Update V8 to version 4.1.0.21
This is a cherry-pick of all commits up to and including the
4.1.0.21 cherry-pick in Chromium.
Original commit message:
Version 4.1.0.21 (cherry-pick)
Merged 206e9136bde0f2b5ae8cb77afbb1e7833e5bd412
Unlink pages from the space page list after evacuation.
BUG=430201
LOG=N
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/953813002
Cr-Commit-Position: refs/branch-heads/4.1@{#22}
Cr-Branched-From: 2e08d2a7aa9d65d269d8c57aba82eb38a8cb0a18-refs/heads/candidates@{#25353}
---
FPIIM-449
Change-Id: I8c23c7bbb70772b4858fe8a47b64fa97ee0d1f8c
diff --git a/src/objects-debug.cc b/src/objects-debug.cc
index a2395de..e990559 100644
--- a/src/objects-debug.cc
+++ b/src/objects-debug.cc
@@ -47,6 +47,10 @@
return;
}
+ // TODO(yangguo): Use this check once crbug/436911 has been fixed.
+ // DCHECK(!NeedsToEnsureDoubleAlignment() ||
+ // IsAligned(OffsetFrom(address()), kDoubleAlignment));
+
switch (instance_type) {
case SYMBOL_TYPE:
Symbol::cast(this)->SymbolVerify();
@@ -125,6 +129,9 @@
case PROPERTY_CELL_TYPE:
PropertyCell::cast(this)->PropertyCellVerify();
break;
+ case WEAK_CELL_TYPE:
+ WeakCell::cast(this)->WeakCellVerify();
+ break;
case JS_ARRAY_TYPE:
JSArray::cast(this)->JSArrayVerify();
break;
@@ -256,14 +263,26 @@
}
if (HasFastProperties()) {
- CHECK_EQ(map()->unused_property_fields(),
- (map()->inobject_properties() + properties()->length() -
- map()->NextFreePropertyIndex()));
+ int actual_unused_property_fields = map()->inobject_properties() +
+ properties()->length() -
+ map()->NextFreePropertyIndex();
+ if (map()->unused_property_fields() != actual_unused_property_fields) {
+ // This could actually happen in the middle of StoreTransitionStub
+ // when the new extended backing store is already set into the object and
+ // the allocation of the MutableHeapNumber triggers GC (in this case map
+ // is not updated yet).
+ CHECK_EQ(map()->unused_property_fields(),
+ actual_unused_property_fields - JSObject::kFieldsAdded);
+ }
DescriptorArray* descriptors = map()->instance_descriptors();
for (int i = 0; i < map()->NumberOfOwnDescriptors(); i++) {
if (descriptors->GetDetails(i).type() == FIELD) {
Representation r = descriptors->GetDetails(i).representation();
FieldIndex index = FieldIndex::ForDescriptor(map(), i);
+ if (IsUnboxedDoubleField(index)) {
+ DCHECK(r.IsDouble());
+ continue;
+ }
Object* value = RawFastPropertyAt(index);
if (r.IsDouble()) DCHECK(value->IsMutableHeapNumber());
if (value->IsUninitialized()) continue;
@@ -305,6 +324,8 @@
SLOW_DCHECK(transitions()->IsSortedNoDuplicates());
SLOW_DCHECK(transitions()->IsConsistentWithBackPointers(this));
}
+ SLOW_DCHECK(!FLAG_unbox_double_fields ||
+ layout_descriptor()->IsConsistentWithMap(this));
}
@@ -314,8 +335,7 @@
CHECK(instance_descriptors()->IsEmpty());
CHECK_EQ(0, pre_allocated_property_fields());
CHECK_EQ(0, unused_property_fields());
- CHECK_EQ(StaticVisitorBase::GetVisitorId(instance_type(), instance_size()),
- visitor_id());
+ CHECK_EQ(StaticVisitorBase::GetVisitorId(this), visitor_id());
}
@@ -547,7 +567,7 @@
VerifyObjectField(JSGlobalProxy::kNativeContextOffset);
// Make sure that this object has no properties, elements.
CHECK_EQ(0, properties()->length());
- CHECK(HasFastSmiElements());
+ CHECK_EQ(FAST_HOLEY_SMI_ELEMENTS, GetElementsKind());
CHECK_EQ(0, FixedArray::cast(elements())->length());
}
@@ -627,6 +647,13 @@
}
+void WeakCell::WeakCellVerify() {
+ CHECK(IsWeakCell());
+ VerifyObjectField(kValueOffset);
+ VerifyObjectField(kNextOffset);
+}
+
+
void Code::CodeVerify() {
CHECK(IsAligned(reinterpret_cast<intptr_t>(instruction_start()),
kCodeAlignment));
@@ -657,9 +684,8 @@
if (IsWeakObject(obj)) {
if (obj->IsMap()) {
Map* map = Map::cast(obj);
- DependentCode::DependencyGroup group = is_optimized_code() ?
