Skip to content

Commit

Permalink
deps: patch V8 to 7.9.317.25
Browse files Browse the repository at this point in the history
Refs: v8/v8@7.9.317.23...7.9.317.25

PR-URL: nodejs#30679
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
  • Loading branch information
MylesBorins authored and addaleax committed Nov 30, 2019
1 parent 08a40e2 commit ea2668d
Show file tree
Hide file tree
Showing 7 changed files with 69 additions and 17 deletions.
2 changes: 1 addition & 1 deletion deps/v8/include/v8-version.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 7
#define V8_MINOR_VERSION 9
#define V8_BUILD_NUMBER 317
#define V8_PATCH_LEVEL 23
#define V8_PATCH_LEVEL 25

// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
Expand Down
27 changes: 15 additions & 12 deletions deps/v8/src/builtins/builtins-wasm-gen.cc
Original file line number Diff line number Diff line change
Expand Up @@ -121,18 +121,19 @@ TF_BUILTIN(WasmAtomicNotify, WasmBuiltinsAssembler) {
TNode<Code> centry = LoadCEntryFromInstance(instance);

TNode<Code> target = LoadBuiltinFromFrame(Builtins::kAllocateHeapNumber);
TNode<Object> context = LoadContextFromInstance(instance);

// TODO(aseemgarg): Use SMIs if possible for address and count
TNode<HeapNumber> address_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(address_heap, ChangeUint32ToFloat64(address));

TNode<HeapNumber> count_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(count_heap, ChangeUint32ToFloat64(count));

TNode<Smi> result_smi = UncheckedCast<Smi>(CallRuntimeWithCEntry(
Runtime::kWasmAtomicNotify, centry, NoContextConstant(), instance,
Runtime::kWasmAtomicNotify, centry, context, instance,
address_heap, count_heap));
ReturnRaw(SmiToInt32(result_smi));
}
Expand All @@ -149,23 +150,24 @@ TF_BUILTIN(WasmI32AtomicWait, WasmBuiltinsAssembler) {
TNode<Code> centry = LoadCEntryFromInstance(instance);

TNode<Code> target = LoadBuiltinFromFrame(Builtins::kAllocateHeapNumber);
TNode<Object> context = LoadContextFromInstance(instance);

// TODO(aseemgarg): Use SMIs if possible for address and expected_value
TNode<HeapNumber> address_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(address_heap, ChangeUint32ToFloat64(address));

TNode<HeapNumber> expected_value_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(expected_value_heap,
ChangeInt32ToFloat64(expected_value));

TNode<HeapNumber> timeout_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(timeout_heap, timeout);

TNode<Smi> result_smi = UncheckedCast<Smi>(CallRuntimeWithCEntry(
Runtime::kWasmI32AtomicWait, centry, NoContextConstant(), instance,
Runtime::kWasmI32AtomicWait, centry, context, instance,
address_heap, expected_value_heap, timeout_heap));
ReturnRaw(SmiToInt32(result_smi));
}
Expand All @@ -184,28 +186,29 @@ TF_BUILTIN(WasmI64AtomicWait, WasmBuiltinsAssembler) {
TNode<Code> centry = LoadCEntryFromInstance(instance);

TNode<Code> target = LoadBuiltinFromFrame(Builtins::kAllocateHeapNumber);
TNode<Object> context = LoadContextFromInstance(instance);

// TODO(aseemgarg): Use SMIs if possible for address and expected_value
TNode<HeapNumber> address_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(address_heap, ChangeUint32ToFloat64(address));

TNode<HeapNumber> expected_value_high_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(expected_value_high_heap,
ChangeUint32ToFloat64(expected_value_high));

TNode<HeapNumber> expected_value_low_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(expected_value_low_heap,
ChangeUint32ToFloat64(expected_value_low));

