9 @@ TEST(RunLoadProperties) { t.Return(load); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle src = TestObject(); Handle src_props(src->properties()); Object* result = t.Call(*src); // TODO(titzer): raw pointers in call @@ -171,9 +171,9 @@ TEST(RunLoadStoreMap) { t.Return(load); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle src = TestObject(); Handle src_map(src->map()); Handle dst = TestObject(); @@ -194,9 +194,9 @@ TEST(RunLoadStoreFixedArrayIndex) { t.Return(load); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle array = t.factory()->NewFixedArray(2); Handle src = TestObject(); Handle dst = TestObject(); @@ -223,9 +223,9 @@ TEST(RunLoadStoreArrayBuffer) { t.Return(t.jsgraph.TrueConstant()); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Handle array = t.factory()->NewJSArrayBuffer(); const int array_length = 2 * index; Runtime::SetupArrayBufferAllocatingData(t.isolate(), array, array_length); @@ -407,9 +407,9 @@ class AccessTester : public HandleAndZoneScope { t.StoreElement(access, ptr, t.Int32Constant(to_index), load); t.Return(t.jsgraph.TrueConstant()); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Object* result = t.Call(); CHECK_EQ(t.isolate()->heap()->true_value(), result); } @@ -429,9 +429,9 @@ class AccessTester : public HandleAndZoneScope { t.StoreField(to_access, ptr, load); t.Return(t.jsgraph.TrueConstant()); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Object* result = t.Call(); CHECK_EQ(t.isolate()->heap()->true_value(), result); } @@ -468,9 +468,9 @@ class AccessTester : public HandleAndZoneScope { index = t.environment()->Pop(); t.Return(t.jsgraph.TrueConstant()); t.LowerAllNodes(); - t.GenerateCode(); if (Pipeline::SupportedTarget()) { + t.GenerateCode(); Object* result = t.Call(); CHECK_EQ(t.isolate()->heap()->true_value(), result); } @@ -707,7 +707,7 @@ class TestingGraph : public HandleAndZoneScope, public GraphAndBuilders { Node* tb = graph()->NewNode(common()->IfTrue(), br); Node* fb = graph()->NewNode(common()->IfFalse(), br); Node* m = graph()->NewNode(common()->Merge(2), tb, fb); - NodeProperties::ReplaceControlInput(ret, m); + ret->ReplaceInput(NodeProperties::FirstControlIndex(ret), m); return br; } diff --git a/deps/v8/test/cctest/test-api.cc b/deps/v8/test/cctest/test-api.cc index 9ddc9db71df..2ac657d7f97 100644 --- a/deps/v8/test/cctest/test-api.cc +++ b/deps/v8/test/cctest/test-api.cc @@ -22736,32 +22736,6 @@ TEST(ScriptNameAndLineNumber) { } -Local call_eval_context; -Local call_eval_bound_function; -static void CallEval(const v8::FunctionCallbackInfo& args) { - v8::Context::Scope scope(call_eval_context); - args.GetReturnValue().Set( - call_eval_bound_function->Call(call_eval_context->Global(), 0, NULL)); -} - - -TEST(CrossActivationEval) { - LocalContext env; - v8::Isolate* isolate = env->GetIsolate(); - v8::HandleScope scope(isolate); - { - call_eval_context = v8::Context::New(isolate); - v8::Context::Scope scope(call_eval_context); - call_eval_bound_function = - Local::Cast(CompileRun("eval.bind(this, '1')")); - } - env->Global()->Set(v8_str("CallEval"), - v8::FunctionTemplate::New(isolate, CallEval)->GetFunction()); - Local result = CompileRun("CallEval();"); - CHECK_EQ(result, v8::Integer::New(isolate, 1)); -} - - void SourceURLHelper(const char* source, const char* expected_source_url, const char* expected_source_mapping_url) { Local