Upgrade V8 to version 4.9.385.28
https://chromium.googlesource.com/v8/v8/+/4.9.385.28
FPIIM-449
Change-Id: I4b2e74289d4bf3667f2f3dc8aa2e541f63e26eb4
diff --git a/src/runtime/runtime-test.cc b/src/runtime/runtime-test.cc
index b4b90e2..3b92d7f 100644
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -2,13 +2,13 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/v8.h"
+#include "src/runtime/runtime-utils.h"
#include "src/arguments.h"
#include "src/deoptimizer.h"
-#include "src/full-codegen.h"
-#include "src/natives.h"
-#include "src/runtime/runtime-utils.h"
+#include "src/frames-inl.h"
+#include "src/full-codegen/full-codegen.h"
+#include "src/snapshot/natives.h"
namespace v8 {
namespace internal {
@@ -20,7 +20,39 @@
if (!function->IsOptimized()) return isolate->heap()->undefined_value();
// TODO(turbofan): Deoptimization is not supported yet.
- if (function->code()->is_turbofanned() && !FLAG_turbo_deoptimization) {
+ if (function->code()->is_turbofanned() &&
+ function->shared()->asm_function() && !FLAG_turbo_asm_deoptimization) {
+ return isolate->heap()->undefined_value();
+ }
+
+ Deoptimizer::DeoptimizeFunction(*function);
+
+ return isolate->heap()->undefined_value();
+}
+
+
+RUNTIME_FUNCTION(Runtime_DeoptimizeNow) {
+ HandleScope scope(isolate);
+ DCHECK(args.length() == 0);
+
+ Handle<JSFunction> function;
+
+ // If the argument is 'undefined', deoptimize the topmost
+ // function.
+ JavaScriptFrameIterator it(isolate);
+ while (!it.done()) {
+ if (it.frame()->is_java_script()) {
+ function = Handle<JSFunction>(it.frame()->function());
+ break;
+ }
+ }
+ if (function.is_null()) return isolate->heap()->undefined_value();
+
+ if (!function->IsOptimized()) return isolate->heap()->undefined_value();
+
+ // TODO(turbofan): Deoptimization is not supported yet.
+ if (function->code()->is_turbofanned() &&
+ function->shared()->asm_function() && !FLAG_turbo_asm_deoptimization) {
return isolate->heap()->undefined_value();
}
@@ -53,35 +85,22 @@
HandleScope scope(isolate);
RUNTIME_ASSERT(args.length() == 1 || args.length() == 2);
CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
- // The following two assertions are lifted from the DCHECKs inside
+ // The following assertion was lifted from the DCHECK inside
// JSFunction::MarkForOptimization().
- RUNTIME_ASSERT(!function->shared()->is_generator());
RUNTIME_ASSERT(function->shared()->allows_lazy_compilation() ||
(function->code()->kind() == Code::FUNCTION &&
- function->code()->optimizable()));
-
- if (!isolate->use_crankshaft()) return isolate->heap()->undefined_value();
+ !function->shared()->optimization_disabled()));
// If the function is already optimized, just return.
if (function->IsOptimized()) return isolate->heap()->undefined_value();
- // If the function cannot optimized, just return.
- if (function->shared()->optimization_disabled()) {
- return isolate->heap()->undefined_value();
- }
-
function->MarkForOptimization();
Code* unoptimized = function->shared()->code();
if (args.length() == 2 && unoptimized->kind() == Code::FUNCTION) {
CONVERT_ARG_HANDLE_CHECKED(String, type, 1);
- if (type->IsOneByteEqualTo(STATIC_CHAR_VECTOR("osr")) && FLAG_use_osr) {
- // Start patching from the currently patched loop nesting level.
