Revision: 13363
Author: [email protected]
Date: Fri Jan 11 06:51:07 2013
Log: Version 3.16.4
Fixed Chromium issues 168545 and 169209.
Performance and stability improvements on all platforms.
http://code.google.com/p/v8/source/detail?r=13363
Modified:
/trunk/ChangeLog
/trunk/src/api.cc
/trunk/src/builtins.h
/trunk/src/compiler.cc
/trunk/src/d8.cc
/trunk/src/debug.cc
/trunk/src/ic.cc
/trunk/src/isolate.cc
/trunk/src/liveedit.cc
/trunk/src/mark-compact.cc
/trunk/src/mark-compact.h
/trunk/src/objects-inl.h
/trunk/src/objects.cc
/trunk/src/objects.h
/trunk/src/runtime.cc
/trunk/src/stub-cache.cc
/trunk/src/v8globals.h
/trunk/src/version.cc
/trunk/test/cctest/test-heap.cc
/trunk/test/mjsunit/regress/regress-165637.js
/trunk/test/mjsunit/regress/regress-crbug-168545.js
=======================================
--- /trunk/ChangeLog Wed Jan 9 08:32:23 2013
+++ /trunk/ChangeLog Fri Jan 11 06:51:07 2013
@@ -1,3 +1,10 @@
+2013-01-11: Version 3.16.4
+
+ Fixed Chromium issues 168545 and 169209.
+
+ Performance and stability improvements on all platforms.
+
+
2013-01-09: Version 3.16.3
Improved GC performance when moving parts of a FixedArray (issue
2452).
=======================================
--- /trunk/src/api.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/api.cc Fri Jan 11 06:51:07 2013
@@ -128,8 +128,13 @@
static void DefaultFatalErrorHandler(const char* location,
const char* message) {
- i::VMState __state__(i::Isolate::Current(), i::OTHER);
- API_Fatal(location, message);
+ i::Isolate* isolate = i::Isolate::Current();
+ if (isolate->IsInitialized()) {
+ i::VMState __state__(isolate, i::OTHER);
+ API_Fatal(location, message);
+ } else {
+ API_Fatal(location, message);
+ }
}
@@ -202,15 +207,21 @@
int end_marker;
heap_stats.end_marker = &end_marker;
i::Isolate* isolate = i::Isolate::Current();
- // BUG(1718):
- // Don't use the take_snapshot since we don't support HeapIterator here
- // without doing a special GC.
- isolate->heap()->RecordStats(&heap_stats, false);
+ if (isolate->heap()->HasBeenSetUp()) {
+ // BUG(1718): Don't use the take_snapshot since we don't support
+ // HeapIterator here without doing a special GC.
+ isolate->heap()->RecordStats(&heap_stats, false);
+ }
i::V8::SetFatalError();
FatalErrorCallback callback = GetFatalErrorHandler();
+ const char* message = "Allocation failed - process out of memory";
{
- LEAVE_V8(isolate);
- callback(location, "Allocation failed - process out of memory");
+ if (isolate->IsInitialized()) {
+ LEAVE_V8(isolate);
+ callback(location, message);
+ } else {
+ callback(location, message);
+ }
}
// If the callback returns, we stop execution.
UNREACHABLE();
=======================================
--- /trunk/src/builtins.h Wed Jan 9 08:32:23 2013
+++ /trunk/src/builtins.h Fri Jan 11 06:51:07 2013
@@ -221,31 +221,31 @@
#ifdef ENABLE_DEBUGGER_SUPPORT
// Define list of builtins used by the debugger implemented in assembly.
