Update V8 to version 4.1.0.21
This is a cherry-pick of all commits up to and including the
4.1.0.21 cherry-pick in Chromium.
Original commit message:
Version 4.1.0.21 (cherry-pick)
Merged 206e9136bde0f2b5ae8cb77afbb1e7833e5bd412
Unlink pages from the space page list after evacuation.
BUG=430201
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/953813002
Cr-Commit-Position: refs/branch-heads/4.1@{#22}
Cr-Branched-From: 2e08d2a7aa9d65d269d8c57aba82eb38a8cb0a18-refs/heads/candidates@{#25353}
---
FPIIM-449
Change-Id: I8c23c7bbb70772b4858fe8a47b64fa97ee0d1f8c
diff --git a/src/factory.h b/src/factory.h
index 24b490c..24a6647 100644
--- a/src/factory.h
+++ b/src/factory.h
@@ -10,8 +10,9 @@
namespace v8 {
namespace internal {
-// Interface for handle based allocation.
+class FeedbackVectorSpec;
+// Interface for handle based allocation.
class Factory FINAL {
public:
Handle<Oddball> NewOddball(Handle<Map> map,
@@ -225,10 +226,13 @@
// Create a global (but otherwise uninitialized) context.
Handle<Context> NewNativeContext();
- // Create a global context.
- Handle<Context> NewGlobalContext(Handle<JSFunction> function,
+ // Create a script context.
+ Handle<Context> NewScriptContext(Handle<JSFunction> function,
Handle<ScopeInfo> scope_info);
+ // Create an empty script context table.
+ Handle<ScriptContextTable> NewScriptContextTable();
+
// Create a module context.
Handle<Context> NewModuleContext(Handle<ScopeInfo> scope_info);
@@ -296,6 +300,8 @@
Handle<PropertyCell> NewPropertyCell(Handle<Object> value);
+ Handle<WeakCell> NewWeakCell(Handle<HeapObject> value);
+
// Allocate a tenured AllocationSite. It's payload is null.
Handle<AllocationSite> NewAllocationSite();
@@ -434,7 +440,18 @@
Handle<JSTypedArray> NewJSTypedArray(ExternalArrayType type);
+ // Creates a new JSTypedArray with the specified buffer.
+ Handle<JSTypedArray> NewJSTypedArray(ExternalArrayType type,
+ Handle<JSArrayBuffer> buffer,
+ size_t byte_offset, size_t length);
+
Handle<JSDataView> NewJSDataView();
+ Handle<JSDataView> NewJSDataView(Handle<JSArrayBuffer> buffer,
+ size_t byte_offset, size_t byte_length);
+
+ // TODO(aandrey): Maybe these should take table, index and kind arguments.
+ Handle<JSMapIterator> NewJSMapIterator();
+ Handle<JSSetIterator> NewJSSetIterator();
// Allocates a Harmony proxy.
Handle<JSProxy> NewJSProxy(Handle<Object> handler, Handle<Object> prototype);
@@ -469,12 +486,11 @@
Handle<Context> context,
PretenureFlag pretenure = TENURED);
- Handle<JSFunction> NewFunction(Handle<String> name,
- Handle<Code> code,
- Handle<Object> prototype,
- InstanceType type,
+ Handle<JSFunction> NewFunction(Handle<String> name, Handle<Code> code,
+ Handle<Object> prototype, InstanceType type,
int instance_size,
- bool read_only_prototype = false);
+ bool read_only_prototype = false,
+ bool install_constructor = false);
Handle<JSFunction> NewFunction(Handle<String> name,
Handle<Code> code,
InstanceType type,
@@ -588,6 +604,22 @@
INTERNALIZED_STRING_LIST(STRING_ACCESSOR)
#undef STRING_ACCESSOR
+#define SYMBOL_ACCESSOR(name) \
+ inline Handle<Symbol> name() { \
+ return Handle<Symbol>(bit_cast<Symbol**>( \
+ &isolate()->heap()->roots_[Heap::k##name##RootIndex])); \
+ }
+ PRIVATE_SYMBOL_LIST(SYMBOL_ACCESSOR)
+#undef SYMBOL_ACCESSOR
+
+#define SYMBOL_ACCESSOR(name, varname, description) \
+ inline Handle<Symbol> name() { \
+ return Handle<Symbol>(bit_cast<Symbol**>( \
+ &isolate()->heap()->roots_[Heap::k##name##RootIndex])); \
+ }
+ PUBLIC_SYMBOL_LIST(SYMBOL_ACCESSOR)
+#undef SYMBOL_ACCESSOR
+
inline void set_string_table(Handle<StringTable> table) {
isolate()->heap()->set_string_table(*table);
}
@@ -605,7 +637,8 @@
MaybeHandle<Code> code);
// Allocate a new type feedback vector
- Handle<TypeFeedbackVector> NewTypeFeedbackVector(int slot_count);
+ Handle<TypeFeedbackVector> NewTypeFeedbackVector(
+ const FeedbackVectorSpec& spec);
// Allocates a new JSMessageObject object.
Handle<JSMessageObject> NewJSMessageObject(
@@ -618,10 +651,11 @@
Handle<DebugInfo> NewDebugInfo(Handle<SharedFunctionInfo> shared);
- // Return a map using the map cache in the native context.
- // The key the an ordered set of property names.
+ // Return a map for given number of properties using the map cache in the
+ // native context.
Handle<Map> ObjectLiteralMapFromCache(Handle<Context> context,
- Handle<FixedArray> keys);
+ int number_of_properties,
+ bool* is_result_from_cache);
// Creates a new FixedArray that holds the data associated with the
// atom regexp and stores it in the regexp.
@@ -664,14 +698,6 @@
// Creates a code object that is not yet fully initialized yet.
inline Handle<Code> NewCodeRaw(int object_size, bool immovable);
- // Create a new map cache.
- Handle<MapCache> NewMapCache(int at_least_space_for);
-
- // Update the map cache in the native context with (keys, map)
- Handle<MapCache> AddToMapCache(Handle<Context> context,
- Handle<FixedArray> keys,
- Handle<Map> map);
-
// Attempt to find the number in a small cache. If we finds it, return
// the string representation of the number. Otherwise return undefined.
Handle<Object> GetNumberStringCache(Handle<Object> number);