From 8803aa3af7031e4844eb6eeb6d6e53919808ea3d Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Sat, 14 Dec 2013 03:16:52 +0400 Subject: [PATCH] deps: update v8 to 3.22.24.9 --- deps/v8/src/code-stubs-hydrogen.cc | 2 - deps/v8/src/compiler.cc | 7 +- deps/v8/src/d8.cc | 3 + deps/v8/src/flag-definitions.h | 2 +- deps/v8/src/heap.cc | 21 +- deps/v8/src/hydrogen-instructions.h | 10 +- deps/v8/src/objects.cc | 10 +- deps/v8/src/platform-freebsd.cc | 2 +- deps/v8/src/runtime.cc | 236 +++++++++++---------- deps/v8/src/runtime.h | 1 + deps/v8/src/typedarray.js | 3 + deps/v8/src/unicode.h | 2 + deps/v8/src/version.cc | 2 +- deps/v8/test/mjsunit/regress/regress-2984.js | 34 +++ deps/v8/test/mjsunit/regress/regress-2987.js | 57 +++++ .../mjsunit/regress/regress-319722-ArrayBuffer.js | 47 ++++ .../mjsunit/regress/regress-319722-TypedArrays.js | 45 ++++ 17 files changed, 343 insertions(+), 141 deletions(-) create mode 100644 deps/v8/test/mjsunit/regress/regress-2984.js create mode 100644 deps/v8/test/mjsunit/regress/regress-2987.js create mode 100644 deps/v8/test/mjsunit/regress/regress-319722-ArrayBuffer.js create mode 100644 deps/v8/test/mjsunit/regress/regress-319722-TypedArrays.js diff --git a/deps/v8/src/code-stubs-hydrogen.cc b/deps/v8/src/code-stubs-hydrogen.cc index dfa5ecd..19b6088 100644 --- a/deps/v8/src/code-stubs-hydrogen.cc +++ b/deps/v8/src/code-stubs-hydrogen.cc @@ -1241,8 +1241,6 @@ HValue* CodeStubGraphBuilder::BuildCodeStub() { HObjectAccess::ForSharedFunctionInfoPointer(), shared_info); Add(js_function, HObjectAccess::ForFunctionContextPointer(), - shared_info); - Add(js_function, HObjectAccess::ForFunctionContextPointer(), context()); // Initialize the code pointer in the function to be the one diff --git a/deps/v8/src/compiler.cc b/deps/v8/src/compiler.cc index ed0a0c8..e86baa0 100644 --- a/deps/v8/src/compiler.cc +++ b/deps/v8/src/compiler.cc @@ -262,8 +262,11 @@ static bool AlwaysFullCompiler(Isolate* isolate) { void RecompileJob::RecordOptimizationStats() { Handle function = info()->closure(); - int opt_count = function->shared()->opt_count(); - function->shared()->set_opt_count(opt_count + 1); + if (!function->IsOptimized()) { + // Concurrent recompilation and OSR may race. Increment only once. + int opt_count = function->shared()->opt_count(); + function->shared()->set_opt_count(opt_count + 1); + } double ms_creategraph = time_taken_to_create_graph_.InMillisecondsF(); double ms_optimize = time_taken_to_optimize_.InMillisecondsF(); double ms_codegen = time_taken_to_codegen_.InMillisecondsF(); diff --git a/deps/v8/src/d8.cc b/deps/v8/src/d8.cc index 357c8a4..aec0c74 100644 --- a/deps/v8/src/d8.cc +++ b/deps/v8/src/d8.cc @@ -1358,6 +1358,9 @@ bool Shell::SetOptions(int argc, char* argv[]) { if (strcmp(argv[i], "--stress-opt") == 0) { options.stress_opt = true; argv[i] = NULL; + } else if (strcmp(argv[i], "--nostress-opt") == 0) { + options.stress_opt = false; + argv[i] = NULL; } else if (strcmp(argv[i], "--stress-deopt") == 0) { options.stress_deopt = true; argv[i] = NULL; diff --git a/deps/v8/src/flag-definitions.h b/deps/v8/src/flag-definitions.h index 865413e..34a903a 100644 --- a/deps/v8/src/flag-definitions.h +++ b/deps/v8/src/flag-definitions.h @@ -235,7 +235,7 @@ DEFINE_bool(use_range, true, "use hydrogen range analysis") DEFINE_bool(use_gvn, true, "use hydrogen global value numbering") DEFINE_bool(use_canonicalizing, true, "use hydrogen instruction canonicalizing") DEFINE_bool(use_inlining, true, "use function inlining") -DEFINE_bool(use_escape_analysis, true, "use hydrogen escape analysis") +DEFINE_bool(use_escape_analysis, false, "use hydrogen