-#define BUILTIN_LIST_DEBUG_A(V) \
- V(Return_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(CallFunctionStub_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(CallFunctionStub_Recording_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(CallConstructStub_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(CallConstructStub_Recording_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(LoadIC_DebugBreak, LOAD_IC,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(KeyedLoadIC_DebugBreak, KEYED_LOAD_IC,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(StoreIC_DebugBreak, STORE_IC,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(KeyedStoreIC_DebugBreak, KEYED_STORE_IC,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(Slot_DebugBreak, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(PlainReturn_LiveEdit, BUILTIN,
DEBUG_BREAK, \
-
Code::kNoExtraICState) \
- V(FrameDropper_LiveEdit, BUILTIN,
DEBUG_BREAK, \
- Code::kNoExtraICState)
+#define
BUILTIN_LIST_DEBUG_A(V) \
+ V(Return_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(CallFunctionStub_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(CallFunctionStub_Recording_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(CallConstructStub_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(CallConstructStub_Recording_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(LoadIC_DebugBreak, LOAD_IC,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(KeyedLoadIC_DebugBreak, KEYED_LOAD_IC,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(StoreIC_DebugBreak, STORE_IC,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(KeyedStoreIC_DebugBreak, KEYED_STORE_IC,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(Slot_DebugBreak, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(PlainReturn_LiveEdit, BUILTIN,
DEBUG_STUB, \
+
DEBUG_BREAK) \
+ V(FrameDropper_LiveEdit, BUILTIN,
DEBUG_STUB, \
+ DEBUG_BREAK)
#else
#define BUILTIN_LIST_DEBUG_A(V)
#endif
=======================================
--- /trunk/src/compiler.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/compiler.cc Fri Jan 11 06:51:07 2013
@@ -739,7 +739,7 @@
Handle<ScopeInfo> scope_info =
ScopeInfo::Create(info->scope(), info->zone());
shared->set_scope_info(*scope_info);
- shared->set_code(*code);
+ shared->ReplaceCode(*code);
if (!function.is_null()) {
function->ReplaceCode(*code);
ASSERT(!function->IsOptimized());
=======================================
--- /trunk/src/d8.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/d8.cc Fri Jan 11 06:51:07 2013
@@ -561,7 +561,11 @@
if (init_from_array) {
Handle<Object> init = args[0]->ToObject();
- for (int i = 0; i < length; ++i) array->Set(i, init->Get(i));
+ for (int i = 0; i < length; ++i) {
+ Local<Value> value = init->Get(i);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ array->Set(i, value);
+ }
}
return array;
@@ -1485,7 +1489,7 @@
int size = 0;
char* chars = ReadChars(isolate, name, &size);
if (chars == NULL) return Handle<String>();
- Handle<String> result = String::New(chars);
+ Handle<String> result = String::New(chars, size);
delete[] chars;
return result;
}
=======================================
--- /trunk/src/debug.cc Fri Dec 21 04:35:02 2012
+++ /trunk/src/debug.cc Fri Jan 11 06:51:07 2013
@@ -1587,7 +1587,7 @@
// object.
bool Debug::IsDebugBreak(Address addr) {
Code* code = Code::GetCodeFromTargetAddress(addr);
- return code->ic_state() == DEBUG_BREAK;
+ return code->is_debug_break();
}
=======================================
--- /trunk/src/ic.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/ic.cc Fri Jan 11 06:51:07 2013
@@ -52,8 +52,7 @@
// We never see the debugger states here, because the state is
// computed from the original code - not the patched code. Let
// these cases fall through to the unreachable code below.
- case DEBUG_BREAK: break;
- case DEBUG_PREPARE_STEP_IN: break;
+ case DEBUG_STUB: break;
}
UNREACHABLE();
return 0;
@@ -347,7 +346,7 @@
Code* target = GetTargetAtAddress(address);
// Don't clear debug break inline cache as it will remove the break
point.
- if (target->ic_state() == DEBUG_BREAK) return;
+ if (target->is_debug_break()) return;
switch (target->kind()) {
case Code::LOAD_IC: return LoadIC::Clear(address, target);
@@ -770,8 +769,7 @@
isolate()->stub_cache()->Set(*name, cache_object->map(), *code);
break;
}
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
break;
case POLYMORPHIC:
UNREACHABLE();
@@ -1066,8 +1064,7 @@
// GenerateMonomorphicCacheProbe.
