Merge V8 at 3.7.12.28
Bug: 5688872
Change-Id: Iddb40cae44d51a2b449f2858951e0472771f5981
diff --git a/src/objects-debug.cc b/src/objects-debug.cc
index e9ca6c0..64bda94 100644
--- a/src/objects-debug.cc
+++ b/src/objects-debug.cc
@@ -94,6 +94,9 @@
case BYTE_ARRAY_TYPE:
ByteArray::cast(this)->ByteArrayVerify();
break;
+ case FREE_SPACE_TYPE:
+ FreeSpace::cast(this)->FreeSpaceVerify();
+ break;
case EXTERNAL_PIXEL_ARRAY_TYPE:
ExternalPixelArray::cast(this)->ExternalPixelArrayVerify();
break;
@@ -153,6 +156,12 @@
case JS_ARRAY_TYPE:
JSArray::cast(this)->JSArrayVerify();
break;
+ case JS_SET_TYPE:
+ JSSet::cast(this)->JSSetVerify();
+ break;
+ case JS_MAP_TYPE:
+ JSMap::cast(this)->JSMapVerify();
+ break;
case JS_WEAK_MAP_TYPE:
JSWeakMap::cast(this)->JSWeakMapVerify();
break;
@@ -207,6 +216,11 @@
}
+void FreeSpace::FreeSpaceVerify() {
+ ASSERT(IsFreeSpace());
+}
+
+
void ExternalPixelArray::ExternalPixelArrayVerify() {
ASSERT(IsExternalPixelArray());
}
@@ -255,12 +269,18 @@
void JSObject::JSObjectVerify() {
VerifyHeapPointer(properties());
VerifyHeapPointer(elements());
+
+ if (GetElementsKind() == NON_STRICT_ARGUMENTS_ELEMENTS) {
+ ASSERT(this->elements()->IsFixedArray());
+ ASSERT(this->elements()->length() >= 2);
+ }
+
if (HasFastProperties()) {
CHECK_EQ(map()->unused_property_fields(),
(map()->inobject_properties() + properties()->length() -
map()->NextFreePropertyIndex()));
}
- ASSERT_EQ(map()->has_fast_elements(),
+ ASSERT_EQ((map()->has_fast_elements() || map()->has_fast_smi_only_elements()),
(elements()->map() == GetHeap()->fixed_array_map() ||
elements()->map() == GetHeap()->fixed_cow_array_map()));
ASSERT(map()->has_fast_elements() == HasFastElements());
@@ -322,7 +342,8 @@
double value = get_scalar(i);
ASSERT(!isnan(value) ||
(BitCast<uint64_t>(value) ==
- BitCast<uint64_t>(canonical_not_the_hole_nan_as_double())));
+ BitCast<uint64_t>(canonical_not_the_hole_nan_as_double())) ||
+ ((BitCast<uint64_t>(value) & Double::kSignMask) != 0));
}
}
}
@@ -387,6 +408,7 @@
CHECK(IsJSFunction());
VerifyObjectField(kPrototypeOrInitialMapOffset);
VerifyObjectField(kNextFunctionLinkOffset);
+ CHECK(code()->IsCode());
CHECK(next_function_link()->IsUndefined() ||
next_function_link()->IsJSFunction());
}
@@ -446,9 +468,8 @@
} else {
ASSERT(number->IsSmi());
int value = Smi::cast(number)->value();
- // Hidden oddballs have negative smis.
- const int kLeastHiddenOddballNumber = -4;
ASSERT(value <= 1);
+ // Hidden oddballs have negative smis.
ASSERT(value >= kLeastHiddenOddballNumber);
}
}
@@ -463,6 +484,7 @@
void Code::CodeVerify() {
CHECK(IsAligned(reinterpret_cast<intptr_t>(instruction_start()),
kCodeAlignment));
+ relocation_info()->Verify();
Address last_gc_pc = NULL;
for (RelocIterator it(this); !it.done(); it.next()) {
it.rinfo()->Verify();
@@ -484,11 +506,27 @@
}
+void JSSet::JSSetVerify() {
+ CHECK(IsJSSet());
+ JSObjectVerify();
+ VerifyHeapPointer(table());
+ ASSERT(table()->IsHashTable() || table()->IsUndefined());
+}
+
+
+void JSMap::JSMapVerify() {
+ CHECK(IsJSMap());
+ JSObjectVerify();
+ VerifyHeapPointer(table());
+ ASSERT(table()->IsHashTable() || table()->IsUndefined());
+}
+
+
void JSWeakMap::JSWeakMapVerify() {
CHECK(IsJSWeakMap());
JSObjectVerify();
VerifyHeapPointer(table());
- ASSERT(table()->IsHashTable());
+ ASSERT(table()->IsHashTable() || table()->IsUndefined());
}
@@ -535,13 +573,14 @@
void JSProxy::JSProxyVerify() {
- ASSERT(IsJSProxy());
+ CHECK(IsJSProxy());
VerifyPointer(handler());
+ ASSERT(hash()->IsSmi() || hash()->IsUndefined());
}
void JSFunctionProxy::JSFunctionProxyVerify() {
- ASSERT(IsJSFunctionProxy());
+ CHECK(IsJSFunctionProxy());
JSProxyVerify();
VerifyPointer(call_trap());
VerifyPointer(construct_trap());
@@ -700,7 +739,7 @@
break;
}
case DICTIONARY_ELEMENTS: {
- SeededNumberDictionary* dict = element_dictionary();
+ NumberDictionary* dict = element_dictionary();
info->number_of_slow_used_elements_ += dict->NumberOfElements();
info->number_of_slow_unused_elements_ +=
dict->Capacity() - dict->NumberOfElements();