- DCHECK(BackEdgeTable::Verify(isolate, unoptimized));
- isolate->runtime_profiler()->AttemptOnStackReplacement(
- *function, Code::kMaxLoopNestingMarker);
- } else if (type->IsOneByteEqualTo(STATIC_CHAR_VECTOR("concurrent")) &&
- isolate->concurrent_recompilation_enabled()) {
+ if (type->IsOneByteEqualTo(STATIC_CHAR_VECTOR("concurrent")) &&
+ isolate->concurrent_recompilation_enabled()) {
function->AttemptConcurrentOptimization();
}
}
@@ -90,6 +109,46 @@
}
+RUNTIME_FUNCTION(Runtime_OptimizeOsr) {
+ HandleScope scope(isolate);
+ RUNTIME_ASSERT(args.length() == 0 || args.length() == 1);
+ Handle<JSFunction> function = Handle<JSFunction>::null();
+
+ if (args.length() == 0) {
+ // Find the JavaScript function on the top of the stack.
+ JavaScriptFrameIterator it(isolate);
+ while (!it.done()) {
+ if (it.frame()->is_java_script()) {
+ function = Handle<JSFunction>(it.frame()->function());
+ break;
+ }
+ }
+ if (function.is_null()) return isolate->heap()->undefined_value();
+ } else {
+ // Function was passed as an argument.
+ CONVERT_ARG_HANDLE_CHECKED(JSFunction, arg, 0);
+ function = arg;
+ }
+
+ // The following assertion was lifted from the DCHECK inside
+ // JSFunction::MarkForOptimization().
+ RUNTIME_ASSERT(function->shared()->allows_lazy_compilation() ||
+ !function->shared()->optimization_disabled());
+
+ // If the function is already optimized, just return.
+ if (function->IsOptimized()) return isolate->heap()->undefined_value();
+
+ Code* unoptimized = function->shared()->code();
+ if (unoptimized->kind() == Code::FUNCTION) {
+ DCHECK(BackEdgeTable::Verify(isolate, unoptimized));
+ isolate->runtime_profiler()->AttemptOnStackReplacement(
+ *function, Code::kMaxLoopNestingMarker);
+ }
+
+ return isolate->heap()->undefined_value();
+}
+
+
RUNTIME_FUNCTION(Runtime_NeverOptimizeFunction) {
HandleScope scope(isolate);
DCHECK(args.length() == 1);
@@ -117,15 +176,14 @@
if (isolate->concurrent_recompilation_enabled() &&
sync_with_compiler_thread) {
while (function->IsInOptimizationQueue()) {
- isolate->optimizing_compiler_thread()->InstallOptimizedFunctions();
- base::OS::Sleep(50);
+ isolate->optimizing_compile_dispatcher()->InstallOptimizedFunctions();
+ base::OS::Sleep(base::TimeDelta::FromMilliseconds(50));
}
}
- if (FLAG_always_opt) {
- // We may have always opt, but that is more best-effort than a real
- // promise, so we still say "no" if it is not optimized.
- return function->IsOptimized() ? Smi::FromInt(3) // 3 == "always".
- : Smi::FromInt(2); // 2 == "no".
+ if (FLAG_always_opt || FLAG_prepare_always_opt) {
+ // With --always-opt, optimization status expectations might not
+ // match up, so just return a sentinel.
+ return Smi::FromInt(3); // 3 == "always".
}
if (FLAG_deopt_every_n_times) {
return Smi::FromInt(6); // 6 == "maybe deopted".
@@ -142,7 +200,7 @@
DCHECK(args.length() == 0);
RUNTIME_ASSERT(FLAG_block_concurrent_recompilation);
RUNTIME_ASSERT(isolate->concurrent_recompilation_enabled());
- isolate->optimizing_compiler_thread()->Unblock();
+ isolate->optimizing_compile_dispatcher()->Unblock();
return isolate->heap()->undefined_value();
}
@@ -155,6 +213,21 @@
}
+RUNTIME_FUNCTION(Runtime_GetUndetectable) {
+ HandleScope scope(isolate);
+ DCHECK(args.length() == 0);
+ v8::Isolate* v8_isolate = reinterpret_cast<v8::Isolate*>(isolate);
+
+ Local<v8::ObjectTemplate> desc = v8::ObjectTemplate::New(v8_isolate);
+ desc->MarkAsUndetectable();
+ Local<v8::Object> obj;
+ if (!desc->NewInstance(v8_isolate->GetCurrentContext()).ToLocal(&obj)) {
+ return nullptr;
+ }
+ return *Utils::OpenHandle(*obj);
+}
+
+
RUNTIME_FUNCTION(Runtime_ClearFunctionTypeFeedback) {
HandleScope scope(isolate);
DCHECK(args.length() == 1);
@@ -209,8 +282,9 @@
// and print some interesting cpu debugging info.