isolate()->stub_cache()->Set(*name, receiver->map(), *code);
break;
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
break;
case POLYMORPHIC:
UNREACHABLE();
@@ -1339,8 +1336,7 @@
}
break;
case MEGAMORPHIC:
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
break;
case MONOMORPHIC_PROTOTYPE_FAILURE:
UNREACHABLE();
@@ -1615,8 +1611,7 @@
// Update the stub cache.
isolate()->stub_cache()->Set(*name, receiver->map(), *code);
break;
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
break;
case POLYMORPHIC:
UNREACHABLE();
@@ -1667,8 +1662,7 @@
case UNINITIALIZED:
case PREMONOMORPHIC:
case MONOMORPHIC_PROTOTYPE_FAILURE:
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
UNREACHABLE();
break;
}
@@ -2114,8 +2108,7 @@
}
break;
case MEGAMORPHIC:
- case DEBUG_BREAK:
- case DEBUG_PREPARE_STEP_IN:
+ case DEBUG_STUB:
break;
case MONOMORPHIC_PROTOTYPE_FAILURE:
UNREACHABLE();
@@ -2456,10 +2449,13 @@
Handle<Code> code = stub.GetCode();
if (!code.is_null()) {
if (FLAG_trace_ic) {
- PrintF("[UnaryOpIC (%s->%s)#%s]\n",
+ PrintF("[UnaryOpIC in ");
+ JavaScriptFrame::PrintTop(stdout, false, true);
+ PrintF(" (%s->%s)#%s @ %p]\n",
UnaryOpIC::GetName(previous_type),
UnaryOpIC::GetName(type),
- Token::Name(op));
+ Token::Name(op),
+ static_cast<void*>(*code));
}
UnaryOpIC ic(isolate);
ic.patch(*code);
=======================================
--- /trunk/src/isolate.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/isolate.cc Fri Jan 11 06:51:07 2013
@@ -2003,7 +2003,7 @@
const bool create_heap_objects = (des == NULL);
ASSERT(!heap_.HasBeenSetUp());
if (!heap_.SetUp(create_heap_objects)) {
- V8::SetFatalError();
+ V8::FatalProcessOutOfMemory("heap setup");
return false;
}
=======================================
--- /trunk/src/liveedit.cc Fri Dec 21 04:35:02 2012
+++ /trunk/src/liveedit.cc Fri Jan 11 06:51:07 2013
@@ -1663,7 +1663,7 @@
Code* pre_top_frame_code = pre_top_frame->LookupCode();
bool frame_has_padding;
if (pre_top_frame_code->is_inline_cache_stub() &&
- pre_top_frame_code->ic_state() == DEBUG_BREAK) {
+ pre_top_frame_code->is_debug_break()) {
// OK, we can drop inline cache calls.
*mode = Debug::FRAME_DROPPED_IN_IC_CALL;
frame_has_padding = Debug::FramePaddingLayout::kIsSupported;
=======================================
--- /trunk/src/mark-compact.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/mark-compact.cc Fri Jan 11 06:51:07 2013
@@ -885,8 +885,8 @@
if (!code_mark.Get()) {
shared->set_code(lazy_compile);
candidate->set_code(lazy_compile);
- } else if (code == lazy_compile) {
- candidate->set_code(lazy_compile);
+ } else {
+ candidate->set_code(code);
}
// We are in the middle of a GC cycle so the write barrier in the code
@@ -933,6 +933,34 @@
shared_function_info_candidates_head_ = NULL;
}
+
+
+void CodeFlusher::EvictCandidate(SharedFunctionInfo* shared_info) {
+ // The function is no longer a candidate, make sure it gets visited
+ // again so that previous flushing decisions are revisited.
