Update V8 to r5318 to fix crashing ARM bugs
Bug: 2947054
Change-Id: I9c7398edb1525477c75ace9d383efaf790d12c51
diff --git a/src/objects.cc b/src/objects.cc
index 8359aa3..1a4ed05 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1024,38 +1024,6 @@
}
-int HeapObject::SlowSizeFromMap(Map* map) {
- // Avoid calling functions such as FixedArray::cast during GC, which
- // read map pointer of this object again.
- InstanceType instance_type = map->instance_type();
- uint32_t type = static_cast<uint32_t>(instance_type);
-
- if (instance_type < FIRST_NONSTRING_TYPE
- && (StringShape(instance_type).IsSequential())) {
- if ((type & kStringEncodingMask) == kAsciiStringTag) {
- SeqAsciiString* seq_ascii_this = reinterpret_cast<SeqAsciiString*>(this);
- return seq_ascii_this->SeqAsciiStringSize(instance_type);
- } else {
- SeqTwoByteString* self = reinterpret_cast<SeqTwoByteString*>(this);
- return self->SeqTwoByteStringSize(instance_type);
- }
- }
-
- switch (instance_type) {
- case FIXED_ARRAY_TYPE:
- return FixedArray::BodyDescriptor::SizeOf(map, this);
- case BYTE_ARRAY_TYPE:
- return reinterpret_cast<ByteArray*>(this)->ByteArraySize();
- case CODE_TYPE:
- return reinterpret_cast<Code*>(this)->CodeSize();
- case MAP_TYPE:
- return Map::kSize;
- default:
- return map->instance_size();
- }
-}
-
-
void HeapObject::Iterate(ObjectVisitor* v) {
// Handle header
IteratePointer(v, kMapOffset);
@@ -1098,12 +1066,15 @@
case JS_VALUE_TYPE:
case JS_ARRAY_TYPE:
case JS_REGEXP_TYPE:
- case JS_FUNCTION_TYPE:
case JS_GLOBAL_PROXY_TYPE:
case JS_GLOBAL_OBJECT_TYPE:
case JS_BUILTINS_OBJECT_TYPE:
JSObject::BodyDescriptor::IterateBody(this, object_size, v);
break;
+ case JS_FUNCTION_TYPE:
+ reinterpret_cast<JSFunction*>(this)
+ ->JSFunctionIterateBody(object_size, v);
+ break;
case ODDBALL_TYPE:
Oddball::BodyDescriptor::IterateBody(this, v);
break;
@@ -1148,11 +1119,6 @@
}
-void HeapObject::IterateStructBody(int object_size, ObjectVisitor* v) {
- IteratePointers(v, HeapObject::kHeaderSize, object_size);
-}
-
-
Object* HeapNumber::HeapNumberToBoolean() {
// NaN, +0, and -0 should return the false object
#if __BYTE_ORDER == __LITTLE_ENDIAN
@@ -5025,6 +4991,15 @@
}
+void JSFunction::JSFunctionIterateBody(int object_size, ObjectVisitor* v) {
+ // Iterate over all fields in the body but take care in dealing with
+ // the code entry.
+ IteratePointers(v, kPropertiesOffset, kCodeEntryOffset);
+ v->VisitCodeEntry(this->address() + kCodeEntryOffset);
+ IteratePointers(v, kCodeEntryOffset + kPointerSize, object_size);
+}
+
+
Object* JSFunction::SetInstancePrototype(Object* value) {
ASSERT(value->IsJSObject());
@@ -5041,7 +5016,6 @@
}
-
Object* JSFunction::SetPrototype(Object* value) {
ASSERT(should_have_prototype());
Object* construct_prototype = value;
@@ -5269,6 +5243,16 @@
}
+void ObjectVisitor::VisitCodeEntry(Address entry_address) {
+ Object* code = Code::GetObjectFromEntryAddress(entry_address);
+ Object* old_code = code;
+ VisitPointer(&code);
+ if (code != old_code) {
+ Memory::Address_at(entry_address) = reinterpret_cast<Code*>(code)->entry();
+ }
+}
+
+
void ObjectVisitor::VisitDebugTarget(RelocInfo* rinfo) {
ASSERT((RelocInfo::IsJSReturn(rinfo->rmode()) &&
rinfo->IsPatchedReturnSequence()) ||