Skip to content

Commit 5e7ebc7

Browse files
committed
deps: upgrade v8 to 4.1.0.7
This commit upgrades V8 from 3.31.74.1 to 4.1.0.7. Despite the major version bump, there are no API or ABI changes, it's a bug fix release only. PR-URL: #490 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Kenan Sulayman <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
1 parent ea7750b commit 5e7ebc7

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

57 files changed

+962
-386
lines changed

deps/v8/ChangeLog

+31
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,34 @@
1+
2015-01-07: Version 3.32.3
2+
3+
Performance and stability improvements on all platforms.
4+
5+
6+
2015-01-07: Version 3.32.2
7+
8+
Performance and stability improvements on all platforms.
9+
10+
11+
2015-01-07: Version 3.32.1
12+
13+
[turbofan] Don't crash when typing load from a Uint8ClampedArray
14+
(Chromium issue 446156).
15+
16+
[turbofan] Truncation of Bit/Word8/16 to Word32 is a no-op (Chromium
17+
issue 445859).
18+
19+
[x64] Rearrange code for OOB integer loads (Chromium issue 445858).
20+
21+
Fix %NeverOptimizeFunction() intrinsic (Chromium issue 445732).
22+
23+
[turbofan] Fix invalid bounds check with overflowing offset (Chromium
24+
issue 445267).
25+
26+
[turbofan] Raise max virtual registers and call parameter limit (issue
27+
3786).
28+
29+
Performance and stability improvements on all platforms.
30+
31+
132
2014-12-23: Version 3.31.74
233

334
[turbofan] Turn DCHECK for fixed slot index into a CHECK (Chromium issue

deps/v8/DEPS

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ deps = {
1818
"v8/testing/gmock":
1919
Var("git_url") + "/external/googlemock.git" + "@" + "29763965ab52f24565299976b936d1265cb6a271", # from svn revision 501
2020
"v8/tools/clang":
21-
Var("git_url") + "/chromium/src/tools/clang.git" + "@" + "90fb65e7a9a5c9d6d9613dfb0e78921c52ca9cfc",
21+
Var("git_url") + "/chromium/src/tools/clang.git" + "@" + "c945be21f6485fa177b43814f910b76cce921653",
2222
}
2323

2424
deps_os = {

deps/v8/build/features.gypi

+1-1
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@
117117
'Release': {
118118
'variables': {
119119
'v8_enable_extra_checks%': 0,
120-
'v8_enable_handle_zapping%': 1,
120+
'v8_enable_handle_zapping%': 0,
121121
},
122122
'conditions': [
123123
['v8_enable_extra_checks==1', {

deps/v8/src/api.cc

+1
Original file line numberDiff line numberDiff line change
@@ -1780,6 +1780,7 @@ Local<Script> ScriptCompiler::Compile(Isolate* v8_isolate,
17801780
// Do the parsing tasks which need to be done on the main thread. This will
17811781
// also handle parse errors.
17821782
source->parser->Internalize();
1783+
source->parser->HandleSourceURLComments();
17831784

17841785
i::Handle<i::SharedFunctionInfo> result =
17851786
i::Handle<i::SharedFunctionInfo>::null();

deps/v8/src/base/platform/platform-freebsd.cc

+1-1
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ std::vector<OS::SharedLibraryAddress> OS::GetSharedLibraryAddresses() {
141141
if (bytes_read < 8) break;
142142
unsigned end = StringToLong(addr_buffer);
143143
char buffer[MAP_LENGTH];
144-
bytes_read = -1;
144+
int bytes_read = -1;
145145
do {
146146
bytes_read++;
147147
if (bytes_read >= MAP_LENGTH - 1)

deps/v8/src/base/platform/platform-posix.cc

+1-1
Original file line numberDiff line numberDiff line change
@@ -261,7 +261,7 @@ int OS::GetCurrentThreadId() {
261261
#elif V8_OS_ANDROID
262262
return static_cast<int>(gettid());
263263
#else
264-
return static_cast<int>(reinterpret_cast<intptr_t>(pthread_self()));
264+
return static_cast<int>(pthread_self());
265265
#endif
266266
}
267267

deps/v8/src/compiler/control-reducer.cc

+19-5
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,9 @@ class ControlReducerImpl {
196196
merge = graph()->NewNode(common_->Merge(2), merge, loop);
197197
end->ReplaceInput(0, merge);
198198
to_add = merge;
199+
// Mark the node as visited so that we can revisit later.
200+
EnsureStateSize(merge->id());
201+
state_[merge->id()] = kVisited;
199202
} else {
200203
// Append a new input to the final merge at the end.
201204
merge->AppendInput(graph()->zone(), loop);
@@ -293,14 +296,17 @@ class ControlReducerImpl {
293296
if (replacement != node) Recurse(replacement);
294297
}
295298