TNode<HeapNumber> timeout_heap = UncheckedCast<HeapNumber>(
CallStub(AllocateHeapNumberDescriptor(), target, NoContextConstant()));
CallStub(AllocateHeapNumberDescriptor(), target, context));
StoreHeapNumberValue(timeout_heap, timeout);

TNode<Smi> result_smi = UncheckedCast<Smi>(CallRuntimeWithCEntry(
Runtime::kWasmI64AtomicWait, centry, NoContextConstant(), instance,
Runtime::kWasmI64AtomicWait, centry, context, instance,
address_heap, expected_value_high_heap, expected_value_low_heap,
timeout_heap));
ReturnRaw(SmiToInt32(result_smi));
Expand Down
1 change: 1 addition & 0 deletions deps/v8/src/compiler/heap-refs.h
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,7 @@ class ContextRef : public HeapObjectRef {
V(JSFunction, object_function) \
V(JSFunction, promise_function) \
V(JSFunction, promise_then) \
V(JSFunction, regexp_function) \
V(JSFunction, string_function) \
V(JSFunction, symbol_function) \
V(JSGlobalObject, global_object) \
Expand Down
11 changes: 7 additions & 4 deletions deps/v8/src/compiler/js-call-reducer.cc
Original file line number Diff line number Diff line change
Expand Up @@ -7098,11 +7098,14 @@ Reduction JSCallReducer::ReduceRegExpPrototypeTest(Node* node) {
Node* control = NodeProperties::GetControlInput(node);
Node* regexp = NodeProperties::GetValueInput(node, 1);

// Only the initial JSRegExp map is valid here, since the following lastIndex
// check as well as the lowered builtin call rely on a known location of the
// lastIndex field.
Handle<Map> regexp_initial_map =
native_context().regexp_function().initial_map().object();

MapInference inference(broker(), regexp, effect);
if (!inference.HaveMaps() ||
!inference.AllOfInstanceTypes(InstanceTypeChecker::IsJSRegExp)) {
return inference.NoChange();
}
if (!inference.Is(regexp_initial_map)) return inference.NoChange();
MapHandles const& regexp_maps = inference.GetMaps();

ZoneVector<PropertyAccessInfo> access_infos(graph()->zone());
Expand Down
7 changes: 7 additions & 0 deletions deps/v8/src/compiler/map-inference.cc
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,13 @@ MapHandles const& MapInference::GetMaps() {
return maps_;
}

bool MapInference::Is(Handle<Map> expected_map) {
if (!HaveMaps()) return false;
const MapHandles& maps = GetMaps();
if (maps.size() != 1) return false;
return maps[0].equals(expected_map);
}

void MapInference::InsertMapChecks(JSGraph* jsgraph, Node** effect,
Node* control,
const FeedbackSource& feedback) {
Expand Down
1 change: 1 addition & 0 deletions deps/v8/src/compiler/map-inference.h
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ class MapInference {
V8_WARN_UNUSED_RESULT MapHandles const& GetMaps();
V8_WARN_UNUSED_RESULT bool AllOfInstanceTypes(
std::function<bool(InstanceType)> f);
V8_WARN_UNUSED_RESULT bool Is(Handle<Map> expected_map);

// These methods provide a guard.
//
Expand Down
37 changes: 37 additions & 0 deletions deps/v8/test/mjsunit/regress/regress-crbug-1024758.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --allow-natives-syntax

function f() {
return r.test("abc");
}

function to_dict(o) {
r.a = 42;
r.b = 42;
delete r.a;
}

function to_fast(o) {
const obj = {};
const obj2 = {};
delete o.a;
obj.__proto__ = o;
obj[0] = 1;
obj.__proto__ = obj2;
delete obj[0];
return o;
}

// Shrink the instance size by first transitioning to dictionary properties,
// then back to fast properties.
const r = /./;
to_dict(r);
to_fast(r);

%PrepareFunctionForOptimization(f);
assertTrue(f());
%OptimizeFunctionOnNextCall(f);
assertTrue(f());

0 comments on commit ea2668d

Please sign in to comment.