diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index a2abfc0485..01b10d1d68 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 4 #define V8_BUILD_NUMBER 500 -#define V8_PATCH_LEVEL 36 +#define V8_PATCH_LEVEL 41 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/bailout-reason.h b/deps/v8/src/bailout-reason.h index 0966334ffa..df47eb82b7 100644 --- a/deps/v8/src/bailout-reason.h +++ b/deps/v8/src/bailout-reason.h @@ -257,6 +257,7 @@ namespace internal { V(kUnexpectedReturnFromThrow, "Unexpectedly returned from a throw") \ V(kUnsupportedSwitchStatement, "Unsupported switch statement") \ V(kUnsupportedTaggedImmediate, "Unsupported tagged immediate") \ + V(kUnstableConstantTypeHeapObject, "Unstable constant-type heap object") \ V(kVariableResolvedToWithContext, "Variable resolved to with context") \ V(kWeShouldNotHaveAnEmptyLexicalContext, \ "We should not have an empty lexical context") \ diff --git a/deps/v8/src/code-stubs.h b/deps/v8/src/code-stubs.h index 36757c41c6..4793d74f96 100644 --- a/deps/v8/src/code-stubs.h +++ b/deps/v8/src/code-stubs.h @@ -1160,6 +1160,8 @@ class FastNewClosureStub : public TurboFanCodeStub { class FastNewFunctionContextStub final : public TurboFanCodeStub { public: + static const int kMaximumSlots = 0x8000; + explicit FastNewFunctionContextStub(Isolate* isolate) : TurboFanCodeStub(isolate) {} @@ -1169,6 +1171,11 @@ class FastNewFunctionContextStub final : public TurboFanCodeStub { compiler::Node* context); private: + // FastNewFunctionContextStub can only allocate closures which fit in the + // new space. + STATIC_ASSERT(((kMaximumSlots + Context::MIN_CONTEXT_SLOTS) * kPointerSize + + FixedArray::kHeaderSize) < Page::kMaxRegularHeapObjectSize); + DEFINE_CALL_INTERFACE_DESCRIPTOR(FastNewFunctionContext); DEFINE_TURBOFAN_CODE_STUB(FastNewFunctionContext, TurboFanCodeStub); }; diff --git a/deps/v8/src/compiler/js-generic-lowering.cc b/deps/v8/src/compiler/js-generic-lowering.cc index 69526cd7ea..812d3e7bce 100644 --- a/deps/v8/src/compiler/js-generic-lowering.cc +++ b/deps/v8/src/compiler/js-generic-lowering.cc @@ -444,9 +444,13 @@ void JSGenericLowering::LowerJSCreateFunctionContext(Node* node) { int const slot_count = OpParameter(node->op()); CallDescriptor::Flags flags = FrameStateFlagForCall(node); - Callable callable = CodeFactory::FastNewFunctionContext(isolate()); - node->InsertInput(zone(), 1, jsgraph()->Int32Constant(slot_count)); - ReplaceWithStubCall(node, callable, flags); + if (slot_count <= FastNewFunctionContextStub::kMaximumSlots) { + Callable callable = CodeFactory::FastNewFunctionContext(isolate()); + node->InsertInput(zone(), 1, jsgraph()->Int32Constant(slot_count)); + ReplaceWithStubCall(node, callable, flags); + } else { + ReplaceWithRuntimeCall(node, Runtime::kNewFunctionContext); + } } diff --git a/deps/v8/src/compiler/js-global-object-specialization.cc b/deps/v8/src/compiler/js-global-object-specialization.cc index 5ced04e9c1..2b4bf1c019 100644 --- a/deps/v8/src/compiler/js-global-object-specialization.cc +++ b/deps/v8/src/compiler/js-global-object-specialization.cc @@ -181,13 +181,18 @@ Reduction JSGlobalObjectSpecialization::ReduceJSStoreGlobal(Node* node) { dependencies()->AssumePropertyCell(property_cell); Type* property_cell_value_type; if (property_cell_value->IsHeapObject()) { + // We cannot do anything if the {property_cell_value}s map is no + // longer stable. + Handle property_cell_value_map( + Handle::cast(property_cell_value)->map(), isolate()); + if (!property_cell_value_map->is_stable()) return NoChange(); + dependencies()->AssumeMapStable(property_cell_value_map); + // Check that the {value} is a HeapObject. value = effect = graph()->NewNode(simplified()->CheckTaggedPointer(), value, effect, control); // Check {value} map agains the {property_cell} map. - Handle property_cell_value_map( - Handle::cast(property_cell_value)->map(), isolate()); effect = graph()->NewNode( simplified()->CheckMaps(1), value, jsgraph()->HeapConstant(property_cell_value_map), effect, control); diff --git a/deps/v8/src/compiler/simplified-lowering.cc b/deps/v8/src/compiler/simplified-lowering.cc index de64de3e1f..d698fe9269 100644 --- a/deps/v8/src/compiler/simplified-lowering.cc +++ b/deps/v8/src/compiler/simplified-lowering.cc @@ -2977,7 +2977,7 @@ Node* SimplifiedLowering::Float64Sign(Node* const