JavaScriptFrameIterator it(isolate);
JavaScriptFrame* frame = it.frame();
- os << "fp = " << frame->fp() << ", sp = " << frame->sp()
- << ", caller_sp = " << frame->caller_sp() << ": ";
+ os << "fp = " << static_cast<void*>(frame->fp())
+ << ", sp = " << static_cast<void*>(frame->sp())
+ << ", caller_sp = " << static_cast<void*>(frame->caller_sp()) << ": ";
} else {
os << "DebugPrint: ";
}
@@ -268,7 +342,7 @@
SealHandleScope shs(isolate);
DCHECK(args.length() == 1);
CONVERT_ARG_CHECKED(String, arg, 0);
- SmartArrayPointer<char> flags =
+ base::SmartArrayPointer<char> flags =
arg->ToCString(DISALLOW_NULLS, ROBUST_STRING_TRAVERSAL);
FlagList::SetFlagsFromString(flags.get(), StrLength(flags.get()));
return isolate->heap()->undefined_value();
@@ -303,7 +377,8 @@
RUNTIME_FUNCTION(Runtime_NativeScriptsCount) {
DCHECK(args.length() == 0);
- return Smi::FromInt(Natives::GetBuiltinsCount());
+ return Smi::FromInt(Natives::GetBuiltinsCount() +
+ ExtraNatives::GetBuiltinsCount());
}
@@ -318,6 +393,23 @@
}
+RUNTIME_FUNCTION(Runtime_DisassembleFunction) {
+ HandleScope scope(isolate);
+#ifdef DEBUG
+ DCHECK(args.length() == 1);
+ // Get the function and make sure it is compiled.
+ CONVERT_ARG_HANDLE_CHECKED(JSFunction, func, 0);
+ if (!Compiler::Compile(func, KEEP_EXCEPTION)) {
+ return isolate->heap()->exception();
+ }
+ OFStream os(stdout);
+ func->code()->Print(os);
+ os << std::endl;
+#endif // DEBUG
+ return isolate->heap()->undefined_value();
+}
+
+
static int StackSize(Isolate* isolate) {
int n = 0;
for (JavaScriptFrameIterator it(isolate); !it.done(); it.Advance()) n++;
@@ -374,6 +466,14 @@
}
+RUNTIME_FUNCTION(Runtime_InNewSpace) {
+ SealHandleScope shs(isolate);
+ DCHECK(args.length() == 1);
+ CONVERT_ARG_CHECKED(Object, obj, 0);
+ return isolate->heap()->ToBoolean(isolate->heap()->InNewSpace(obj));
+}
+
+
#define ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(Name) \
RUNTIME_FUNCTION(Runtime_Has##Name) { \
CONVERT_ARG_CHECKED(JSObject, obj, 0); \
@@ -387,24 +487,13 @@
ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(FastHoleyElements)
ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(DictionaryElements)
ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(SloppyArgumentsElements)
-ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(ExternalArrayElements)
+ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(FixedTypedArrayElements)
// Properties test sitting with elements tests - not fooling anyone.
ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(FastProperties)
#undef ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION
-#define TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION(Type, type, TYPE, ctype, size) \
- RUNTIME_FUNCTION(Runtime_HasExternal##Type##Elements) { \
- CONVERT_ARG_CHECKED(JSObject, obj, 0); \
- return isolate->heap()->ToBoolean(obj->HasExternal##Type##Elements()); \
- }
-
-TYPED_ARRAYS(TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION)
-
-#undef TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION
-
-
#define FIXED_TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION(Type, type, TYPE, ctype, s) \
RUNTIME_FUNCTION(Runtime_HasFixed##Type##Elements) { \
CONVERT_ARG_CHECKED(JSObject, obj, 0); \
@@ -414,5 +503,5 @@
TYPED_ARRAYS(FIXED_TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION)
#undef FIXED_TYPED_ARRAYS_CHECK_RUNTIME_FUNCTION
-}
-} // namespace v8::internal
+} // namespace internal
+} // namespace v8