escape analysis") DEFINE_bool(use_allocation_folding, true, "use allocation folding") DEFINE_int(max_inlining_levels, 5, "maximum number of inlining levels") DEFINE_int(max_inlined_source_size, 600, diff --git a/deps/v8/src/heap.cc b/deps/v8/src/heap.cc index fa358c5..3f7030e 100644 --- a/deps/v8/src/heap.cc +++ b/deps/v8/src/heap.cc @@ -735,6 +735,7 @@ int Heap::NotifyContextDisposed() { isolate()->optimizing_compiler_thread()->Flush(); } flush_monomorphic_ics_ = true; + AgeInlineCaches(); return ++contexts_disposed_; } @@ -1132,8 +1133,6 @@ void Heap::MarkCompact(GCTracer* tracer) { isolate_->counters()->objs_since_last_full()->Set(0); - contexts_disposed_ = 0; - flush_monomorphic_ics_ = false; } @@ -4080,13 +4079,12 @@ MaybeObject* Heap::LookupSingleCharacterStringFromCode(uint16_t code) { return result; } - Object* result; + SeqTwoByteString* result; { MaybeObject* maybe_result = AllocateRawTwoByteString(1); - if (!maybe_result->ToObject(&result)) return maybe_result; + if (!maybe_result->To(&result)) return maybe_result; } - String* answer = String::cast(result); - answer->Set(0, code); - return answer; + result->SeqTwoByteStringSet(0, code); + return result; } @@ -5818,12 +5816,7 @@ bool Heap::IdleNotification(int hint) { size_factor * IncrementalMarking::kAllocatedThreshold; if (contexts_disposed_ > 0) { - if (hint >= kMaxHint) { - // The embedder is requesting a lot of GC work after context disposal, - // we age inline caches so that they don't keep objects from - // the old context alive. - AgeInlineCaches(); - } + contexts_disposed_ = 0; int mark_sweep_time = Min(TimeMarkSweepWouldTakeInMs(), 1000); if (hint >= mark_sweep_time && !FLAG_expose_gc && incremental_marking()->IsStopped()) { @@ -5832,8 +5825,8 @@ bool Heap::IdleNotification(int hint) { "idle notification: contexts disposed"); } else { AdvanceIdleIncrementalMarking(step_size); - contexts_disposed_ = 0; } + // After context disposal there is likely a lot of garbage remaining, reset // the idle notification counters in order to trigger more incremental GCs // on subsequent idle notifications. diff --git a/deps/v8/src/hydrogen-instructions.h b/deps/v8/src/hydrogen-instructions.h index 10c4b94..1703dde 100644 --- a/deps/v8/src/hydrogen-instructions.h +++ b/deps/v8/src/hydrogen-instructions.h @@ -3257,9 +3257,6 @@ class HDematerializedObject : public HInstruction { // List of values tracked by this marker. ZoneList values_; - - private: - virtual bool IsDeletable() const V8_FINAL V8_OVERRIDE { return true; } }; @@ -3287,6 +3284,8 @@ class HArgumentsObject V8_FINAL : public HDematerializedObject { set_representation(Representation::Tagged()); SetFlag(kIsArguments); } + + virtual bool IsDeletable() const V8_FINAL V8_OVERRIDE { return true; } }; @@ -3323,6 +3322,11 @@ class HCapturedObject V8_FINAL : public HDematerializedObject { private: int capture_id_; + + // Note that we cannot DCE captured objects as they are used to replay + // the environment. This method is here as an explicit reminder. + // TODO(mstarzinger): Turn HSimulates into full snapshots maybe? + virtual bool IsDeletable() const V8_FINAL V8_OVERRIDE { return false; } }; diff --git a/deps/v8/src/objects.cc b/deps/v8/src/objects.cc index 22c01bf..64fb179 100644 --- a/deps/v8/src/objects.cc +++ b/deps/v8/src/objects.cc @@ -9568,7 +9568,7 @@ MaybeObject* SharedFunctionInfo::AddToOptimizedCodeMap(Context* native_context, if (value->IsSmi()) { // No optimized code map. ASSERT_EQ(0, Smi::cast(value)->value()); - // Crate 3 entries per context {context, code, literals}. + // Create 3 entries per context {context, code, literals}. MaybeObject* maybe = heap->AllocateFixedArray(kInitialLength); if (!maybe->To(&new_code_map)) return maybe; new_code_map->set(kEntriesStart + 0, native_context); @@ -11564,11 +11564,9 @@ Handle DependentCode::Insert(Handle entries, int start = starts.at(group); int end = starts.at(group + 1); int number_of_entries = starts.number_of_entries(); - if (start < end && entries->object_at(end - 1) == *object) { - // Do not append the compilation info if it is already in the array. - // It is sufficient to just check only the last element because - // we process embedded maps of an optimized code in one batch. - return entries; + // Check for existing entry to avoid duplicates. + for (int i = start; i < end; i++) { + if (entries->object_at(i) == *object) return entries; } if (entries->length() < kCodesStartIndex + number_of_entries + 1) { Factory* factory = entries->GetIsolate()->factory(); diff --git a/deps/v8/src/platform-freebsd.cc b/deps/v8/src/platform-freebsd.cc index 75d88ec..103fd6c 100644 --- a/deps/v8/src/platform-freebsd.cc +++ b/deps/v8/src/platform-freebsd.cc @@ -182,7 +182,7 @@ void OS::LogSharedLibraryAddresses(Isolate* isolate) { // There may be no filename in this line. Skip to next. if (start_of_path == NULL) continue; buffer[bytes_read] = 0; - LOG(isolate, SharedLibraryEvent(start_of_path, start, end)); + LOG(isolate SharedLibraryEvent(start_of_path, start, end)); } close(fd); } diff --git a/deps/v8/src/runtime.cc b/deps/v8/src/runtime.cc index 7f37af0..0402214 100644 --- a/deps/v8/src/runtime.cc +++ b/deps/v8/src/runtime.cc @@ -922,6 +922,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayInitialize) { ASSERT(byte_length % element_size == 0); size_t length = byte_length / element_size; + if (length > static_cast(Smi::kMaxValue)) { + return isolate->Throw(*isolate->factory()-> + NewRangeError("invalid_typed_array_length", + HandleVector(NULL, 0))); + } + Handle length_obj = isolate->factory()->NewNumberFromSize(length); holder->set_length(*length_obj); holder->set_weak_next(buffer->weak_first_view()); @@ -961,9 +967,11 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayInitializeFromArrayLike) { Handle buffer = isolate->factory()->NewJSArrayBuffer(); size_t length = NumberToSize(isolate, *length_obj); - if (length > (kMaxInt / element_size)) { + + if ((length > static_cast(Smi::kMaxValue)) || + (length > (kMaxInt / element_size))) { return isolate->Throw(*isolate->factory()-> - NewRangeError("invalid_array_buffer_length", + NewRangeError("invalid_typed_array_length", HandleVector(NULL, 0))); } size_t byte_length = length * element_size; @@ -6222,6 +6230,7 @@ template MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( Isolate* isolate, String* s, + String::Encoding result_encoding, int length, int input_string_length, unibrow::Mapping* mapping) { @@ -6237,7 +6246,7 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( // might break in the future if we implement more context and locale // dependent upper/lower conversions. Object* o; - { MaybeObject* maybe_o = s->IsOneByteRepresentation() + { MaybeObject* maybe_o = result_encoding == String::ONE_BYTE_ENCODING ? isolate->heap()->AllocateRawOneByteString(length) : isolate->heap()->AllocateRawTwoByteString(length); if (!maybe_o->ToObject(&o)) return maybe_o; @@ -6245,6 +6254,8 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( String* result = String::cast(o); bool has_changed_character = false; + DisallowHeapAllocation no_gc; + // Convert all characters to upper case, assuming that they will fit // in the buffer Access op( @@ -6253,6 +6264,10 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( unibrow::uchar