diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index a2abfc0485e57a..01b10d1d68edbb 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 4 #define V8_BUILD_NUMBER 500 -#define V8_PATCH_LEVEL 36 +#define V8_PATCH_LEVEL 41 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/bailout-reason.h b/deps/v8/src/bailout-reason.h index 0966334ffa4c6e..df47eb82b7c579 100644 --- a/deps/v8/src/bailout-reason.h +++ b/deps/v8/src/bailout-reason.h @@ -257,6 +257,7 @@ namespace internal { V(kUnexpectedReturnFromThrow, "Unexpectedly returned from a throw") \ V(kUnsupportedSwitchStatement, "Unsupported switch statement") \ V(kUnsupportedTaggedImmediate, "Unsupported tagged immediate") \ + V(kUnstableConstantTypeHeapObject, "Unstable constant-type heap object") \ V(kVariableResolvedToWithContext, "Variable resolved to with context") \ V(kWeShouldNotHaveAnEmptyLexicalContext, \ "We should not have an empty lexical context") \ diff --git a/deps/v8/src/code-stubs.h b/deps/v8/src/code-stubs.h index 36757c41c63c92..4793d74f9605f4 100644 --- a/deps/v8/src/code-stubs.h +++ b/deps/v8/src/code-stubs.h @@ -1160,6 +1160,8 @@ class FastNewClosureStub : public TurboFanCodeStub { class FastNewFunctionContextStub final : public TurboFanCodeStub { public: + static const int kMaximumSlots = 0x8000; + explicit FastNewFunctionContextStub(Isolate* isolate) : TurboFanCodeStub(isolate) {} @@ -1169,6 +1171,11 @@ class FastNewFunctionContextStub final : public TurboFanCodeStub { compiler::Node* context); private: + // FastNewFunctionContextStub can only allocate closures which fit in the + // new space. + STATIC_ASSERT(((kMaximumSlots + Context::MIN_CONTEXT_SLOTS) * kPointerSize + + FixedArray::kHeaderSize) < Page::kMaxRegularHeapObjectSize); + DEFINE_CALL_INTERFACE_DESCRIPTOR(FastNewFunctionContext); DEFINE_TURBOFAN_CODE_STUB(FastNewFunctionContext, TurboFanCodeStub); }; diff --git a/deps/v8/src/compiler/js-generic-lowering.cc b/deps/v8/src/compiler/js-generic-lowering.cc index 69526cd7eae8d4..812d3e7bcee0d1 100644 --- a/deps/v8/src/compiler/js-generic-lowering.cc +++ b/deps/v8/src/compiler/js-generic-lowering.cc @@ -444,9 +444,13 @@ void JSGenericLowering::LowerJSCreateFunctionContext(Node* node) { int const slot_count = OpParameter(node->op()); CallDescriptor::Flags flags = FrameStateFlagForCall(node); - Callable callable = CodeFactory::FastNewFunctionContext(isolate()); - node->InsertInput(zone(), 1, jsgraph()->Int32Constant(slot_count)); - ReplaceWithStubCall(node, callable, flags); + if (slot_count <= FastNewFunctionContextStub::kMaximumSlots) { + Callable callable = CodeFactory::FastNewFunctionContext(isolate()); + node->InsertInput(zone(), 1, jsgraph()->Int32Constant(slot_count)); + ReplaceWithStubCall(node, callable, flags); + } else { + ReplaceWithRuntimeCall(node, Runtime::kNewFunctionContext); + } } diff --git a/deps/v8/src/compiler/js-global-object-specialization.cc b/deps/v8/src/compiler/js-global-object-specialization.cc index 5ced04e9c15380..2b4bf1c019c0a6 100644 --- a/deps/v8/src/compiler/js-global-object-specialization.cc +++ b/deps/v8/src/compiler/js-global-object-specialization.cc @@ -181,13 +181,18 @@ Reduction JSGlobalObjectSpecialization::ReduceJSStoreGlobal(Node* node) { dependencies()->AssumePropertyCell(property_cell); Type* property_cell_value_type; if (property_cell_value->IsHeapObject()) { + // We cannot do anything if the {property_cell_value}s map is no + // longer stable. + Handle property_cell_value_map( + Handle::cast(property_cell_value)->map(), isolate()); + if (!property_cell_value_map->is_stable()) return NoChange(); + dependencies()->AssumeMapStable(property_cell_value_map); + // Check that the {value} is a HeapObject. value = effect = graph()->NewNode(simplified()->CheckTaggedPointer(), value, effect, control); // Check {value} map agains the {property_cell} map. - Handle property_cell_value_map( - Handle::cast(property_cell_value)->map(), isolate()); effect = graph()->NewNode( simplified()->CheckMaps(1), value, jsgraph()->HeapConstant(property_cell_value_map), effect, control); diff --git a/deps/v8/src/compiler/simplified-lowering.cc b/deps/v8/src/compiler/simplified-lowering.cc index de64de3e1fd7cf..d698fe926939ed 100644 --- a/deps/v8/src/compiler/simplified-lowering.cc +++ b/deps/v8/src/compiler/simplified-lowering.cc @@ -2977,7 +2977,7 @@ Node* SimplifiedLowering::Float64Sign(Node* const node) { graph()->NewNode( common()->Select(MachineRepresentation::kFloat64), graph()->NewNode(machine()->Float64LessThan(), zero, input), one, - zero)); + input)); } Node* SimplifiedLowering::Int32Abs(Node* const node) { diff --git a/deps/v8/src/compiler/typer.cc b/deps/v8/src/compiler/typer.cc index 0d07053dedd0a7..b4051e5547333e 100644 --- a/deps/v8/src/compiler/typer.cc +++ b/deps/v8/src/compiler/typer.cc @@ -1321,7 +1321,7 @@ Type* Typer::Visitor::JSCallFunctionTyper(Type* fun, Typer* t) { case kMathTan: return Type::Number(); case kMathSign: - return t->cache_.kMinusOneToOne; + return t->cache_.kMinusOneToOneOrMinusZeroOrNaN; // Binary math functions. case kMathAtan2: case kMathPow: diff --git a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc index 072215d5fc8b47..ee3e54b6043c78 100644 --- a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc +++ b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc @@ -164,11 +164,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc index b5e1245f3a4593..ce5813b1e170bf 100644 --- a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc +++ b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc @@ -595,11 +595,16 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(x1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); // Context is returned in x0. It replaces the context passed to us. It's diff --git a/deps/v8/src/crankshaft/hydrogen.cc b/deps/v8/src/crankshaft/hydrogen.cc index 240101eeebdb37..a33d2a61200753 100644 --- a/deps/v8/src/crankshaft/hydrogen.cc +++ b/deps/v8/src/crankshaft/hydrogen.cc @@ -6899,11 +6899,19 @@ void HOptimizedGraphBuilder::HandleGlobalVariableAssignment( access = access.WithRepresentation(Representation::Smi()); break; case PropertyCellConstantType::kStableMap: { - // The map may no longer be stable, deopt if it's ever different from - // what is currently there, which will allow for restablization. - Handle map(HeapObject::cast(cell->value())->map()); + // First check that the previous value of the {cell} still has the + // map that we are about to check the new {value} for. If not, then + // the stable map assumption was invalidated and we cannot continue + // with the optimized code. + Handle cell_value(HeapObject::cast(cell->value())); + Handle cell_value_map(cell_value->map()); + if (!cell_value_map->is_stable()) { + return Bailout(kUnstableConstantTypeHeapObject); + } + top_info()->dependencies()->AssumeMapStable(cell_value_map); + // Now check that the new {value} is a HeapObject with the same map. Add(value); - value = Add(value, map); + value = Add(value, cell_value_map); access = access.WithRepresentation(Representation::HeapObject()); break; } diff --git a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc index 8233659ddbe22c..2512e2be019866 100644 --- a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc +++ b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc @@ -176,12 +176,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc index fa345e5173c21e..6be0d13f130b92 100644 --- a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc +++ b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc @@ -183,11 +183,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc index 65e922848bc859..924f552ab02bb2 100644 --- a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc +++ b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc @@ -159,11 +159,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc index fa1f430c58382f..e1203b86a49330 100644 --- a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc +++ b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc @@ -170,11 +170,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r4); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc b/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc index 7bb718df7e0d78..ec2a85a07b2e61 100644 --- a/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc +++ b/deps/v8/src/crankshaft/s390/lithium-codegen-s390.cc @@ -160,11 +160,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r3); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc index e417eaaeb19b72..66046a4e6875c8 100644 --- a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc +++ b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc @@ -179,11 +179,16 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(rdi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc index f6aa9639b3dd96..1a42d5b41b7dc1 100644 --- a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc +++ b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc @@ -146,12 +146,17 @@ void LCodeGen::DoPrologue(LPrologue* instr) { __ CallRuntime(Runtime::kNewScriptContext); deopt_mode = Safepoint::kLazyDeopt; } else { - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } } RecordSafepoint(deopt_mode); diff --git a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc index e25a0441d8d72a..7887d32bdb8608 100644 --- a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc +++ b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc @@ -184,11 +184,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r3); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc index 3330325df4447f..a4f32da2ef9675 100644 --- a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc +++ b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc @@ -187,11 +187,16 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ Push(x3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Mov(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(x1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ Pop(x3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc index 0a00eeade87649..3571948216cc82 100644 --- a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc +++ b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc @@ -176,12 +176,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(edx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(edx); // Restore new target. } diff --git a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc index 917474ae882fb1..67598d0a251198 100644 --- a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc +++ b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc @@ -194,11 +194,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(a3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(a3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc index 0c09bdf176cc98..c149f137cf9111 100644 --- a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc +++ b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc @@ -193,11 +193,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(a3); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ li(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ li(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(a1); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(a3); // Restore new target. } diff --git a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc index 6bac8b15a3399a..6813069d401d3a 100644 --- a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc +++ b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc @@ -190,11 +190,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r6); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r4); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r6); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/s390/full-codegen-s390.cc b/deps/v8/src/full-codegen/s390/full-codegen-s390.cc index 003c9312e43f98..bd1509b77df3ed 100644 --- a/deps/v8/src/full-codegen/s390/full-codegen-s390.cc +++ b/deps/v8/src/full-codegen/s390/full-codegen-s390.cc @@ -195,11 +195,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(r5); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), Operand(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Operand(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(r3); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(r5); // Preserve new target. } diff --git a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc index 4b0e43c9b21afc..ce94a990d54114 100644 --- a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc +++ b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc @@ -175,11 +175,16 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ Push(rdx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ Set(FastNewFunctionContextDescriptor::SlotsRegister(), slots); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ Push(rdi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ Pop(rdx); // Restore new target. } diff --git a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc index 0ccf63f9f079b1..28c8960c4b7a45 100644 --- a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc +++ b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc @@ -176,12 +176,17 @@ void FullCodeGenerator::Generate() { if (info->scope()->new_target_var() != nullptr) { __ push(edx); // Preserve new target. } - FastNewFunctionContextStub stub(isolate()); - __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), - Immediate(slots)); - __ CallStub(&stub); - // Result of FastNewFunctionContextStub is always in new space. - need_write_barrier = false; + if (slots <= FastNewFunctionContextStub::kMaximumSlots) { + FastNewFunctionContextStub stub(isolate()); + __ mov(FastNewFunctionContextDescriptor::SlotsRegister(), + Immediate(slots)); + __ CallStub(&stub); + // Result of FastNewFunctionContextStub is always in new space. + need_write_barrier = false; + } else { + __ push(edi); + __ CallRuntime(Runtime::kNewFunctionContext); + } if (info->scope()->new_target_var() != nullptr) { __ pop(edx); // Restore new target. } diff --git a/deps/v8/src/interpreter/bytecode-generator.cc b/deps/v8/src/interpreter/bytecode-generator.cc index a57399cf6f046e..6ff43a41707fe4 100644 --- a/deps/v8/src/interpreter/bytecode-generator.cc +++ b/deps/v8/src/interpreter/bytecode-generator.cc @@ -3168,7 +3168,12 @@ void BytecodeGenerator::VisitNewLocalFunctionContext() { .CallRuntime(Runtime::kNewScriptContext, closure, 2); } else { int slot_count = scope->num_heap_slots() - Context::MIN_CONTEXT_SLOTS; - builder()->CreateFunctionContext(slot_count); + if (slot_count <= FastNewFunctionContextStub::kMaximumSlots) { + builder()->CreateFunctionContext(slot_count); + } else { + builder()->CallRuntime(Runtime::kNewFunctionContext, + Register::function_closure(), 1); + } } execution_result()->SetResultInAccumulator(); } diff --git a/deps/v8/src/runtime/runtime-utils.h b/deps/v8/src/runtime/runtime-utils.h index 0d84354f4424d4..147efed092a742 100644 --- a/deps/v8/src/runtime/runtime-utils.h +++ b/deps/v8/src/runtime/runtime-utils.h @@ -69,9 +69,11 @@ namespace internal { // Assert that the given argument has a valid value for a LanguageMode // and store it in a LanguageMode variable with the given name. #define CONVERT_LANGUAGE_MODE_ARG_CHECKED(name, index) \ - CHECK(args[index]->IsSmi()); \ - CHECK(is_valid_language_mode(args.smi_at(index))); \ - LanguageMode name = static_cast(args.smi_at(index)); + CHECK(args[index]->IsNumber()); \ + int32_t __tmp_##name = 0; \ + CHECK(args[index]->ToInt32(&__tmp_##name)); \ + CHECK(is_valid_language_mode(__tmp_##name)); \ + LanguageMode name = static_cast(__tmp_##name); // Assert that the given argument is a number within the Int32 range // and convert it to int32_t. If the argument is not an Int32 we crash safely. diff --git a/deps/v8/src/type-cache.h b/deps/v8/src/type-cache.h index f83f3bdb7146b5..e7616ec3dce1cb 100644 --- a/deps/v8/src/type-cache.h +++ b/deps/v8/src/type-cache.h @@ -50,7 +50,9 @@ class TypeCache final { Type* const kTenOrUndefined = Type::Union(kSingletonTen, Type::Undefined(), zone()); Type* const kMinusOneOrZero = CreateRange(-1.0, 0.0); - Type* const kMinusOneToOne = CreateRange(-1.0, 1.0); + Type* const kMinusOneToOneOrMinusZeroOrNaN = Type::Union( + Type::Union(CreateRange(-1.0, 1.0), Type::MinusZero(), zone()), + Type::NaN(), zone()); Type* const kZeroOrOne = CreateRange(0.0, 1.0); Type* const kZeroOrOneOrNaN = Type::Union(kZeroOrOne, Type::NaN(), zone()); Type* const kZeroToThirtyOne = CreateRange(0.0, 31.0); diff --git a/deps/v8/test/mjsunit/compiler/math-sign.js b/deps/v8/test/mjsunit/compiler/math-sign.js new file mode 100644 index 00000000000000..0fff0982df8832 --- /dev/null +++ b/deps/v8/test/mjsunit/compiler/math-sign.js @@ -0,0 +1,51 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function signInt32(i) { + i = i|0; + return Math.sign(i); +} + +signInt32(0); +signInt32(2); +%OptimizeFunctionOnNextCall(signInt32); +assertEquals(1, signInt32(1)); +assertEquals(0, signInt32(0)); +assertEquals(-1, signInt32(-1)); +assertEquals(-1, signInt32(-1)); +assertEquals(1, signInt32(2147483647)); +assertEquals(-1, signInt32(2147483648)); +assertEquals(-1, signInt32(-2147483648)); +assertEquals(0, signInt32(NaN)); +assertEquals(0, signInt32(undefined)); +assertEquals(0, signInt32(-0)); + +function signFloat64(i) { + return Math.sign(+i); +} + +signFloat64(0.1); +signFloat64(-0.1); +%OptimizeFunctionOnNextCall(signFloat64); +assertEquals(1, signFloat64(1)); +assertEquals(1, signFloat64(0.001)); +assertEquals(-1, signFloat64(-0.002)); +assertEquals(1, signFloat64(1e100)); +assertEquals(-1, signFloat64(-2e100)); +assertEquals(0, signFloat64(0)); +assertEquals(Infinity, 1/signFloat64(0)); +assertEquals(-1, signFloat64(-1)); +assertEquals(-1, signFloat64(-1)); +assertEquals(1, signFloat64(2147483647)); +assertEquals(1, signFloat64(2147483648)); +assertEquals(-1, signFloat64(-2147483647)); +assertEquals(-1, signFloat64(-2147483648)); +assertEquals(-1, signFloat64(-2147483649)); +assertEquals(-0, signFloat64(-0)); +assertEquals(NaN, signFloat64(NaN)); +assertEquals(NaN, signFloat64(undefined)); +assertEquals(1, signFloat64(Infinity)); +assertEquals(-1, signFloat64(-Infinity)); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js b/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js new file mode 100644 index 00000000000000..2648203b8c16d7 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-659475-1.js @@ -0,0 +1,30 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var n; + +function Ctor() { + n = new Set(); +} + +function Check() { + n.xyz = 0x826852f4; +} + +Ctor(); +Ctor(); +%OptimizeFunctionOnNextCall(Ctor); +Ctor(); + +Check(); +Check(); +%OptimizeFunctionOnNextCall(Check); +Check(); + +Ctor(); +Check(); + +parseInt('AAAAAAAA'); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js b/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js new file mode 100644 index 00000000000000..49e02fde0093ef --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-659475-2.js @@ -0,0 +1,31 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var n; + +function Ctor() { + try { } catch (e) {} + n = new Set(); +} + +function Check() { + n.xyz = 0x826852f4; +} + +Ctor(); +Ctor(); +%OptimizeFunctionOnNextCall(Ctor); +Ctor(); + +Check(); +Check(); +%OptimizeFunctionOnNextCall(Check); +Check(); + +Ctor(); +Check(); + +parseInt('AAAAAAAA');