Browse Source

deps: update V8 to 5.4.500.31

PR-URL: https://github.com/nodejs/node/pull/8852
Reviewed-By: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
v6
Michaël Zasso 8 years ago
parent
commit
039f0c3fc5
  1. 2
      deps/v8/include/v8-version.h
  2. 10
      deps/v8/src/api.h
  3. 7
      deps/v8/src/builtins/builtins.cc
  4. 4
      deps/v8/src/compiler/access-info.cc
  5. 5
      deps/v8/src/compiler/arm/code-generator-arm.cc
  6. 5
      deps/v8/src/compiler/arm64/code-generator-arm64.cc
  7. 4
      deps/v8/src/compiler/ast-loop-assignment-analyzer.cc
  8. 15
      deps/v8/src/compiler/code-generator.cc
  9. 3
      deps/v8/src/compiler/code-generator.h
  10. 11
      deps/v8/src/compiler/ia32/code-generator-ia32.cc
  11. 5
      deps/v8/src/compiler/mips/code-generator-mips.cc
  12. 5
      deps/v8/src/compiler/mips64/code-generator-mips64.cc
  13. 5
      deps/v8/src/compiler/ppc/code-generator-ppc.cc
  14. 5
      deps/v8/src/compiler/s390/code-generator-s390.cc
  15. 5
      deps/v8/src/compiler/x64/code-generator-x64.cc
  16. 11
      deps/v8/src/compiler/x87/code-generator-x87.cc
  17. 22
      deps/v8/test/mjsunit/compiler/regress-645179.js
  18. 14
      deps/v8/test/mjsunit/regress/regress-crbug-647887.js
  19. 17
      deps/v8/test/mjsunit/regress/regress-crbug-648539.js

2
deps/v8/include/v8-version.h

@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 5
#define V8_MINOR_VERSION 4
#define V8_BUILD_NUMBER 500
#define V8_PATCH_LEVEL 27
#define V8_PATCH_LEVEL 31
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)

10
deps/v8/src/api.h

@ -389,6 +389,7 @@ class HandleScopeImplementer {
call_depth_(0),
microtasks_depth_(0),
microtasks_suppressions_(0),
entered_context_count_during_microtasks_(0),
#ifdef DEBUG
debug_microtasks_depth_(0),
#endif
@ -454,6 +455,11 @@ class HandleScopeImplementer {
inline void EnterMicrotaskContext(Handle<Context> context);
inline void LeaveMicrotaskContext();
inline Handle<Context> MicrotaskContext();
inline bool MicrotaskContextIsLastEnteredContext() const {
return microtask_context_ &&
entered_context_count_during_microtasks_ ==
entered_contexts_.length();
}
inline void SaveContext(Context* context);
inline Context* RestoreContext();
@ -474,6 +480,7 @@ class HandleScopeImplementer {
entered_contexts_.Initialize(0);
saved_contexts_.Initialize(0);
microtask_context_ = nullptr;
entered_context_count_during_microtasks_ = 0;
spare_ = NULL;
last_handle_before_deferred_block_ = NULL;
call_depth_ = 0;
@ -508,6 +515,7 @@ class HandleScopeImplementer {
int call_depth_;
int microtasks_depth_;
int microtasks_suppressions_;
int entered_context_count_during_microtasks_;
#ifdef DEBUG
int debug_microtasks_depth_;
#endif
@ -579,11 +587,13 @@ Handle<Context> HandleScopeImplementer::LastEnteredContext() {
void HandleScopeImplementer::EnterMicrotaskContext(Handle<Context> context) {
DCHECK(!microtask_context_);
microtask_context_ = *context;
entered_context_count_during_microtasks_ = entered_contexts_.length();
}
void HandleScopeImplementer::LeaveMicrotaskContext() {
DCHECK(microtask_context_);
microtask_context_ = nullptr;
entered_context_count_during_microtasks_ = 0;
}
Handle<Context> HandleScopeImplementer::MicrotaskContext() {