chars[Converter::kMaxWidth]; // We can assume that the string is not empty uc32 current = stream.GetNext(); + // y with umlauts is the only character that stops fitting into one-byte + // when converting to uppercase. + static const uc32 yuml_code = 0xff; + bool ignore_yuml = result->IsSeqTwoByteString() || Converter::kIsToLower; for (int i = 0; i < length;) { bool has_next = stream.HasMore(); uc32 next = has_next ? stream.GetNext() : 0; @@ -6261,13 +6276,14 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( // The case conversion of this character is the character itself. result->Set(i, current); i++; - } else if (char_length == 1) { + } else if (char_length == 1 && (ignore_yuml || current != yuml_code)) { // Common case: converting the letter resulted in one character. ASSERT(static_cast(chars[0]) != current); result->Set(i, chars[0]); has_changed_character = true; i++; } else if (length == input_string_length) { + bool found_yuml = (current == yuml_code); // We've assumed that the result would be as long as the // input but here is a character that converts to several // characters. No matter, we calculate the exact length @@ -6287,6 +6303,7 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( int current_length = i + char_length + next_length; while (stream.HasMore()) { current = stream.GetNext(); + found_yuml |= (current == yuml_code); // NOTE: we use 0 as the next character here because, while // the next character may affect what a character converts to, // it does not in any case affect the length of what it convert @@ -6299,8 +6316,10 @@ MUST_USE_RESULT static MaybeObject* ConvertCaseHelper( return Failure::OutOfMemoryException(0x13); } } - // Try again with the real length. - return Smi::FromInt(current_length); + // Try again with the real length. Return signed if we need + // to allocate a two-byte string for y-umlaut to uppercase. + return (found_yuml && !ignore_yuml) ? Smi::FromInt(-current_length) + : Smi::FromInt(current_length); } else { for (int j = 0; j < char_length; j++) { result->Set(i, chars[j]); @@ -6346,121 +6365,107 @@ static inline uintptr_t AsciiRangeMask(uintptr_t w, char m, char n) { } -enum AsciiCaseConversion { - ASCII_TO_LOWER, - ASCII_TO_UPPER -}; - - -template -struct FastAsciiConverter { - static bool Convert(char* dst, char* src, int length, bool* changed_out) { +template +static bool FastAsciiConvert(char* dst, + char* src, + int length, + bool* changed_out) { #ifdef DEBUG char* saved_dst = dst; char* saved_src = src; #endif - // We rely on the distance between upper and lower case letters - // being a known power of 2. - ASSERT('a' - 'A' == (1 << 5)); - // Boundaries for the range of input characters than require conversion. - const char lo = (dir == ASCII_TO_LOWER) ? 'A' - 1 : 'a' - 1; - const char hi = (dir == ASCII_TO_LOWER) ? 'Z' + 1 : 'z' + 1; - bool changed = false; - uintptr_t or_acc = 0; - char* const limit = src + length; + DisallowHeapAllocation no_gc; + // We rely on the distance between upper and lower case letters + // being a known power of 2. + ASSERT('a' - 'A' == (1 << 5)); + // Boundaries for the range of input characters than require conversion. + static const char lo = Converter::kIsToLower ? 'A' - 1 : 'a' - 1; + static const char hi = Converter::kIsToLower ? 