+ isolate_->heap()->incremental_marking()->RecordWrites(shared_info);
+
+ SharedFunctionInfo* candidate = shared_function_info_candidates_head_;
+ SharedFunctionInfo* next_candidate;
+ if (candidate == shared_info) {
+ next_candidate = GetNextCandidate(shared_info);
+ shared_function_info_candidates_head_ = next_candidate;
+ ClearNextCandidate(shared_info);
+ } else {
+ while (candidate != NULL) {
+ next_candidate = GetNextCandidate(candidate);
+
+ if (next_candidate == shared_info) {
+ next_candidate = GetNextCandidate(shared_info);
+ SetNextCandidate(candidate, next_candidate);
+ ClearNextCandidate(shared_info);
+ break;
+ }
+
+ candidate = next_candidate;
+ }
+ }
+}
void CodeFlusher::EvictCandidate(JSFunction* function) {
@@ -957,6 +985,7 @@
next_candidate = GetNextCandidate(function);
SetNextCandidate(candidate, next_candidate);
ClearNextCandidate(function, undefined);
+ break;
}
candidate = next_candidate;
=======================================
--- /trunk/src/mark-compact.h Tue Dec 4 05:52:03 2012
+++ /trunk/src/mark-compact.h Fri Jan 11 06:51:07 2013
@@ -434,6 +434,7 @@
}
}
+ void EvictCandidate(SharedFunctionInfo* shared_info);
void EvictCandidate(JSFunction* function);
void ProcessCandidates() {
=======================================
--- /trunk/src/objects-inl.h Wed Jan 9 08:32:23 2013
+++ /trunk/src/objects-inl.h Fri Jan 11 06:51:07 2013
@@ -3418,14 +3418,13 @@
// a call to code object has been replaced with a debug break call.
ASSERT(is_inline_cache_stub() ||
result == UNINITIALIZED ||
- result == DEBUG_BREAK ||
- result == DEBUG_PREPARE_STEP_IN);
+ result == DEBUG_STUB);
return result;
}
Code::ExtraICState Code::extra_ic_state() {
- ASSERT(is_inline_cache_stub());
+ ASSERT(is_inline_cache_stub() || ic_state() == DEBUG_STUB);
return ExtractExtraICStateFromFlags(flags());
}
@@ -3674,6 +3673,11 @@
Kind kind = this->kind();
return kind >= FIRST_IC_KIND && kind <= LAST_IC_KIND;
}
+
+
+bool Code::is_debug_break() {
+ return ic_state() == DEBUG_STUB && extra_ic_state() == DEBUG_BREAK;
+}
Code::Flags Code::ComputeFlags(Kind kind,
@@ -4374,6 +4378,19 @@
WRITE_FIELD(this, kCodeOffset, value);
CONDITIONAL_WRITE_BARRIER(value->GetHeap(), this, kCodeOffset, value,
mode);
}
+
+
+void SharedFunctionInfo::ReplaceCode(Code* value) {
+ // If the GC metadata field is already used then the function was
+ // enqueued as a code flushing candidate and we remove it now.
+ if (code()->gc_metadata() != NULL) {
+ CodeFlusher* flusher =
GetHeap()->mark_compact_collector()->code_flusher();
+ flusher->EvictCandidate(this);
+ }
+
+ ASSERT(code()->gc_metadata() == NULL && value->gc_metadata() == NULL);
+ set_code(value);
+}
ScopeInfo* SharedFunctionInfo::scope_info() {
=======================================
--- /trunk/src/objects.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/objects.cc Fri Jan 11 06:51:07 2013
@@ -8292,7 +8292,7 @@
// old code, we have to replace it. We should try to avoid this
// altogether because it flushes valuable type feedback by
// effectively resetting all IC state.
- set_code(recompiled);
+ ReplaceCode(recompiled);
}
ASSERT(has_deoptimization_support());
}
@@ -9036,8 +9036,7 @@
case MONOMORPHIC_PROTOTYPE_FAILURE:
return "MONOMORPHIC_PROTOTYPE_FAILURE";
case POLYMORPHIC: return "POLYMORPHIC";
case MEGAMORPHIC: return "MEGAMORPHIC";
- case DEBUG_BREAK: return "DEBUG_BREAK";
- case DEBUG_PREPARE_STEP_IN: return "DEBUG_PREPARE_STEP_IN";
+ case DEBUG_STUB: return "DEBUG_STUB";
}
UNREACHABLE();
return NULL;
=======================================
--- /trunk/src/objects.h Wed Jan 9 08:32:23 2013
+++ /trunk/src/objects.h Fri Jan 11 06:51:07 2013
@@ -178,6 +178,12 @@
};
+enum DebugExtraICState {
+ DEBUG_BREAK,
+ DEBUG_PREPARE_STEP_IN
+};
+
+
// Indicates whether the transition is simple: the target map of the
transition
// either extends the current map with a new property, or it modifies the
// property that was added last to the current map.
