deps: upgrade v8 to 4.2.77.20

Fixes: https://github.com/iojs/io.js/issues/1637
PR-URL: https://github.com/iojs/io.js/pull/1639
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
V8-Bug: https://code.google.com/p/v8/issues/detail?id=3960
V8-Bug: https://code.google.com/p/v8/issues/detail?id=4079

deps/v8/include/v8-version.h

@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 4
 #define V8_MINOR_VERSION 2
 #define V8_BUILD_NUMBER 77
-#define V8_PATCH_LEVEL 18
+#define V8_PATCH_LEVEL 20
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)

deps/v8/src/compiler.cc

@@ -1455,7 +1455,7 @@ Handle<SharedFunctionInfo> Compiler::BuildFunctionInfo(
   result->set_is_toplevel(false);
 
   RecordFunctionCompilation(Logger::FUNCTION_TAG, &info, result);
-  result->set_allows_lazy_compilation(allow_lazy);
+  result->set_allows_lazy_compilation(literal->AllowsLazyCompilation());
   result->set_allows_lazy_compilation_without_context(allow_lazy_without_ctx);
 
   // Set the expected number of properties for instances and return

deps/v8/src/compiler/graph-visualizer.h

@@ -5,6 +5,7 @@
 #ifndef V8_COMPILER_GRAPH_VISUALIZER_H_
 #define V8_COMPILER_GRAPH_VISUALIZER_H_
 
+#include <stdio.h>
 #include <iosfwd>
 
 namespace v8 {

deps/v8/src/debug.cc

@@ -1604,23 +1604,22 @@ Handle<Object> Debug::GetSourceBreakLocations(
   Handle<FixedArray> locations =
       isolate->factory()->NewFixedArray(debug_info->GetBreakPointCount());
   int count = 0;
-  for (int i = 0; i < debug_info->break_points()->length(); i++) {
+  for (int i = 0; i < debug_info->break_points()->length(); ++i) {
     if (!debug_info->break_points()->get(i)->IsUndefined()) {
       BreakPointInfo* break_point_info =
           BreakPointInfo::cast(debug_info->break_points()->get(i));
-      if (break_point_info->GetBreakPointCount() > 0) {
-        Smi* position = NULL;
-        switch (position_alignment) {
-          case STATEMENT_ALIGNED:
-            position = break_point_info->statement_position();
-            break;
-          case BREAK_POSITION_ALIGNED:
-            position = break_point_info->source_position();
-            break;
-        }
-
-        locations->set(count++, position);
+      int break_points = break_point_info->GetBreakPointCount();
+      if (break_points == 0) continue;
+      Smi* position = NULL;
+      switch (position_alignment) {
+        case STATEMENT_ALIGNED:
+          position = break_point_info->statement_position();
+          break;
+        case BREAK_POSITION_ALIGNED:
+          position = break_point_info->source_position();
+          break;
       }
+      for (int j = 0; j < break_points; ++j) locations->set(count++, position);
     }
   }
   return locations;
@@ -1923,7 +1922,6 @@ static void RecompileAndRelocateSuspendedGenerators(
 static bool SkipSharedFunctionInfo(SharedFunctionInfo* shared,
                                    Object* active_code_marker) {
   if (!shared->allows_lazy_compilation()) return true;
-  if (!shared->script()->IsScript()) return true;
   Object* script = shared->script();
   if (!script->IsScript()) return true;
   if (Script::cast(script)->type()->value() == Script::TYPE_NATIVE) return true;
@@ -2204,6 +2202,21 @@ Object* Debug::FindSharedFunctionInfoInScript(Handle<Script> script,
     }
   }  // End while loop.
 
+  // JSFunctions from the same literal may not have the same shared function
+  // info. Find those JSFunctions and deduplicate the shared function info.
+  HeapIterator iterator(heap, FLAG_lazy ? HeapIterator::kNoFiltering
+                                        : HeapIterator::kFilterUnreachable);
+  for (HeapObject* obj = iterator.next(); obj != NULL; obj = iterator.next()) {
+    if (!obj->IsJSFunction()) continue;
+    JSFunction* function = JSFunction::cast(obj);
+    SharedFunctionInfo* shared = function->shared();
+    if (shared != *target && shared->script() == target->script() &&
+        shared->start_position_and_type() ==
+            target->start_position_and_type()) {
+      function->set_shared(*target);
+    }
+  }
+
   return *target;
 }
 

deps/v8/src/factory.cc

@@ -826,17 +826,12 @@ Handle<ExecutableAccessorInfo> Factory::NewExecutableAccessorInfo() {
 