'Z' + 1 : 'z' + 1; + bool changed = false; + uintptr_t or_acc = 0; + char* const limit = src + length; #ifdef V8_HOST_CAN_READ_UNALIGNED - // Process the prefix of the input that requires no conversion one - // (machine) word at a time. - while (src <= limit - sizeof(uintptr_t)) { - uintptr_t w = *reinterpret_cast(src); - or_acc |= w; - if (AsciiRangeMask(w, lo, hi) != 0) { - changed = true; - break; - } - *reinterpret_cast(dst) = w; - src += sizeof(uintptr_t); - dst += sizeof(uintptr_t); - } - // Process the remainder of the input performing conversion when - // required one word at a time. - while (src <= limit - sizeof(uintptr_t)) { - uintptr_t w = *reinterpret_cast(src); - or_acc |= w; - uintptr_t m = AsciiRangeMask(w, lo, hi); - // The mask has high (7th) bit set in every byte that needs - // conversion and we know that the distance between cases is - // 1 << 5. - *reinterpret_cast(dst) = w ^ (m >> 2); - src += sizeof(uintptr_t); - dst += sizeof(uintptr_t); - } -#endif - // Process the last few bytes of the input (or the whole input if - // unaligned access is not supported). - while (src < limit) { - char c = *src; - or_acc |= c; - if (lo < c && c < hi) { - c ^= (1 << 5); - changed = true; - } - *dst = c; - ++src; - ++dst; - } - if ((or_acc & kAsciiMask) != 0) { - return false; + // Process the prefix of the input that requires no conversion one + // (machine) word at a time. + while (src <= limit - sizeof(uintptr_t)) { + uintptr_t w = *reinterpret_cast(src); + or_acc |= w; + if (AsciiRangeMask(w, lo, hi) != 0) { + changed = true; + break; } -#ifdef DEBUG - CheckConvert(saved_dst, saved_src, length, changed); + *reinterpret_cast(dst) = w; + src += sizeof(uintptr_t); + dst += sizeof(uintptr_t); + } + // Process the remainder of the input performing conversion when + // required one word at a time. + while (src <= limit - sizeof(uintptr_t)) { + uintptr_t w = *reinterpret_cast(src); + or_acc |= w; + uintptr_t m = AsciiRangeMask(w, lo, hi); + // The mask has high (7th) bit set in every byte that needs + // conversion and we know that the distance between cases is + // 1 << 5. + *reinterpret_cast(dst) = w ^ (m >> 2); + src += sizeof(uintptr_t); + dst += sizeof(uintptr_t); + } #endif - *changed_out = changed; - return true; + // Process the last few bytes of the input (or the whole input if + // unaligned access is not supported). + while (src < limit) { + char c = *src; + or_acc |= c; + if (lo < c && c < hi) { + c ^= (1 << 5); + changed = true; + } + *dst = c; + ++src; + ++dst; + } + if ((or_acc & kAsciiMask) != 0) { + return false; } + ASSERT(CheckFastAsciiConvert( + saved_dst, saved_src, length, changed, Converter::kIsToLower)); + + *changed_out = changed; + return true; +} + #ifdef DEBUG - static void CheckConvert(char* dst, char* src, int length, bool changed) { - bool expected_changed = false; - for (int i = 0; i < length; i++) { - if (dst[i] == src[i]) continue; - expected_changed = true; - if (dir == ASCII_TO_LOWER) { - ASSERT('A' <= src[i] && src[i] <= 'Z'); - ASSERT(dst[i] == src[i] + ('a' - 'A')); - } else { - ASSERT(dir == ASCII_TO_UPPER); - ASSERT('a' <= src[i] && src[i] <= 'z'); - ASSERT(dst[i] == src[i] - ('a' - 'A')); - } +static bool CheckFastAsciiConvert(char* dst, + char* src, + int length, + bool changed, + bool is_to_lower) { + bool expected_changed = false; + for (int i = 0; i < length; i++) { + if (dst[i] == src[i]) continue; + expected_changed = true; + if (is_to_lower) { + ASSERT('A' <= src[i] && src[i] <= 'Z'); + ASSERT(dst[i] == src[i] + ('a' - 'A')); + } else { + ASSERT('a' <= src[i] && src[i] <= 'z'); + ASSERT(dst[i] == src[i] - ('a' - 'A')); } - ASSERT(expected_changed == changed); } + return (expected_changed == changed); +} #endif -}; - - -struct ToLowerTraits { - typedef unibrow::ToLowercase UnibrowConverter; - - typedef FastAsciiConverter AsciiConverter; -}; - - -struct ToUpperTraits { - typedef unibrow::ToUppercase UnibrowConverter; - - typedef FastAsciiConverter