node) { graph()->NewNode( common()->Select(MachineRepresentation::kFloat64), graph()->NewNode(machine()->Float64LessThan(), zero, input), one, - zero)); + input)); } Node* SimplifiedLowering::Int32Abs(Node* const node) { diff --git a/deps/v8/src/compiler/typer.cc b/deps/v8/src/compiler/typer.cc index 0d07053ded..b4051e5547 100644 --- a/deps/v8/src/compiler/typer.cc +++ b/deps/v8/src/compiler/typer.cc @@ -1321,7 +1321,7 @@ Type* Typer::Visitor::JSCallFunctionTyper(Type* fun, Typer* t) { case kMathTan: return Type::Number(); case kMathSign: - return t->cache_.kMinusOneToOne; + return t->cache_.kMinusOneToOneOrMinusZeroOrNaN; // Binary math functions. case kMathAtan2: case kMathPow: diff --git a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc index 072215d5fc..ee3e54b604 100644 --- a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc +++ b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc @@ -164,11 +164,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc index b5e1245f3a..ce5813b1e1 100644 --- a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc +++ b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc @@ -595,11 +595,16 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(x1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); // Context is returned in x0. It replaces the context passed to us. It's diff --git a/deps/v8/src/crankshaft/hydrogen.cc b/deps/v8/src/crankshaft/hydrogen.cc index 240101eeeb..a33d2a6120 100644 --- a/deps/v8/src/crankshaft/hydrogen.cc +++ b/deps/v8/src/crankshaft/hydrogen.cc @@ -6899,11 +6899,19 @@ void HOptimizedGraphBuilder::HandleGlobalVariableAssignment( access = access.WithRepresentation(Representation::Smi()); break; case PropertyCellConstantType::kStableMap: { - // The map may no longer be stable, deopt if it's ever different from - // what is currently there, which will allow for restablization. - Handle map(HeapObject::cast(cell->value())->map()); + // First check that the previous value of the {cell} still has the + // map that we are about to check the new {value} for. If not, then + // the stable map assumption was invalidated and we cannot continue + // with the optimized code. + Handle cell_value(HeapObject::cast(cell->value())); + Handle cell_value_map(cell_value->map()); + if (!cell_value_map->is_stable()) { + return Bailout(kUnstableConstantTypeHeapObject); + } + top_info()->dependencies()->AssumeMapStable(cell_value_map); + // Now check that the new {value} is a HeapObject with the same map. Add(value); - value = Add(value, map); + value = Add(value, cell_value_map); access = access.WithRepresentation(Representation::HeapObject()); break; } diff --git a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc index 8233659ddb..2512e2be01 100644 --- a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc +++ b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc @@ -176,12 +176,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc index fa345e5173..6be0d13f13 100644 --- a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc +++ b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc @@ -183,11 +183,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc index 65e922848b..924f552ab0 100644 --- a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc +++ b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc @@ -159,11 +159,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc index fa1f430c58..e1203b86a4 100644 --- a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc +++ b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc @@ -170,11 +170,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r4); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc b/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc index 7bb718df7e..ec2a85a07b 100644 --- a/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc +++ b/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc @@ -160,11 +160,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r3); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc index e417eaaeb1..66046a4e68 100644 --- a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc +++ b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc @@ -179,11 +179,16 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(rdi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc index f6aa9639b3..1a42d5b41b 100644 --- a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc +++ b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc @@ -146,12 +146,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc index e25a0441d8..7887d32bdb 100644 --- a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc +++ b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc @@ -184,11 +184,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r3); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc index 3330325df4..a4f32da2ef 100644 --- a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc +++ b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc @@ -187,11 +187,16 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ Push(x3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(x1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ Pop(x3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc index 0a00eeade8..3571948216 100644 --- a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc +++ b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc @@ -176,12 +176,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(edx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(edx); // Restore new target. } diff --git a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc index 917474ae88..67598d0a25 100644 --- a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc +++ b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc @@ -194,11 +194,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(a3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(a3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc index 0c09bdf176..c149f137cf 100644 --- a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc +++ b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc @@ -193,11 +193,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(a3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(a3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc index 6bac8b15a3..6813069d40 100644 --- a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc +++ b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc @@ -190,11 +190,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r6); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r4); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r6); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/s390/full-codegen-s390.cc b/deps/v8/src/full-codegen/s390/full-codegen-s390.cc index 003c9312e4..bd1509b77d 100644 --- a/deps/v8/src/full-codegen/s390/full-codegen-s390.cc +++ b/deps/v8/src/full-codegen/s390/full-codegen-s390.cc @@ -195,11 +195,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r5); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r3); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r5); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc index 4b0e43c9b2..ce94a990d5 100644 --- a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc +++ b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc @@ -175,11 +175,16 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ Push(rdx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(rdi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ Pop(rdx); // Restore new target. } diff --git a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc index 0ccf63f9f0..28c8960c4b 100644 --- a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc +++ b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc @@ -176,12 +176,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(edx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(edx); // Restore new target. } diff --git a/deps/v8/src/interpreter/bytecode-generator.cc b/deps/v8/src/interpreter/bytecode-generator.cc index a57399cf6f..6ff43a4170 100644 --- a/deps/v8/src/interpreter/bytecode-generator.cc +++ b/deps/v8/src/interpreter/bytecode-generator.cc @@ -3168,7 +3168,12 @@ void BytecodeGenerator::VisitNewLocalFunctionContext() { .CallRuntime(Runtime::kNewScriptContext, closure, 2); } else { int slot_count = scope->num_heap_slots() - Context::MIN_CONTEXT_SLOTS; - builder()->CreateFunctionContext(slot_count); + if (slot_count <= FastNewFunctionContextStub::kMaximumSlots) { + builder()->CreateFunctionContext(slot_count); + } else { + builder()->CallRuntime(Runtime::kNewFunctionContext, + Register::function_closure(), 1); + } } execution_result()->SetResultInAccumulator(); } diff --git a/deps/v8/src/runtime/runtime-utils.h b/deps/v8/src/runtime/runtime-utils.h index 0d84354f44..147efed092 