- DependentCode::kWeakCodeGroup : DependentCode::kWeakICGroup;
- CHECK(map->dependent_code()->Contains(group, this));
+ CHECK(map->dependent_code()->Contains(DependentCode::kWeakCodeGroup,
+ this));
} else if (obj->IsJSObject()) {
Object* raw_table = GetIsolate()->heap()->weak_object_to_code_table();
WeakHashTable* table = WeakHashTable::cast(raw_table);
@@ -904,6 +930,7 @@
VerifyPointer(deleter());
VerifyPointer(enumerator());
VerifyPointer(data());
+ VerifySmiField(kFlagsOffset);
}
@@ -1146,15 +1173,13 @@
for (int i = 0; i < number_of_descriptors(); i++) {
Name* key = GetSortedKey(i);
if (key == current_key) {
- OFStream os(stdout);
- PrintDescriptors(os);
+ Print();
return false;
}
current_key = key;
uint32_t hash = GetSortedKey(i)->Hash();
if (hash < current) {
- OFStream os(stdout);
- PrintDescriptors(os);
+ Print();
return false;
}
current = hash;
@@ -1163,25 +1188,58 @@
}
+bool LayoutDescriptor::IsConsistentWithMap(Map* map) {
+ if (FLAG_unbox_double_fields) {
+ DescriptorArray* descriptors = map->instance_descriptors();
+ int nof_descriptors = map->NumberOfOwnDescriptors();
+ for (int i = 0; i < nof_descriptors; i++) {
+ PropertyDetails details = descriptors->GetDetails(i);
+ if (details.type() != FIELD) continue;
+ FieldIndex field_index = FieldIndex::ForDescriptor(map, i);
+ bool tagged_expected =
+ !field_index.is_inobject() || !details.representation().IsDouble();
+ for (int bit = 0; bit < details.field_width_in_words(); bit++) {
+ bool tagged_actual = IsTagged(details.field_index() + bit);
+ DCHECK_EQ(tagged_expected, tagged_actual);
+ if (tagged_actual != tagged_expected) return false;
+ }
+ }
+ }
+ return true;
+}
+
+
bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
DCHECK(valid_entries == -1);
- Name* current_key = NULL;
- uint32_t current = 0;
+ Name* prev_key = NULL;
+ PropertyKind prev_kind = DATA;
+ PropertyAttributes prev_attributes = NONE;
+ uint32_t prev_hash = 0;
for (int i = 0; i < number_of_transitions(); i++) {
Name* key = GetSortedKey(i);
- if (key == current_key) {
- OFStream os(stdout);
- PrintTransitions(os);
+ uint32_t hash = key->Hash();
+ PropertyKind kind = DATA;
+ PropertyAttributes attributes = NONE;
+ if (!IsSpecialTransition(key)) {
+ Map* target = GetTarget(i);
+ PropertyDetails details = GetTargetDetails(key, target);
+ kind = details.kind();
+ attributes = details.attributes();
+ } else {
+ // Duplicate entries are not allowed for non-property transitions.
+ CHECK_NE(prev_key, key);
+ }
+
+ int cmp = CompareKeys(prev_key, prev_hash, prev_kind, prev_attributes, key,
+ hash, kind, attributes);
+ if (cmp >= 0) {
+ Print();
return false;
}
- current_key = key;
- uint32_t hash = GetSortedKey(i)->Hash();
- if (hash < current) {
- OFStream os(stdout);
- PrintTransitions(os);
- return false;
- }
- current = hash;
+ prev_key = key;
+ prev_hash = hash;
+ prev_attributes = attributes;
+ prev_kind = kind;
}
return true;
}
@@ -1200,6 +1258,24 @@
}
+void Code::VerifyEmbeddedObjectsInFullCode() {
+ // Check that no context-specific object has been embedded.
+ Heap* heap = GetIsolate()->heap();
+ int mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
+ for (RelocIterator it(this, mask); !it.done(); it.next()) {
+ Object* obj = it.rinfo()->target_object();
+ if (obj->IsCell()) obj = Cell::cast(obj)->value();
+ if (obj->IsPropertyCell()) obj = PropertyCell::cast(obj)->value();
+ if (!obj->IsHeapObject()) continue;
+ Map* map = obj->IsMap() ? Map::cast(obj) : HeapObject::cast(obj)->map();
+ int i = 0;
+ while (map != heap->roots_array_start()[i++]) {
+ CHECK_LT(i, Heap::kStrongRootListLength);
+ }
+ }
+}
+
+
#endif // DEBUG
} } // namespace v8::internal