299+
void EnsureStateSize(size_t id) {
300+
if (id >= state_.size()) {
301+
state_.resize((3 * id) / 2, kUnvisited);
302+
}
303+
}
304+
296305
// Push a node onto the stack if its state is {kUnvisited} or {kRevisit}.
297306
bool Recurse(Node* node) {
298307
size_t id = static_cast<size_t>(node->id());
299-
if (id < state_.size()) {
300-
if (state_[id] != kRevisit && state_[id] != kUnvisited) return false;
301-
} else {
302-
state_.resize((3 * id) / 2, kUnvisited);
303-
}
308+
EnsureStateSize(id);
309+
if (state_[id] != kRevisit && state_[id] != kUnvisited) return false;
304310
Push(node);
305311
return true;
306312
}
@@ -403,6 +409,14 @@ class ControlReducerImpl {
403409
if (n <= 1) return dead(); // No non-control inputs.
404410
if (n == 2) return node->InputAt(0); // Only one non-control input.
405411

412+
// Never remove an effect phi from a (potentially non-terminating) loop.
413+
// Otherwise, we might end up eliminating effect nodes, such as calls,
414+
// before the loop.
415+
if (node->opcode() == IrOpcode::kEffectPhi &&
416+
NodeProperties::GetControlInput(node)->opcode() == IrOpcode::kLoop) {
417+
return node;
418+
}
419+
406420
Node* replacement = NULL;
407421
Node::Inputs inputs = node->inputs();
408422
for (InputIter it = inputs.begin(); n > 1; --n, ++it) {

deps/v8/src/compiler/js-typed-lowering.cc

+51-141
Original file line numberDiff line numberDiff line change
@@ -490,124 +490,34 @@ Reduction JSTypedLowering::ReduceJSStrictEqual(Node* node, bool invert) {
490490
}
491491

492492

493-
Reduction JSTypedLowering::ReduceJSToBooleanInput(Node* input) {
494-
if (input->opcode() == IrOpcode::kJSToBoolean) {
495-
// Recursively try to reduce the input first.
496-
Reduction result = ReduceJSToBoolean(input);
497-
if (result.Changed()) return result;
498-
return Changed(input); // JSToBoolean(JSToBoolean(x)) => JSToBoolean(x)
499-
}
500-
// Check if we have a cached conversion.
501-
Node* conversion = FindConversion<IrOpcode::kJSToBoolean>(input);
502-
if (conversion) return Replace(conversion);
493+
Reduction JSTypedLowering::ReduceJSUnaryNot(Node* node) {
494+
Node* input = node->InputAt(0);
503495
Type* input_type = NodeProperties::GetBounds(input).upper;
504496
if (input_type->Is(Type::Boolean())) {
505-
return Changed(input); // JSToBoolean(x:boolean) => x
506-
}
507-
if (input_type->Is(Type::Undefined())) {
508-
// JSToBoolean(undefined) => #false
509-
return Replace(jsgraph()->FalseConstant());
510-
}
511-
if (input_type->Is(Type::Null())) {
512-
// JSToBoolean(null) => #false
513-
return Replace(jsgraph()->FalseConstant());
514-
}
515-
if (input_type->Is(Type::DetectableReceiver())) {
516-
// JSToBoolean(x:detectable) => #true
517-
return Replace(jsgraph()->TrueConstant());
518-
}
519-
if (input_type->Is(Type::Undetectable())) {
520-
// JSToBoolean(x:undetectable) => #false
521-
return Replace(jsgraph()->FalseConstant());
522-
}
523-
if (input_type->Is(Type::OrderedNumber())) {
524-
// JSToBoolean(x:ordered-number) => BooleanNot(NumberEqual(x, #0))
525-
Node* cmp = graph()->NewNode(simplified()->NumberEqual(), input,
526-
jsgraph()->ZeroConstant());
527-
Node* inv = graph()->NewNode(simplified()->BooleanNot(), cmp);
528-
return Replace(inv);
529-
}
530-
if (input_type->Is(Type::String())) {
531-
// JSToBoolean(x:string) => BooleanNot(NumberEqual(x.length, #0))
532-
FieldAccess access = AccessBuilder::ForStringLength();
533-
Node* length = graph()->NewNode(simplified()->LoadField(access), input,
534-
graph()->start(), graph()->start());
535-
Node* cmp = graph()->NewNode(simplified()->NumberEqual(), length,
536-
jsgraph()->ZeroConstant());
537-
Node* inv = graph()->NewNode(simplified()->BooleanNot(), cmp);
538-
return Replace(inv);
497+
// JSUnaryNot(x:boolean,context) => BooleanNot(x)
498+
node->set_op(simplified()->BooleanNot());
499+
node->TrimInputCount(1);
500+
return Changed(node);
539501
}
540-
return NoChange();
502+
// JSUnaryNot(x,context) => BooleanNot(AnyToBoolean(x))
503+
node->set_op(simplified()->BooleanNot());
504+
node->ReplaceInput(0, graph()->NewNode(simplified()->AnyToBoolean(), input));
505+
node->TrimInputCount(1);
506+
return Changed(node);
541507
}
542508