AsciiConverter; -}; } // namespace -template +template MUST_USE_RESULT static MaybeObject* ConvertCase( Arguments args, Isolate* isolate, - unibrow::Mapping* mapping) { + unibrow::Mapping* mapping) { SealHandleScope shs(isolate); CONVERT_ARG_CHECKED(String, s, 0); s = s->TryFlattenGetString(); @@ -6482,7 +6487,7 @@ MUST_USE_RESULT static MaybeObject* ConvertCase( } SeqOneByteString* result = SeqOneByteString::cast(o); bool has_changed_character; - bool is_ascii = ConvertTraits::AsciiConverter::Convert( + bool is_ascii = FastAsciiConvert( reinterpret_cast(result->GetChars()), reinterpret_cast(SeqOneByteString::cast(s)->GetChars()), length, @@ -6493,31 +6498,35 @@ MUST_USE_RESULT static MaybeObject* ConvertCase( } } + String::Encoding result_encoding = s->IsOneByteRepresentation() + ? String::ONE_BYTE_ENCODING : String::TWO_BYTE_ENCODING; Object* answer; - { MaybeObject* maybe_answer = - ConvertCaseHelper(isolate, s, length, length, mapping); + { MaybeObject* maybe_answer = ConvertCaseHelper( + isolate, s, result_encoding, length, length, mapping); if (!maybe_answer->ToObject(&answer)) return maybe_answer; } if (answer->IsSmi()) { - // Retry with correct length. - { MaybeObject* maybe_answer = - ConvertCaseHelper(isolate, - s, Smi::cast(answer)->value(), length, mapping); - if (!maybe_answer->ToObject(&answer)) return maybe_answer; + int new_length = Smi::cast(answer)->value(); + if (new_length < 0) { + result_encoding = String::TWO_BYTE_ENCODING; + new_length = -new_length; } + MaybeObject* maybe_answer = ConvertCaseHelper( + isolate, s, result_encoding, new_length, length, mapping); + if (!maybe_answer->ToObject(&answer)) return maybe_answer; } return answer; } RUNTIME_FUNCTION(MaybeObject*, Runtime_StringToLowerCase) { - return ConvertCase( + return ConvertCase( args, isolate, isolate->runtime_state()->to_lower_mapping()); } RUNTIME_FUNCTION(MaybeObject*, Runtime_StringToUpperCase) { - return ConvertCase( + return ConvertCase( args, isolate, isolate->runtime_state()->to_upper_mapping()); } @@ -14789,6 +14798,11 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InternalArrayConstructor) { } +RUNTIME_FUNCTION(MaybeObject*, Runtime_MaxSmi) { + return Smi::FromInt(Smi::kMaxValue); +} + + // ---------------------------------------------------------------------------- // Implementation of Runtime diff --git a/deps/v8/src/runtime.h b/deps/v8/src/runtime.h index 1b7e32e..d67f781 100644 --- a/deps/v8/src/runtime.h +++ b/deps/v8/src/runtime.h @@ -112,6 +112,7 @@ namespace internal { F(FlattenString, 1, 1) \ F(MigrateInstance, 1, 1) \ F(NotifyContextDisposed, 0, 1) \ + F(MaxSmi, 0, 1) \ \ /* Array join support */ \ F(PushIfAbsent, 2, 1) \ diff --git a/deps/v8/src/typedarray.js b/deps/v8/src/typedarray.js index 1e67bc3..8d7f4de 100644 --- a/deps/v8/src/typedarray.js +++ b/deps/v8/src/typedarray.js @@ -69,6 +69,9 @@ function CreateTypedArrayConstructor(name, elementSize, arrayId, constructor) { function ConstructByLength(obj, length) { var l = ToPositiveInteger(length, "invalid_typed_array_length"); + if (l > %MaxSmi()) { + throw MakeRangeError("invalid_typed_array_length"); + } var byteLength = l * elementSize; var buffer = new $ArrayBuffer(byteLength); %TypedArrayInitialize(obj, arrayId, buffer, 0, byteLength); diff --git a/deps/v8/src/unicode.h b/deps/v8/src/unicode.h index f1dcad0..6ba61d0 100644 --- a/deps/v8/src/unicode.h +++ b/deps/v8/src/unicode.h @@ -235,6 +235,7 @@ struct ConnectorPunctuation { }; struct ToLowercase { static const int kMaxWidth = 3; + static const bool kIsToLower = true; static int Convert(uchar c, uchar n, uchar* result, @@ -242,6 +243,7 @@ struct