 
 Handle<Script> Factory::NewScript(Handle<String> source) {
-  // Generate id for this script.
-  Heap* heap = isolate()->heap();
-  int id = heap->last_script_id()->value() + 1;
-  if (!Smi::IsValid(id) || id < 0) id = 1;
-  heap->set_last_script_id(Smi::FromInt(id));
-
   // Create and initialize script object.
+  Heap* heap = isolate()->heap();
   Handle<Script> script = Handle<Script>::cast(NewStruct(SCRIPT_TYPE));
   script->set_source(*source);
   script->set_name(heap->undefined_value());
-  script->set_id(Smi::FromInt(id));
+  script->set_id(isolate()->heap()->NextScriptId());
   script->set_line_offset(Smi::FromInt(0));
   script->set_column_offset(Smi::FromInt(0));
   script->set_context_data(heap->undefined_value());

deps/v8/src/heap/heap.h

@@ -1339,6 +1339,14 @@ class Heap {
     return seed;
   }
 
+  Smi* NextScriptId() {
+    int next_id = last_script_id()->value() + 1;
+    if (!Smi::IsValid(next_id) || next_id < 0) next_id = 1;
+    Smi* next_id_smi = Smi::FromInt(next_id);
+    set_last_script_id(next_id_smi);
+    return next_id_smi;
+  }
+
   void SetArgumentsAdaptorDeoptPCOffset(int pc_offset) {
     DCHECK(arguments_adaptor_deopt_pc_offset() == Smi::FromInt(0));
     set_arguments_adaptor_deopt_pc_offset(Smi::FromInt(pc_offset));

deps/v8/src/liveedit.cc

@@ -1238,6 +1238,7 @@ void LiveEdit::SetFunctionScript(Handle<JSValue> function_wrapper,
       UnwrapSharedFunctionInfoFromJSValue(function_wrapper);
   CHECK(script_handle->IsScript() || script_handle->IsUndefined());
   shared_info->set_script(*script_handle);
+  shared_info->DisableOptimization(kLiveEdit);
 
   function_wrapper->GetIsolate()->compilation_cache()->Remove(shared_info);
 }

deps/v8/src/runtime/runtime-debug.cc

@@ -2327,6 +2327,7 @@ RUNTIME_FUNCTION(Runtime_DebugGetLoadedScripts) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 0);
 
+  DebugScope debug_scope(isolate->debug());
   // Fill the script objects.
   Handle<FixedArray> instances = isolate->debug()->GetLoadedScripts();
 
@@ -2674,6 +2675,15 @@ RUNTIME_FUNCTION(Runtime_ExecuteInDebugContext) {
 }
 
 
+RUNTIME_FUNCTION(Runtime_GetDebugContext) {
+  HandleScope scope(isolate);
+  DCHECK(args.length() == 0);
+  Handle<Context> context = isolate->debug()->GetDebugContext();
+  context->set_security_token(isolate->native_context()->security_token());
+  return context->global_proxy();
+}
+
+
 // Performs a GC.
 // Presently, it only does a full GC.
 RUNTIME_FUNCTION(Runtime_CollectGarbage) {

deps/v8/src/runtime/runtime.h

@@ -577,7 +577,7 @@ namespace internal {
   F(LiveEditRestartFrame, 2, 1)                     \
   F(GetFunctionCodePositionFromSource, 2, 1)        \
   F(ExecuteInDebugContext, 2, 1)                    \
-                                                    \
+  F(GetDebugContext, 0, 1)                          \
   F(SetFlags, 1, 1)                                 \
   F(CollectGarbage, 1, 1)                           \
   F(GetHeapUsage, 0, 1)

deps/v8/src/serialize.cc

@@ -820,6 +820,8 @@ HeapObject* Deserializer::ProcessNewObjectFromSerializedCode(HeapObject* obj) {
       string->SetForwardedInternalizedString(canonical);
       return canonical;
     }
+  } else if (obj->IsScript()) {
+    Script::cast(obj)->set_id(isolate_->heap()->NextScriptId());
   }
   return obj;
 }

deps/v8/test/mjsunit/debug-breakpoints.js

@@ -29,6 +29,8 @@
 // Get the Debug object exposed from the debug context global object.
 Debug = debug.Debug
 
+Debug.setListener(function() {});
+
 function f() {a=1;b=2}
 function g() {
   a=1;

deps/v8/test/mjsunit/debug-liveedit-2.js

@@ -25,7 +25,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// Flags: --expose-debug-as debug
+// Flags: --expose-debug-as debug --noalways-opt
 // Get the Debug object exposed from the debug context global object.
 
 

deps/v8/test/mjsunit/debug-liveedit-4.js

@@ -25,7 +25,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-// Flags: --expose-debug-as debug
+// Flags: --expose-debug-as debug --noalways-opt
 // Get the Debug object exposed from the debug context global object.
 
 // In this test case we edit a script so that techincally function text

deps/v8/test/mjsunit/deserialize-script-id.js

@@ -0,0 +1,17 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --cache=code
+// Test that script ids are unique and we found the correct ones.
+
+var scripts = %DebugGetLoadedScripts();
+scripts.sort(function(a, b) { return a.id - b.id; });
+var user_script_count = 0;
+scripts.reduce(function(prev, cur) {
+  assertTrue(prev === undefined || prev.id != cur.id);
+  if (cur.type == 2) user_script_count++;
+});
+
+// Found mjsunit.js and this script.
+assertEquals(2, user_script_count);

deps/v8/test/mjsunit/regress/regress-2825.js

@@ -7,7 +7,7 @@
 // Do not edit this file with an editor that replaces \r with \r\n.
 // Variable definitions for i0 through i3 are each terminated with \r.
 function f() {
-  var i0 = 0;
  var i1 = 1;
  var i2 = 2;
  var i3 = 3;
+  var i0 = 0;
  var i1 = 1;
  var i2 = 2;
  var i3 = 3;
   var j0 = 0;
   var j1 = 1;
   var j2 = 2;