543509

544510
Reduction JSTypedLowering::ReduceJSToBoolean(Node* node) {
545-
// Try to reduce the input first.
546-
Node* const input = node->InputAt(0);
547-
Reduction reduction = ReduceJSToBooleanInput(input);
548-
if (reduction.Changed()) return reduction;
549-
if (input->opcode() == IrOpcode::kPhi) {
550-
// JSToBoolean(phi(x1,...,xn,control),context)
551-
// => phi(JSToBoolean(x1,no-context),...,JSToBoolean(xn,no-context))
552-
int const input_count = input->InputCount() - 1;
553-
Node* const control = input->InputAt(input_count);
554-
DCHECK_LE(0, input_count);
555-
DCHECK(NodeProperties::IsControl(control));
556-
DCHECK(NodeProperties::GetBounds(node).upper->Is(Type::Boolean()));
557-
DCHECK(!NodeProperties::GetBounds(input).upper->Is(Type::Boolean()));
558-
node->set_op(common()->Phi(kMachAnyTagged, input_count));
559-
for (int i = 0; i < input_count; ++i) {
560-
// We must be very careful not to introduce cycles when pushing
561-
// operations into phis. It is safe for {value}, since it appears
562-
// as input to the phi that we are replacing, but it's not safe
563-
// to simply reuse the context of the {node}. However, ToBoolean()
564-
// does not require a context anyways, so it's safe to discard it
565-
// here and pass the dummy context.
566-
Node* const value = ConvertToBoolean(input->InputAt(i));
567-
if (i < node->InputCount()) {
568-
node->ReplaceInput(i, value);
569-
} else {
570-
node->AppendInput(graph()->zone(), value);
571-
}
572-
}
573-
if (input_count < node->InputCount()) {
574-
node->ReplaceInput(input_count, control);
575-
} else {
576-
node->AppendInput(graph()->zone(), control);
577-
}
578-
node->TrimInputCount(input_count + 1);
579-
return Changed(node);
580-
}
581-
if (input->opcode() == IrOpcode::kSelect) {
582-
// JSToBoolean(select(c,x1,x2),context)
583-
// => select(c,JSToBoolean(x1,no-context),...,JSToBoolean(x2,no-context))
584-
int const input_count = input->InputCount();
585-
BranchHint const input_hint = SelectParametersOf(input->op()).hint();
586-
DCHECK_EQ(3, input_count);
587-
DCHECK(NodeProperties::GetBounds(node).upper->Is(Type::Boolean()));
588-
DCHECK(!NodeProperties::GetBounds(input).upper->Is(Type::Boolean()));
589-
node->set_op(common()->Select(kMachAnyTagged, input_hint));
590-
node->InsertInput(graph()->zone(), 0, input->InputAt(0));
591-
for (int i = 1; i < input_count; ++i) {
592-
// We must be very careful not to introduce cycles when pushing
593-
// operations into selects. It is safe for {value}, since it appears
594-
// as input to the select that we are replacing, but it's not safe
595-
// to simply reuse the context of the {node}. However, ToBoolean()
596-
// does not require a context anyways, so it's safe to discard it
597-
// here and pass the dummy context.
598-
Node* const value = ConvertToBoolean(input->InputAt(i));
599-
node->ReplaceInput(i, value);
600-
}
601-
DCHECK_EQ(3, node->InputCount());
602-
return Changed(node);
603-
}
604-
InsertConversion(node);
605-
if (node->InputAt(1) != jsgraph()->NoContextConstant()) {
606-
// JSToBoolean(x,context) => JSToBoolean(x,no-context)
607-
node->ReplaceInput(1, jsgraph()->NoContextConstant());
608-
return Changed(node);
511+
Node* input = node->InputAt(0);
512+
Type* input_type = NodeProperties::GetBounds(input).upper;
513+
if (input_type->Is(Type::Boolean())) {
514+
// JSToBoolean(x:boolean,context) => x
515+
return Replace(input);
609516
}
610-
return NoChange();
517+
// JSToBoolean(x,context) => AnyToBoolean(x)
518+
node->set_op(simplified()->AnyToBoolean());
519+
node->TrimInputCount(1);
520+
return Changed(node);
611521
}
612522