100644 --- a/deps/v8/src/runtime/runtime-utils.h +++ b/deps/v8/src/runtime/runtime-utils.h @@ -69,9 +69,11 @@ namespace internal { // Assert that the given argument has a valid value for a LanguageMode // and store it in a LanguageMode variable with the given name. #define CONVERT_LANGUAGE_MODE_ARG_CHECKED(name, index) \ - CHECK(args[index]->IsSmi()); \ - CHECK(is_valid_language_mode(args.smi_at(index))); \ - LanguageMode name = static_cast(args.smi_at(index)); + CHECK(args[index]->IsNumber()); \ + int32_t __tmp_##name = 0; \ + CHECK(args[index]->ToInt32(&__tmp_##name)); \ + CHECK(is_valid_language_mode(__tmp_##name)); \ + LanguageMode name = static_cast(__tmp_##name); // Assert that the given argument is a number within the Int32 range // and convert it to int32_t. If the argument is not an Int32 we crash safely. diff --git a/deps/v8/src/type-cache.h b/deps/v8/src/type-cache.h index f83f3bdb71..e7616ec3dc 100644 --- a/deps/v8/src/type-cache.h +++ b/deps/v8/src/type-cache.h @@ -50,7 +50,9 @@ class TypeCache final { Type* const kTenOrUndefined = Type::Union(kSingletonTen, Type::Undefined(), zone()); Type* const kMinusOneOrZero = CreateRange(-1.0, 0.0); - Type* const kMinusOneToOne = CreateRange(-1.0, 1.0); + Type* const kMinusOneToOneOrMinusZeroOrNaN = Type::Union( + Type::Union(CreateRange(-1.0, 1.0), Type::MinusZero(), zone()), + Type::NaN(), zone()); Type* const kZeroOrOne = CreateRange(0.0, 1.0); Type* const kZeroOrOneOrNaN = Type::Union(kZeroOrOne, Type::NaN(), zone()); Type* const kZeroToThirtyOne = CreateRange(0.0, 31.0); diff --git a/deps/v8/test/mjsunit/compiler/math-sign.js b/deps/v8/test/mjsunit/compiler/math-sign.js new file mode 100644 index 0000000000..0fff0982df --- /dev/null +++ b/deps/v8/test/mjsunit/compiler/math-sign.js @@ -0,0 +1,51 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function signInt32(i) { + i = i|0; + return Math.sign(i); +} + +signInt32(0); +signInt32(2); +%OptimizeFunctionOnNextCall(signInt32); +assertEquals(1, signInt32(1)); +assertEquals(0, signInt32(0)); +assertEquals(-1, signInt32(-1)); +assertEquals(-1, signInt32(-1)); +assertEquals(1, signInt32(2147483647)); +assertEquals(-1, signInt32(2147483648)); +assertEquals(-1, signInt32(-2147483648)); +assertEquals(0, signInt32(NaN)); +assertEquals(0, signInt32(undefined)); +assertEquals(0, signInt32(-0)); + +function signFloat64(i) { + return Math.sign(+i); +} + +signFloat64(0.1); +signFloat64(-0.1); +%OptimizeFunctionOnNextCall(signFloat64); +assertEquals(1, signFloat64(1)); +assertEquals(1, signFloat64(0.001)); +assertEquals(-1, signFloat64(-0.002)); +assertEquals(1, signFloat64(1e100)); +assertEquals(-1, signFloat64(-2e100)); +assertEquals(0, signFloat64(0)); +assertEquals(Infinity, 1/signFloat64(0)); +assertEquals(-1, signFloat64(-1)); +assertEquals(-1, signFloat64(-1)); +assertEquals(1, signFloat64(2147483647)); +assertEquals(1, signFloat64(2147483648)); +assertEquals(-1, signFloat64(-2147483647)); +assertEquals(-1, signFloat64(-2147483648)); +assertEquals(-1, signFloat64(-2147483649)); +assertEquals(-0, signFloat64(-0)); +assertEquals(NaN, signFloat64(NaN)); +assertEquals(NaN, signFloat64(undefined)); +assertEquals(1, signFloat64(Infinity)); +assertEquals(-1, signFloat64(-Infinity)); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js b/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js new file mode 100644 index 0000000000..2648203b8c --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js @@ -0,0 +1,30 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var n; + +function Ctor() { + n = new Set(); +} + +function Check() { + n.xyz = 0x826852f4; +} + +Ctor(); +Ctor(); +%OptimizeFunctionOnNextCall(Ctor); +Ctor(); + +Check(); +Check(); +%OptimizeFunctionOnNextCall(Check); +Check(); + +Ctor(); +Check(); + +parseInt('AAAAAAAA'); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js b/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js new file mode 100644 index 0000000000..49e02fde00 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js @@ -0,0 +1,31 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var n; + +function Ctor() { + try { } catch (e) {} + n = new Set(); +} + +function Check() { + n.xyz = 0x826852f4; +} + +Ctor(); +Ctor(); +%OptimizeFunctionOnNextCall(Ctor); +Ctor(); + +Check(); +Check(); +%OptimizeFunctionOnNextCall(Check); +Check(); + +Ctor(); +Check(); + +parseInt('AAAAAAAA');