diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index 3edc10eb65..7cc2493b83 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 4 #define V8_BUILD_NUMBER 500 -#define V8_PATCH_LEVEL 27 +#define V8_PATCH_LEVEL 31 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/api.h b/deps/v8/src/api.h index 26e47ccb52..ede7ba9adc 100644 --- a/deps/v8/src/api.h +++ b/deps/v8/src/api.h @@ -389,6 +389,7 @@ class HandleScopeImplementer { call_depth_(0), microtasks_depth_(0), microtasks_suppressions_(0), + entered_context_count_during_microtasks_(0), #ifdef DEBUG debug_microtasks_depth_(0), #endif @@ -454,6 +455,11 @@ class HandleScopeImplementer { inline void EnterMicrotaskContext(Handle context); inline void LeaveMicrotaskContext(); inline Handle MicrotaskContext(); + inline bool MicrotaskContextIsLastEnteredContext() const { + return microtask_context_ && + entered_context_count_during_microtasks_ == + entered_contexts_.length(); + } inline void SaveContext(Context* context); inline Context* RestoreContext(); @@ -474,6 +480,7 @@ class HandleScopeImplementer { entered_contexts_.Initialize(0); saved_contexts_.Initialize(0); microtask_context_ = nullptr; + entered_context_count_during_microtasks_ = 0; spare_ = NULL; last_handle_before_deferred_block_ = NULL; call_depth_ = 0; @@ -508,6 +515,7 @@ class HandleScopeImplementer { int call_depth_; int microtasks_depth_; int microtasks_suppressions_; + int entered_context_count_during_microtasks_; #ifdef DEBUG int debug_microtasks_depth_; #endif @@ -579,11 +587,13 @@ Handle HandleScopeImplementer::LastEnteredContext() { void HandleScopeImplementer::EnterMicrotaskContext(Handle context) { DCHECK(!microtask_context_); microtask_context_ = *context; + entered_context_count_during_microtasks_ = entered_contexts_.length(); } void HandleScopeImplementer::LeaveMicrotaskContext() { DCHECK(microtask_context_); microtask_context_ = nullptr; + entered_context_count_during_microtasks_ = 0; } Handle HandleScopeImplementer::MicrotaskContext() { diff --git a/deps/v8/src/builtins/builtins.cc b/deps/v8/src/builtins/builtins.cc index dd5b4333ce..d5a0e17d17 100644 --- a/deps/v8/src/builtins/builtins.cc +++ b/deps/v8/src/builtins/builtins.cc @@ -280,13 +280,12 @@ bool Builtins::AllowDynamicFunction(Isolate* isolate, Handle target, Handle target_global_proxy) { if (FLAG_allow_unsafe_function_constructor) return true; HandleScopeImplementer* impl = isolate->handle_scope_implementer(); - Handle responsible_context = impl->LastEnteredContext(); + Handle responsible_context = + impl->MicrotaskContextIsLastEnteredContext() ? impl->MicrotaskContext() + : impl->LastEnteredContext(); + // TODO(jochen): Remove this. if (responsible_context.is_null()) { - responsible_context = impl->MicrotaskContext(); - // TODO(jochen): Remove this. - if (responsible_context.is_null()) { - return true; - } + return true; } if (*responsible_context == target->context()) return true; return isolate->MayAccess(responsible_context, target_global_proxy); diff --git a/deps/v8/src/compiler/access-info.cc b/deps/v8/src/compiler/access-info.cc index 2ba31f540b..97de25bd4c 100644 --- a/deps/v8/src/compiler/access-info.cc +++ b/deps/v8/src/compiler/access-info.cc @@ -312,7 +312,9 @@ bool AccessInfoFactory::ComputePropertyAccessInfo( isolate()); dependencies()->AssumeFieldType(field_owner_map); } - DCHECK(field_type->Is(Type::TaggedPointer())); + if (access_mode == AccessMode::kLoad) { + field_type = Type::Any(); + } } *access_info = PropertyAccessInfo::DataField( MapList{receiver_map}, field_index, field_type, holder); diff --git a/deps/v8/src/compiler/arm/code-generator-arm.cc b/deps/v8/src/compiler/arm/code-generator-arm.cc index b8a4b080a9..4ae282a0d1 100644 --- a/deps/v8/src/compiler/arm/code-generator-arm.cc +++ b/deps/v8/src/compiler/arm/code-generator-arm.cc @@ -1878,10 +1878,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ ldr(dst, g.SlotToMemOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ Move(dst, src_object); diff --git a/deps/v8/src/compiler/arm64/code-generator-arm64.cc b/deps/v8/src/compiler/arm64/code-generator-arm64.cc index 39c3314888..35f7e43fdc 100644 --- a/deps/v8/src/compiler/arm64/code-generator-arm64.cc +++ b/deps/v8/src/compiler/arm64/code-generator-arm64.cc @@ -1939,10 +1939,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, if (src.type() == Constant::kHeapObject) { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ Ldr(dst, g.SlotToMemOperand(slot, masm())); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ LoadObject(dst, src_object); diff --git a/deps/v8/src/compiler/ast-loop-assignment-analyzer.cc b/deps/v8/src/compiler/ast-loop-assignment-analyzer.cc index 22438c720a..f1469f76f7 100644 --- a/deps/v8/src/compiler/ast-loop-assignment-analyzer.cc +++ b/deps/v8/src/compiler/ast-loop-assignment-analyzer.cc @@ -252,10 +252,12 @@ void ALAA::VisitForStatement(ForStatement* loop) { void ALAA::VisitForInStatement(ForInStatement* loop) { + Expression* l = loop->each(); Enter(loop); - Visit(loop->each()); + Visit(l); Visit(loop->subject()); Visit(loop->body()); + if (l->IsVariableProxy()) AnalyzeAssignment(l->AsVariableProxy()->var()); Exit(loop); } diff --git a/deps/v8/src/compiler/code-generator.cc b/deps/v8/src/compiler/code-generator.cc index 4513c248fc..03136a7c2c 100644 --- a/deps/v8/src/compiler/code-generator.cc +++ b/deps/v8/src/compiler/code-generator.cc @@ -278,21 +278,6 @@ void CodeGenerator::RecordSafepoint(ReferenceMap* references, } } -bool CodeGenerator::IsMaterializableFromFrame(Handle object, - int* slot_return) { - if (linkage()->GetIncomingDescriptor()->IsJSFunctionCall()) { - if (object.is_identical_to(info()->context()) && !info()->is_osr()) { - *slot_return = Frame::kContextSlot; - return true; - } else if (object.is_identical_to(info()->closure())) { - *slot_return = Frame::kJSFunctionSlot; - return true; - } - } - return false; -} - - bool CodeGenerator::IsMaterializableFromRoot( Handle object, Heap::RootListIndex* index_return) { const CallDescriptor* incoming_descriptor = diff --git a/deps/v8/src/compiler/code-generator.h b/deps/v8/src/compiler/code-generator.h index 8ad9431653..21c13f8d61 100644 --- a/deps/v8/src/compiler/code-generator.h +++ b/deps/v8/src/compiler/code-generator.h @@ -84,9 +84,6 @@ class CodeGenerator final : public GapResolver::Assembler { void RecordSafepoint(ReferenceMap* references, Safepoint::Kind kind, int arguments, Safepoint::DeoptMode deopt_mode); - // Check if a heap object can be materialized by loading from the frame, which - // is usually way cheaper than materializing the actual heap object constant. - bool IsMaterializableFromFrame(Handle object, int* slot_return); // Check if a heap object can be materialized by loading from a heap root, // which is cheaper on some platforms than materializing the actual heap // object constant. diff --git a/deps/v8/src/compiler/ia32/code-generator-ia32.cc b/deps/v8/src/compiler/ia32/code-generator-ia32.cc index d4afd3789f..ad1a9922dc 100644 --- a/deps/v8/src/compiler/ia32/code-generator-ia32.cc +++ b/deps/v8/src/compiler/ia32/code-generator-ia32.cc @@ -2040,18 +2040,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, Constant src_constant = g.ToConstant(source); if (src_constant.type() == Constant::kHeapObject) { Handle src = src_constant.ToHeapObject(); - int slot; - if (IsMaterializableFromFrame(src, &slot)) { - if (destination->IsRegister()) { - Register dst = g.ToRegister(destination); - __ mov(dst, g.SlotToOperand(slot)); - } else { - DCHECK(destination->IsStackSlot()); - Operand dst = g.ToOperand(destination); - __ push(g.SlotToOperand(slot)); - __ pop(dst); - } - } else if (destination->IsRegister()) { + if (destination->IsRegister()) { Register dst = g.ToRegister(destination); __ LoadHeapObject(dst, src); } else { diff --git a/deps/v8/src/compiler/mips/code-generator-mips.cc b/deps/v8/src/compiler/mips/code-generator-mips.cc index ee9b40eb35..d06bc305e2 100644 --- a/deps/v8/src/compiler/mips/code-generator-mips.cc +++ b/deps/v8/src/compiler/mips/code-generator-mips.cc @@ -2013,10 +2013,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ lw(dst, g.SlotToMemOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ li(dst, src_object); diff --git a/deps/v8/src/compiler/mips64/code-generator-mips64.cc b/deps/v8/src/compiler/mips64/code-generator-mips64.cc index 3511ab8206..3e2e8e260d 100644 --- a/deps/v8/src/compiler/mips64/code-generator-mips64.cc +++ b/deps/v8/src/compiler/mips64/code-generator-mips64.cc @@ -2335,10 +2335,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ ld(dst, g.SlotToMemOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ li(dst, src_object); diff --git a/deps/v8/src/compiler/ppc/code-generator-ppc.cc b/deps/v8/src/compiler/ppc/code-generator-ppc.cc index 8561c2360a..9db36b4faa 100644 --- a/deps/v8/src/compiler/ppc/code-generator-ppc.cc +++ b/deps/v8/src/compiler/ppc/code-generator-ppc.cc @@ -2277,10 +2277,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ LoadP(dst, g.SlotToMemOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ Move(dst, src_object); diff --git a/deps/v8/src/compiler/s390/code-generator-s390.cc b/deps/v8/src/compiler/s390/code-generator-s390.cc index c0119cdd6c..e69a7ac3e3 100644 --- a/deps/v8/src/compiler/s390/code-generator-s390.cc +++ b/deps/v8/src/compiler/s390/code-generator-s390.cc @@ -2382,10 +2382,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ LoadP(dst, g.SlotToMemOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ Move(dst, src_object); diff --git a/deps/v8/src/compiler/x64/code-generator-x64.cc b/deps/v8/src/compiler/x64/code-generator-x64.cc index 5e1ef6ba1a..49a097b3bb 100644 --- a/deps/v8/src/compiler/x64/code-generator-x64.cc +++ b/deps/v8/src/compiler/x64/code-generator-x64.cc @@ -2477,10 +2477,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case Constant::kHeapObject: { Handle src_object = src.ToHeapObject(); Heap::RootListIndex index; - int slot; - if (IsMaterializableFromFrame(src_object, &slot)) { - __ movp(dst, g.SlotToOperand(slot)); - } else if (IsMaterializableFromRoot(src_object, &index)) { + if (IsMaterializableFromRoot(src_object, &index)) { __ LoadRoot(dst, index); } else { __ Move(dst, src_object); diff --git a/deps/v8/src/compiler/x87/code-generator-x87.cc b/deps/v8/src/compiler/x87/code-generator-x87.cc index 1064e622eb..29e2dd7383 100644 --- a/deps/v8/src/compiler/x87/code-generator-x87.cc +++ b/deps/v8/src/compiler/x87/code-generator-x87.cc @@ -2520,18 +2520,7 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, Constant src_constant = g.ToConstant(source); if (src_constant.type() == Constant::kHeapObject) { Handle src = src_constant.ToHeapObject(); - int slot; - if (IsMaterializableFromFrame(src, &slot)) { - if (destination->IsRegister()) { - Register dst = g.ToRegister(destination); - __ mov(dst, g.SlotToOperand(slot)); - } else { - DCHECK(destination->IsStackSlot()); - Operand dst = g.ToOperand(destination); - __ push(g.SlotToOperand(slot)); - __ pop(dst); - } - } else if (destination->IsRegister()) { + if (destination->IsRegister()) { Register dst = g.ToRegister(destination); __ LoadHeapObject(dst, src); } else { diff --git a/deps/v8/test/mjsunit/compiler/regress-645179.js b/deps/v8/test/mjsunit/compiler/regress-645179.js new file mode 100644 index 0000000000..47a7d9bb21 --- /dev/null +++ b/deps/v8/test/mjsunit/compiler/regress-645179.js @@ -0,0 +1,22 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function foo(a) { + return a.x === a.y; +} + +function A() { } + +var o = new A; + +var a = {x: o} +o.x = 0; +a.y = o; + +assertTrue(foo(a)); +assertTrue(foo(a)); +%OptimizeFunctionOnNextCall(foo); +assertTrue(foo(a)); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-647887.js b/deps/v8/test/mjsunit/regress/regress-crbug-647887.js new file mode 100644 index 0000000000..84e598d5aa --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-647887.js @@ -0,0 +1,14 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function f(obj) { + var key; + for (key in obj) { } + return key === undefined; +} + +%OptimizeFunctionOnNextCall(f); +assertFalse(f({ foo:0 })); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-648539.js b/deps/v8/test/mjsunit/regress/regress-crbug-648539.js new file mode 100644 index 0000000000..399180f03e --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-648539.js @@ -0,0 +1,17 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax --harmony-tailcalls + +function f() { + "use strict"; + return undefined(0, 0); +} +function g() { + return f(); +} +assertThrows(g, TypeError); +assertThrows(g, TypeError); +%OptimizeFunctionOnNextCall(g); +assertThrows(g, TypeError);