613523

@@ -927,14 +837,36 @@ Reduction JSTypedLowering::ReduceJSStoreContext(Node* node) {
927837

928838
Reduction JSTypedLowering::Reduce(Node* node) {
929839
// Check if the output type is a singleton. In that case we already know the
930-
// result value and can simply replace the node unless there are effects.
840+
// result value and can simply replace the node if it's eliminable.
931841
if (NodeProperties::IsTyped(node) &&
932-
NodeProperties::GetBounds(node).upper->IsConstant() &&
933842
!IrOpcode::IsLeafOpcode(node->opcode()) &&
934-
node->op()->EffectOutputCount() == 0) {
935-
return ReplaceEagerly(node, jsgraph()->Constant(
936-
NodeProperties::GetBounds(node).upper->AsConstant()->Value()));
937-
// TODO(neis): Extend this to Range(x,x), NaN, MinusZero, ...?
843+
node->op()->HasProperty(Operator::kEliminatable)) {
844+
Type* upper = NodeProperties::GetBounds(node).upper;
845+
if (upper->IsConstant()) {
846+
Node* replacement = jsgraph()->Constant(upper->AsConstant()->Value());
847+
NodeProperties::ReplaceWithValue(node, replacement);
848+
return Changed(replacement);
849+
} else if (upper->Is(Type::MinusZero())) {
850+
Node* replacement = jsgraph()->Constant(factory()->minus_zero_value());
851+
NodeProperties::ReplaceWithValue(node, replacement);
852+
return Changed(replacement);
853+
} else if (upper->Is(Type::NaN())) {
854+
Node* replacement = jsgraph()->NaNConstant();
855+
NodeProperties::ReplaceWithValue(node, replacement);
856+
return Changed(replacement);
857+
} else if (upper->Is(Type::Null())) {
858+
Node* replacement = jsgraph()->NullConstant();
859+
NodeProperties::ReplaceWithValue(node, replacement);
860+
return Changed(replacement);
861+
} else if (upper->Is(Type::PlainNumber()) && upper->Min() == upper->Max()) {
862+
Node* replacement = jsgraph()->Constant(upper->Min());
863+
NodeProperties::ReplaceWithValue(node, replacement);
864+
return Changed(replacement);
865+
} else if (upper->Is(Type::Undefined())) {
866+
Node* replacement = jsgraph()->UndefinedConstant();
867+
NodeProperties::ReplaceWithValue(node, replacement);
868+
return Changed(replacement);
869+
}
938870
}
939871
switch (node->opcode()) {
940872
case IrOpcode::kJSEqual:
@@ -972,18 +904,8 @@ Reduction JSTypedLowering::Reduce(Node* node) {
972904
return ReduceNumberBinop(node, simplified()->NumberDivide());
973905
case IrOpcode::kJSModulus:
974906
return ReduceNumberBinop(node, simplified()->NumberModulus());
975-
case IrOpcode::kJSUnaryNot: {
976-
Reduction result = ReduceJSToBooleanInput(node->InputAt(0));
977-
if (result.Changed()) {
978-
// JSUnaryNot(x:boolean) => BooleanNot(x)
979-
node = result.replacement();
980-
} else {
981-
// JSUnaryNot(x) => BooleanNot(JSToBoolean(x))
982-
node->set_op(javascript()->ToBoolean());
983-
}
984-
Node* value = graph()->NewNode(simplified()->BooleanNot(), node);
985-
return Replace(value);
986-
}
907+
case IrOpcode::kJSUnaryNot:
908+
return ReduceJSUnaryNot(node);
987909
case IrOpcode::kJSToBoolean:
988910
return ReduceJSToBoolean(node);
989911
case IrOpcode::kJSToNumber:
@@ -1005,17 +927,6 @@ Reduction JSTypedLowering::Reduce(Node* node) {
1005927
}
1006928

