diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index 4a331318bdaa50..b7513a6829bc18 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 1 #define V8_BUILD_NUMBER 281 -#define V8_PATCH_LEVEL 69 +#define V8_PATCH_LEVEL 75 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/include/v8.h b/deps/v8/include/v8.h index 2c2399543938ef..8b7b7c2cc48c3b 100644 --- a/deps/v8/include/v8.h +++ b/deps/v8/include/v8.h @@ -3241,6 +3241,7 @@ class PropertyCallbackInfo { typedef void (*FunctionCallback)(const FunctionCallbackInfo& info); +enum class ConstructorBehavior { kThrow, kAllow }; /** * A JavaScript function object (ECMA-262, 15.3). @@ -3255,6 +3256,11 @@ class V8_EXPORT Function : public Object { FunctionCallback callback, Local data = Local(), int length = 0); + static MaybeLocal New(Local context, + FunctionCallback callback, + Local data, + int length, + ConstructorBehavior behavior); static V8_DEPRECATE_SOON( "Use maybe version", Local New(Isolate* isolate, FunctionCallback callback, @@ -4478,6 +4484,9 @@ class V8_EXPORT FunctionTemplate : public Template { Isolate* isolate, FunctionCallback callback = 0, Local data = Local(), Local signature = Local(), int length = 0); + static Local New( + Isolate* isolate, FunctionCallback callback, Local data, + Local signature, int length, ConstructorBehavior behavior); /** * Creates a function template with a fast handler. If a fast handler is set, diff --git a/deps/v8/src/api.cc b/deps/v8/src/api.cc index f0045cdb96327f..bf351548430a21 100644 --- a/deps/v8/src/api.cc +++ b/deps/v8/src/api.cc @@ -1153,14 +1153,26 @@ Local FunctionTemplate::New(Isolate* isolate, v8::Local data, v8::Local signature, int length) { + return New( + isolate, callback, data, signature, length, ConstructorBehavior::kAllow); +} + +Local FunctionTemplate::New(Isolate* isolate, + FunctionCallback callback, + v8::Local data, + v8::Local signature, + int length, + ConstructorBehavior behavior) { i::Isolate* i_isolate = reinterpret_cast(isolate); // Changes to the environment cannot be captured in the snapshot. Expect no // function templates when the isolate is created for serialization. DCHECK(!i_isolate->serializer_enabled()); LOG_API(i_isolate, "FunctionTemplate::New"); ENTER_V8(i_isolate); - return FunctionTemplateNew(i_isolate, callback, nullptr, data, signature, - length, false); + auto tmpl = FunctionTemplateNew(i_isolate, callback, nullptr, data, signature, + length, false); + if (behavior == ConstructorBehavior::kThrow) tmpl->RemovePrototype(); + return tmpl; } @@ -4449,15 +4461,21 @@ Local Object::CallAsConstructor(int argc, MaybeLocal Function::New(Local context, FunctionCallback callback, Local data, int length) { + return New(context, callback, data, length, ConstructorBehavior::kAllow); +} + +MaybeLocal Function::New(Local context, + FunctionCallback callback, Local data, + int length, ConstructorBehavior behavior) { i::Isolate* isolate = Utils::OpenHandle(*context)->GetIsolate(); LOG_API(isolate, "Function::New"); ENTER_V8(isolate); - return FunctionTemplateNew(isolate, callback, nullptr, data, - Local(), length, true) - ->GetFunction(context); + auto tmpl = FunctionTemplateNew(isolate, callback, nullptr, data, + Local(), length, true); + if (behavior == ConstructorBehavior::kThrow) tmpl->RemovePrototype(); + return tmpl->GetFunction(context); } - Local Function::New(Isolate* v8_isolate, FunctionCallback callback, Local data, int length) { return Function::New(v8_isolate->GetCurrentContext(), callback, data, length) diff --git a/deps/v8/src/compiler/js-create-lowering.cc b/deps/v8/src/compiler/js-create-lowering.cc index 20033636edc186..6dc5a4225ab247 100644 --- a/deps/v8/src/compiler/js-create-lowering.cc +++ b/deps/v8/src/compiler/js-create-lowering.cc @@ -471,6 +471,9 @@ Reduction JSCreateLowering::ReduceNewArray(Node* node, Node* length, PretenureFlag pretenure = site->GetPretenureMode(); ElementsKind elements_kind = site->GetElementsKind(); DCHECK(IsFastElementsKind(elements_kind)); + if (NodeProperties::GetType(length)->Max() > 0) { + elements_kind = GetHoleyElementsKind(elements_kind); + } dependencies()->AssumeTenuringDecision(site); dependencies()->AssumeTransitionStable(site); diff --git a/deps/v8/src/crankshaft/hydrogen.cc b/deps/v8/src/crankshaft/hydrogen.cc index fd232701f2d287..5a641f31a66ec3 100644 --- a/deps/v8/src/crankshaft/hydrogen.cc +++ b/deps/v8/src/crankshaft/hydrogen.cc @@ -8428,6 +8428,10 @@ bool HOptimizedGraphBuilder::TryInline(Handle target, TraceInline(target, caller, "parse failure"); return false; } + if (target_shared->dont_crankshaft()) { + TraceInline(target, caller, "ParseAndAnalyze found incompatibility"); + return false; + } if (target_info.scope()->num_heap_slots() > 0) { TraceInline(target, caller, "target has context-allocated variables"); diff --git a/deps/v8/src/log.cc b/deps/v8/src/log.cc index 93111a2e7eba00..da38d3e7f3f274 100644 --- a/deps/v8/src/log.cc +++ b/deps/v8/src/log.cc @@ -242,10 +242,6 @@ class PerfBasicLogger : public CodeEventLogger { static const char kFilenameFormatString[]; static const int kFilenameBufferPadding; - // File buffer size of the low-level log. We don't use the default to - // minimize the associated overhead. - static const int kLogBufferSize = 2 * MB; - FILE* perf_output_handle_; }; @@ -266,7 +262,7 @@ PerfBasicLogger::PerfBasicLogger() perf_output_handle_ = base::OS::FOpen(perf_dump_name.start(), base::OS::LogFileOpenMode); CHECK_NOT_NULL(perf_output_handle_); - setvbuf(perf_output_handle_, NULL, _IOFBF, kLogBufferSize); + setvbuf(perf_output_handle_, NULL, _IOLBF, 0); } @@ -332,10 +328,6 @@ class LowLevelLogger : public CodeEventLogger { // Extension added to V8 log file name to get the low-level log name. static const char kLogExt[]; - // File buffer size of the low-level log. We don't use the default to - // minimize the associated overhead. - static const int kLogBufferSize = 2 * MB; - void LogCodeInfo(); void LogWriteBytes(const char* bytes, int size); @@ -360,7 +352,7 @@ LowLevelLogger::LowLevelLogger(const char* name) MemCopy(ll_name.start() + len, kLogExt, sizeof(kLogExt)); ll_output_handle_ = base::OS::FOpen(ll_name.start(), base::OS::LogFileOpenMode); - setvbuf(ll_output_handle_, NULL, _IOFBF, kLogBufferSize); + setvbuf(ll_output_handle_, NULL, _IOLBF, 0); LogCodeInfo(); } diff --git a/deps/v8/src/runtime/runtime-scopes.cc b/deps/v8/src/runtime/runtime-scopes.cc index de0d66a74e4e12..5f3cdf2682cc3c 100644 --- a/deps/v8/src/runtime/runtime-scopes.cc +++ b/deps/v8/src/runtime/runtime-scopes.cc @@ -648,7 +648,7 @@ RUNTIME_FUNCTION(Runtime_NewRestParameter) { { DisallowHeapAllocation no_gc; FixedArray* elements = FixedArray::cast(result->elements()); - WriteBarrierMode mode = result->GetWriteBarrierMode(no_gc); + WriteBarrierMode mode = elements->GetWriteBarrierMode(no_gc); for (int i = 0; i < num_elements; i++) { elements->set(i, *arguments[i + start_index], mode); } diff --git a/deps/v8/test/mjsunit/compiler/regress-621147.js b/deps/v8/test/mjsunit/compiler/regress-621147.js new file mode 100644 index 00000000000000..0a5a221c40d8dd --- /dev/null +++ b/deps/v8/test/mjsunit/compiler/regress-621147.js @@ -0,0 +1,29 @@ +// Copyright 2014 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax --turbo-filter=test2 + +function test(n) { + return Array(n); +} + +function test2() { + return test(2); +} + +function test3(a) { + a[0] = 1; +} + +test(0); + +var smi_array = [1,2]; +smi_array[2] = 3; +test3(smi_array); + +%OptimizeFunctionOnNextCall(test2); + +var broken_array = test2(); +test3(broken_array); +1+broken_array[0]; diff --git a/deps/v8/test/mjsunit/mjsunit.status b/deps/v8/test/mjsunit/mjsunit.status index 6d786f97cfbbcf..ce7436f2c218fb 100644 --- a/deps/v8/test/mjsunit/mjsunit.status +++ b/deps/v8/test/mjsunit/mjsunit.status @@ -758,6 +758,14 @@ 'regress/regress-1132': [SKIP], }], # 'arch == ppc and simulator_run == True' +['arch == ppc64', { + + # stack overflow + 'big-array-literal': [SKIP], +}], # 'arch == ppc64' + +############################################################################## + ############################################################################## ['ignition == True', { # TODO(yangguo,4690): assertion failures in debugger tests. diff --git a/deps/v8/test/mjsunit/regress/regress-5033.js b/deps/v8/test/mjsunit/regress/regress-5033.js new file mode 100644 index 00000000000000..728094fc6d230c --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-5033.js @@ -0,0 +1,21 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var test = function() { + var t = Date.now(); // Just any non-constant double value. + var o = { + ['p']: 1, + t + }; +}; + +function caller() { + test(); +} +caller(); +caller(); +%OptimizeFunctionOnNextCall(caller); +caller();