ToLowercase { }; struct ToUppercase { static const int kMaxWidth = 3; + static const bool kIsToLower = false; static int Convert(uchar c, uchar n, uchar* result, diff --git a/deps/v8/src/version.cc b/deps/v8/src/version.cc index dcf8df7..a422523 100644 --- a/deps/v8/src/version.cc +++ b/deps/v8/src/version.cc @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 22 #define BUILD_NUMBER 24 -#define PATCH_LEVEL 5 +#define PATCH_LEVEL 9 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 diff --git a/deps/v8/test/mjsunit/regress/regress-2984.js b/deps/v8/test/mjsunit/regress/regress-2984.js new file mode 100644 index 0000000..de7895d --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-2984.js @@ -0,0 +1,34 @@ +// Copyright 2013 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +assertEquals("\u0178", "\xff".toUpperCase()); +assertEquals("abcdefghijklmn\xffopq", + ("ABCDEFGHIJKL" + "MN\u0178OPQ").toLowerCase()); +assertEquals("\xff", "\u0178".toLowerCase()); +assertEquals("ABCDEFGHIJKLMN\u0178OPQ", + ("abcdefghijk" + "lmn\xffopq").toUpperCase()); + diff --git a/deps/v8/test/mjsunit/regress/regress-2987.js b/deps/v8/test/mjsunit/regress/regress-2987.js new file mode 100644 index 0000000..7dd727e --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-2987.js @@ -0,0 +1,57 @@ +// Copyright 2013 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --allow-natives-syntax --dead-code-elimination + +// This tests that stores on captured objects are correctly tracked even +// when DCE is enabled. We cannot delete simulations of captured objects +// that are still needed to replay the environment correctly. + +function constructor() { + this.x = 0; +} + +var deopt = { deopt:false }; +function boogeyman(mode, value) { + var object = new constructor(); + if (mode) { + object.x = 1; + } else { + object.x = 2; + } + deopt.deopt; + assertEquals(value, object.x); +} + +boogeyman(true, 1); +boogeyman(true, 1); +boogeyman(false, 2); +boogeyman(false, 2); +%OptimizeFunctionOnNextCall(boogeyman); +boogeyman(false, 2); +delete deopt.deopt; +boogeyman(false, 2); diff --git a/deps/v8/test/mjsunit/regress/regress-319722-ArrayBuffer.js b/deps/v8/test/mjsunit/regress/regress-319722-ArrayBuffer.js new file mode 100644 index 0000000..c8aed9e --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-319722-ArrayBuffer.js @@ -0,0 +1,47 @@ +// Copyright 2013 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --nostress-opt --allow-natives-syntax +var maxSize = %MaxSmi() + 1; +var ab = new ArrayBuffer(maxSize); + +function TestArray(constr) { + assertThrows(function() { + new constr(ab, 0, maxSize); + }, RangeError); +} + +TestArray(Uint8Array); +TestArray(Int8Array); +TestArray(Uint16Array); +TestArray(Int16Array); +TestArray(Uint32Array); +TestArray(Int32Array); +TestArray(Float32Array); +TestArray(Float64Array); +TestArray(Uint8ClampedArray); + diff --git a/deps/v8/test/mjsunit/regress/regress-319722-TypedArrays.js b/deps/v8/test/mjsunit/regress/regress-319722-TypedArrays.js new file mode 100644 index 0000000..0445e2d --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-319722-TypedArrays.js @@ -0,0 +1,45 @@ + +// Copyright 2013 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --nostress-opt --allow-natives-syntax +var maxSize = %MaxSmi() + 1; +function TestArray(constr) { + assertThrows(function() { + new constr(maxSize); + }, RangeError); +} + +TestArray(Uint8Array); +TestArray(Int8Array); +TestArray(Uint16Array); +TestArray(Int16Array); +TestArray(Uint32Array); +TestArray(Int32Array); +TestArray(Float32Array); +TestArray(Float64Array); +TestArray(Uint8ClampedArray); -- 2.7.4