@@ -4311,6 +4317,7 @@
// Testers for IC stub kinds.
inline bool is_inline_cache_stub();
+ inline bool is_debug_break();
inline bool is_load_stub() { return kind() == LOAD_IC; }
inline bool is_keyed_load_stub() { return kind() == KEYED_LOAD_IC; }
inline bool is_store_stub() { return kind() == STORE_IC; }
@@ -5386,6 +5393,7 @@
// [code]: Function code.
DECL_ACCESSORS(code, Code)
+ inline void ReplaceCode(Code* code);
// [optimized_code_map]: Map from native context to optimized code
// and a shared literals array or Smi 0 if none.
=======================================
--- /trunk/src/runtime.cc Wed Jan 9 08:32:23 2013
+++ /trunk/src/runtime.cc Fri Jan 11 06:51:07 2013
@@ -2147,7 +2147,7 @@
// target function to undefined. SetCode is only used for built-in
// constructors like String, Array, and Object, and some web code
// doesn't like seeing source code for constructors.
- target_shared->set_code(source_shared->code());
+ target_shared->ReplaceCode(source_shared->code());
target_shared->set_scope_info(source_shared->scope_info());
target_shared->set_length(source_shared->length());
target_shared->set_formal_parameter_count(
=======================================
--- /trunk/src/stub-cache.cc Tue Dec 4 05:52:03 2012
+++ /trunk/src/stub-cache.cc Fri Jan 11 06:51:07 2013
@@ -909,7 +909,7 @@
// Extra IC state is irrelevant for debug break ICs. They jump to
// the actual call ic to carry out the work.
Code::Flags flags =
- Code::ComputeFlags(kind, DEBUG_BREAK, Code::kNoExtraICState,
+ Code::ComputeFlags(kind, DEBUG_STUB, DEBUG_BREAK,
Code::NORMAL, argc);
Handle<UnseededNumberDictionary> cache =
isolate_->factory()->non_monomorphic_cache();
@@ -928,7 +928,7 @@
// Extra IC state is irrelevant for debug break ICs. They jump to
// the actual call ic to carry out the work.
Code::Flags flags =
- Code::ComputeFlags(kind, DEBUG_PREPARE_STEP_IN,
Code::kNoExtraICState,
+ Code::ComputeFlags(kind, DEBUG_STUB, DEBUG_PREPARE_STEP_IN,
Code::NORMAL, argc);
Handle<UnseededNumberDictionary> cache =
isolate_->factory()->non_monomorphic_cache();
=======================================
--- /trunk/src/v8globals.h Wed Jan 9 08:32:23 2013
+++ /trunk/src/v8globals.h Fri Jan 11 06:51:07 2013
@@ -263,9 +263,8 @@
POLYMORPHIC,
// Many receiver types have been seen.
MEGAMORPHIC,
- // Special states for debug break or step in prepare stubs.
- DEBUG_BREAK,
- DEBUG_PREPARE_STEP_IN
+ // Special state for debug break or step in prepare stubs.
+ DEBUG_STUB
};
=======================================
--- /trunk/src/version.cc Wed Jan 9 09:13:11 2013
+++ /trunk/src/version.cc Fri Jan 11 06:51:07 2013
@@ -34,8 +34,8 @@
// cannot be changed without changing the SCons build script.
#define MAJOR_VERSION 3
#define MINOR_VERSION 16
-#define BUILD_NUMBER 3
-#define PATCH_LEVEL 1
+#define BUILD_NUMBER 4
+#define PATCH_LEVEL 0
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
=======================================
--- /trunk/test/cctest/test-heap.cc Wed Jan 9 08:32:23 2013
+++ /trunk/test/cctest/test-heap.cc Fri Jan 11 06:51:07 2013
@@ -2627,3 +2627,74 @@
// Unoptimized code is missing and the deoptimizer will go ballistic.