7
deps/v8/src/builtins/builtins.cc

@ -280,14 +280,13 @@ bool Builtins::AllowDynamicFunction(Isolate* isolate, Handle<JSFunction> target,
Handle<JSObject> target_global_proxy) {
if (FLAG_allow_unsafe_function_constructor) return true;
HandleScopeImplementer* impl = isolate->handle_scope_implementer();
Handle<Context> responsible_context = impl->LastEnteredContext();
if (responsible_context.is_null()) {
responsible_context = impl->MicrotaskContext();
Handle<Context> responsible_context =
impl->MicrotaskContextIsLastEnteredContext() ? impl->MicrotaskContext()
: impl->LastEnteredContext();
// TODO(jochen): Remove this.
if (responsible_context.is_null()) {
return true;
}
}
if (*responsible_context == target->context()) return true;
return isolate->MayAccess(responsible_context, target_global_proxy);
}

4
deps/v8/src/compiler/access-info.cc

@ -312,7 +312,9 @@ bool AccessInfoFactory::ComputePropertyAccessInfo(
isolate());
dependencies()->AssumeFieldType(field_owner_map);
}
DCHECK(field_type->Is(Type::TaggedPointer()));
if (access_mode == AccessMode::kLoad) {
field_type = Type::Any();
}
}
*access_info = PropertyAccessInfo::DataField(
MapList{receiver_map}, field_index, field_type, holder);

5
deps/v8/src/compiler/arm/code-generator-arm.cc

@ -1878,10 +1878,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ ldr(dst, g.SlotToMemOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ Move(dst, src_object);

5
deps/v8/src/compiler/arm64/code-generator-arm64.cc

@ -1939,10 +1939,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
if (src.type() == Constant::kHeapObject) {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ Ldr(dst, g.SlotToMemOperand(slot, masm()));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ LoadObject(dst, src_object);

4
deps/v8/src/compiler/ast-loop-assignment-analyzer.cc

@ -252,10 +252,12 @@ void ALAA::VisitForStatement(ForStatement* loop) {
void ALAA::VisitForInStatement(ForInStatement* loop) {
Expression* l = loop->each();
Enter(loop);
Visit(loop->each());
Visit(l);
Visit(loop->subject());
Visit(loop->body());
if (l->IsVariableProxy()) AnalyzeAssignment(l->AsVariableProxy()->var());
Exit(loop);
}

15
deps/v8/src/compiler/code-generator.cc

@ -278,21 +278,6 @@ void CodeGenerator::RecordSafepoint(ReferenceMap* references,
}
}
bool CodeGenerator::IsMaterializableFromFrame(Handle<HeapObject> object,
int* slot_return) {
if (linkage()->GetIncomingDescriptor()->IsJSFunctionCall()) {
if (object.is_identical_to(info()->context()) && !info()->is_osr()) {
*slot_return = Frame::kContextSlot;
return true;
} else if (object.is_identical_to(info()->closure())) {
*slot_return = Frame::kJSFunctionSlot;
return true;
}
}
return false;
}
bool CodeGenerator::IsMaterializableFromRoot(
Handle<HeapObject> object, Heap::RootListIndex* index_return) {
const CallDescriptor* incoming_descriptor =

3
deps/v8/src/compiler/code-generator.h

@ -84,9 +84,6 @@ class CodeGenerator final : public GapResolver::Assembler {
void RecordSafepoint(ReferenceMap* references, Safepoint::Kind kind,
int arguments, Safepoint::DeoptMode deopt_mode);
// Check if a heap object can be materialized by loading from the frame, which
// is usually way cheaper than materializing the actual heap object constant.
bool IsMaterializableFromFrame(Handle<HeapObject> object, int* slot_return);
// Check if a heap object can be materialized by loading from a heap root,
// which is cheaper on some platforms than materializing the actual heap
// object constant.