1007929

1008-
Node* JSTypedLowering::ConvertToBoolean(Node* input) {
1009-
// Avoid inserting too many eager ToBoolean() operations.
1010-
Reduction const reduction = ReduceJSToBooleanInput(input);
1011-
if (reduction.Changed()) return reduction.replacement();
1012-
Node* const conversion = graph()->NewNode(javascript()->ToBoolean(), input,
1013-
jsgraph()->NoContextConstant());
1014-
InsertConversion(conversion);
1015-
return conversion;
1016-
}
1017-
1018-
1019930
Node* JSTypedLowering::ConvertToNumber(Node* input) {
1020931
DCHECK(NodeProperties::GetBounds(input).upper->Is(Type::PlainPrimitive()));
1021932
// Avoid inserting too many eager ToNumber() operations.
@@ -1043,8 +954,7 @@ Node* JSTypedLowering::FindConversion(Node* input) {
1043954

1044955

1045956
void JSTypedLowering::InsertConversion(Node* conversion) {
1046-
DCHECK(conversion->opcode() == IrOpcode::kJSToBoolean ||
1047-
conversion->opcode() == IrOpcode::kJSToNumber);
957+
DCHECK(conversion->opcode() == IrOpcode::kJSToNumber);
1048958
size_t const input_id = conversion->InputAt(0)->id();
1049959
if (input_id >= conversions_.size()) {
1050960
conversions_.resize(2 * input_id + 1);

deps/v8/src/compiler/js-typed-lowering.h

+1-2
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class JSTypedLowering FINAL : public Reducer {
4141
Reduction ReduceJSStoreContext(Node* node);
4242
Reduction ReduceJSEqual(Node* node, bool invert);
4343
Reduction ReduceJSStrictEqual(Node* node, bool invert);
44-
Reduction ReduceJSToBooleanInput(Node* input);
44+
Reduction ReduceJSUnaryNot(Node* node);
4545
Reduction ReduceJSToBoolean(Node* node);
4646
Reduction ReduceJSToNumberInput(Node* input);
4747
Reduction ReduceJSToNumber(Node* node);
@@ -52,7 +52,6 @@ class JSTypedLowering FINAL : public Reducer {
5252
Reduction ReduceUI32Shift(Node* node, Signedness left_signedness,
5353
const Operator* shift_op);
5454

55-
Node* ConvertToBoolean(Node* input);
5655
Node* ConvertToNumber(Node* input);
5756
template <IrOpcode::Value>
5857
Node* FindConversion(Node* input);

deps/v8/src/compiler/opcodes.h

+1
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@
132132

133133
// Opcodes for VirtuaMachine-level operators.
134134
#define SIMPLIFIED_OP_LIST(V) \
135+
V(AnyToBoolean) \
135136
V(BooleanNot) \
136137
V(BooleanToNumber) \
137138
V(NumberEqual) \

deps/v8/src/compiler/pipeline.cc

+1-1
Original file line numberDiff line numberDiff line change
@@ -441,7 +441,7 @@ struct SimplifiedLoweringPhase {
441441
void Run(PipelineData* data, Zone* temp_zone) {
442442
SourcePositionTable::Scope pos(data->source_positions(),
443443
SourcePosition::Unknown());
444-
SimplifiedLowering lowering(data->jsgraph());
444+
SimplifiedLowering lowering(data->jsgraph(), temp_zone);
445445
lowering.LowerAllNodes();
446446
ValueNumberingReducer vn_reducer(temp_zone);
447447
SimplifiedOperatorReducer simple_reducer(data->jsgraph());

0 commit comments

Comments
 (0)