CompileRun("var g = mkClosure(); g('bozo');");
}
+
+
+TEST(Regress169209) {
+ i::FLAG_allow_natives_syntax = true;
+ i::FLAG_flush_code_incrementally = true;
+ InitializeVM();
+ v8::HandleScope scope;
+
+ // Perform one initial GC to enable code flushing.
+ HEAP->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
+
+ // Prepare a shared function info eligible for code flushing for which
+ // the unoptimized code will be replaced during optimization.
+ Handle<SharedFunctionInfo> shared1;
+ {
+ HandleScope inner_scope;
+ CompileRun("function f() { return 'foobar'; }"
+ "function g(x) { if (x) f(); }"
+ "f();"
+ "g(false);"
+ "g(false);");
+
+ Handle<JSFunction> f =
+ v8::Utils::OpenHandle(
+ *v8::Handle<v8::Function>::Cast(
+ v8::Context::GetCurrent()->Global()->Get(v8_str("f"))));
+ CHECK(f->is_compiled());
+ const int kAgingThreshold = 6;
+ for (int i = 0; i < kAgingThreshold; i++) {
+ f->shared()->code()->MakeOlder(static_cast<MarkingParity>(i % 2));
+ }
+
+ shared1 = inner_scope.CloseAndEscape(handle(f->shared(), ISOLATE));
+ }
+
+ // Prepare a shared function info eligible for code flushing that will
+ // represent the dangling tail of the candidate list.
+ Handle<SharedFunctionInfo> shared2;
+ {
+ HandleScope inner_scope;
+ CompileRun("function flushMe() { return 0; }"
+ "flushMe(1);");
+
+ Handle<JSFunction> f =
+ v8::Utils::OpenHandle(
+ *v8::Handle<v8::Function>::Cast(
+
v8::Context::GetCurrent()->Global()->Get(v8_str("flushMe"))));
+ CHECK(f->is_compiled());
+ const int kAgingThreshold = 6;
+ for (int i = 0; i < kAgingThreshold; i++) {
+ f->shared()->code()->MakeOlder(static_cast<MarkingParity>(i % 2));
+ }
+
+ shared2 = inner_scope.CloseAndEscape(handle(f->shared(), ISOLATE));
+ }
+
+ // Simulate incremental marking and collect code flushing candidates.
+ SimulateIncrementalMarking();
+ CHECK(shared1->code()->gc_metadata() != NULL);
+
+ // Optimize function and make sure the unoptimized code is replaced.
+#ifdef DEBUG
+ FLAG_stop_at = "f";
+#endif
+ CompileRun("%OptimizeFunctionOnNextCall(g);"
+ "g(false);");
+
+ // Finish garbage collection cycle.
+ HEAP->CollectAllGarbage(Heap::kNoGCFlags);
+ CHECK(shared1->code()->gc_metadata() == NULL);
+}
=======================================
--- /trunk/test/mjsunit/regress/regress-165637.js Fri Dec 21 04:35:02 2012
+++ /trunk/test/mjsunit/regress/regress-165637.js Fri Jan 11 06:51:07 2013
@@ -44,6 +44,10 @@
return Date.now() - start;
}
+
+// Reset the GC interval to be off. Needed so that the runtime of this test
+// stays within bounds even if we run in GC stress mode.
+%SetFlags("--gc-interval=-1");
// Should never take more than 3 seconds (if the bug is fixed, the test
takes
// considerably less time than 3 seconds).
=======================================
--- /trunk/test/mjsunit/regress/regress-crbug-168545.js Wed Jan 9 08:32:23
2013
+++ /trunk/test/mjsunit/regress/regress-crbug-168545.js Fri Jan 11 06:51:07
2013
@@ -28,3 +28,7 @@
var o = {};
Object.defineProperty(o, "length", { get: function() { throw "bail"; }});
assertThrows("new Int16Array(o);");
+
+var a = [];
+Object.defineProperty(a, "0", { get: function() { throw "bail"; }});
+assertThrows("new Int16Array(a);");
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