11
deps/v8/src/compiler/ia32/code-generator-ia32.cc

@ -2040,18 +2040,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
Constant src_constant = g.ToConstant(source);
if (src_constant.type() == Constant::kHeapObject) {
Handle<HeapObject> src = src_constant.ToHeapObject();
int slot;
if (IsMaterializableFromFrame(src, &slot)) {
if (destination->IsRegister()) {
Register dst = g.ToRegister(destination);
__ mov(dst, g.SlotToOperand(slot));
} else {
DCHECK(destination->IsStackSlot());
Operand dst = g.ToOperand(destination);
__ push(g.SlotToOperand(slot));
__ pop(dst);
}
} else if (destination->IsRegister()) {
Register dst = g.ToRegister(destination);
__ LoadHeapObject(dst, src);
} else {

5
deps/v8/src/compiler/mips/code-generator-mips.cc

@ -2013,10 +2013,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ lw(dst, g.SlotToMemOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ li(dst, src_object);

5
deps/v8/src/compiler/mips64/code-generator-mips64.cc

@ -2335,10 +2335,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ ld(dst, g.SlotToMemOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ li(dst, src_object);

5
deps/v8/src/compiler/ppc/code-generator-ppc.cc

@ -2277,10 +2277,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ LoadP(dst, g.SlotToMemOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ Move(dst, src_object);

5
deps/v8/src/compiler/s390/code-generator-s390.cc

@ -2382,10 +2382,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ LoadP(dst, g.SlotToMemOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ Move(dst, src_object);

5
deps/v8/src/compiler/x64/code-generator-x64.cc

@ -2477,10 +2477,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
case Constant::kHeapObject: {
Handle<HeapObject> src_object = src.ToHeapObject();
Heap::RootListIndex index;
int slot;
if (IsMaterializableFromFrame(src_object, &slot)) {
__ movp(dst, g.SlotToOperand(slot));
} else if (IsMaterializableFromRoot(src_object, &index)) {
if (IsMaterializableFromRoot(src_object, &index)) {
__ LoadRoot(dst, index);
} else {
__ Move(dst, src_object);

11
deps/v8/src/compiler/x87/code-generator-x87.cc

@ -2520,18 +2520,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source,
Constant src_constant = g.ToConstant(source);
if (src_constant.type() == Constant::kHeapObject) {
Handle<HeapObject> src = src_constant.ToHeapObject();
int slot;
if (IsMaterializableFromFrame(src, &slot)) {
if (destination->IsRegister()) {
Register dst = g.ToRegister(destination);
__ mov(dst, g.SlotToOperand(slot));
} else {
DCHECK(destination->IsStackSlot());
Operand dst = g.ToOperand(destination);
__ push(g.SlotToOperand(slot));
__ pop(dst);
}
} else if (destination->IsRegister()) {
Register dst = g.ToRegister(destination);
__ LoadHeapObject(dst, src);
} else {

22
deps/v8/test/mjsunit/compiler/regress-645179.js

@ -0,0 +1,22 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function foo(a) {
return a.x === a.y;
}
function A() { }
var o = new A;
var a = {x: o}
o.x = 0;
a.y = o;
assertTrue(foo(a));
assertTrue(foo(a));
%OptimizeFunctionOnNextCall(foo);
assertTrue(foo(a));

14
deps/v8/test/mjsunit/regress/regress-crbug-647887.js

@ -0,0 +1,14 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function f(obj) {
var key;
for (key in obj) { }
return key === undefined;
}
%OptimizeFunctionOnNextCall(f);
assertFalse(f({ foo:0 }));

17
deps/v8/test/mjsunit/regress/regress-crbug-648539.js

@ -0,0 +1,17 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --harmony-tailcalls
function f() {
"use strict";
return undefined(0, 0);
}
function g() {
return f();
}
assertThrows(g, TypeError);
assertThrows(g, TypeError);
%OptimizeFunctionOnNextCall(g);
assertThrows(g, TypeError);
Loading…
Cancel
Save