[v8-dev] Merged r15868, r15871, r15880, r15884 into trunk branch. (issue 20329002)

[jkummerow]

Reviewers: Hannes Payer,

Description:
Merged r15868, r15871, r15880, r15884 into trunk branch.
Setting the thread name may fail, so don't assert that the result is 0.

Removed pointer space to pointer space compaction check when migrating  
objects.

Ignore external strings in old pointer space migration invariant check.

Fix JSArray-specific length lookup in polymorphic array handling

BUG=chromium:263276
R=hpa...@chromium.org

Please review this at https://codereview.chromium.org/20329002/

SVN Base: https://v8.googlecode.com/svn/trunk

Affected files:
  M src/hydrogen.cc
  M src/mark-compact.cc
  M src/platform-posix.cc
  M src/version.cc
  A + test/mjsunit/regress/regress-crbug-263276.js


Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index  
610cb87f38dbba773079acf1a7ef43f329256b3b..2dac865f9c71279c1137ed755f063d76d69a3722  
100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -5697,7 +5697,7 @@ HValue*  
HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
             elements, isolate()->factory()->fixed_array_map(),
             zone(), top_info(), mapcompare));
       }
-      if (map->IsJSArray()) {
+      if (map->instance_type() == JS_ARRAY_TYPE) {
         HInstruction* length = AddLoad(object,  
HObjectAccess::ForArrayLength(),
                                        mapcompare, Representation::Smi());
         length->set_type(HType::Smi());
Index: src/mark-compact.cc
diff --git a/src/mark-compact.cc b/src/mark-compact.cc
index  
bfeeae9efc04531b39c0577fbc23d8b3cf07e81c..a3834980b6baf155e421aa3ac7a2c10389e1b247  
100644
--- a/src/mark-compact.cc
+++ b/src/mark-compact.cc
@@ -2724,21 +2724,11 @@ void MarkCompactCollector::MigrateObject(Address  
dst,
   HEAP_PROFILE(heap(), ObjectMoveEvent(src, dst));
   // TODO(hpayer): Replace that check with an assert.
   CHECK(dest != LO_SPACE && size <= Page::kMaxNonCodeHeapObjectSize);
-  // Objects in old pointer space and old data space can just be moved by
-  // compaction to a different page in the same space.
-  // TODO(hpayer): Replace that following checks with asserts.
-  CHECK(!heap_->old_pointer_space()->Contains(src) ||
-        (heap_->old_pointer_space()->Contains(dst) &&
-        heap_->TargetSpace(HeapObject::FromAddress(src)) ==
-        heap_->old_pointer_space()));
-  CHECK(!heap_->old_data_space()->Contains(src) ||
-        (heap_->old_data_space()->Contains(dst) &&
-        heap_->TargetSpace(HeapObject::FromAddress(src)) ==
-        heap_->old_data_space()));
   if (dest == OLD_POINTER_SPACE) {
     // TODO(hpayer): Replace this check with an assert.
-    CHECK(heap_->TargetSpace(HeapObject::FromAddress(src)) ==
-          heap_->old_pointer_space());
+    HeapObject* heap_object = HeapObject::FromAddress(src);
+    CHECK(heap_object->IsExternalString() ||
+          heap_->TargetSpace(heap_object) == heap_->old_pointer_space());
     Address src_slot = src;
     Address dst_slot = dst;
     ASSERT(IsAligned(size, kPointerSize));
@@ -2784,6 +2774,13 @@ void MarkCompactCollector::MigrateObject(Address dst,
     Code::cast(HeapObject::FromAddress(dst))->Relocate(dst - src);
   } else {
     ASSERT(dest == OLD_DATA_SPACE || dest == NEW_SPACE);
+    // Objects in old data space can just be moved by compaction to a  
different
+    // page in old data space.
+    // TODO(hpayer): Replace the following check with an assert.
+    CHECK(!heap_->old_data_space()->Contains(src) ||
+          (heap_->old_data_space()->Contains(dst) &&
+          heap_->TargetSpace(HeapObject::FromAddress(src)) ==
+          heap_->old_data_space()));
     heap()->MoveBlock(dst, src, size);
   }
   Memory::Address_at(src) = dst;
Index: src/platform-posix.cc
diff --git a/src/platform-posix.cc b/src/platform-posix.cc
index  
ff5f70addc5fe3ffdf32861c699df1e75a57beed..864e94c7e4f6896d61da24714332f3e2d55b35c8  
100644
--- a/src/platform-posix.cc
+++ b/src/platform-posix.cc
@@ -502,12 +502,11 @@ Thread::~Thread() {


 static void SetThreadName(const char* name) {
-  int result = 0;
 #if defined(__DragonFly__) || defined(__FreeBSD__) || defined(__OpenBSD__)
-  result = pthread_set_name_np(pthread_self(), name);
+  pthread_set_name_np(pthread_self(), name);
 #elif defined(__NetBSD__)
   STATIC_ASSERT(Thread::kMaxThreadNameLength <= PTHREAD_MAX_NAMELEN_NP);
-  result = pthread_setname_np(pthread_self(), "%s", name);
+  pthread_setname_np(pthread_self(), "%s", name);
 #elif defined(__APPLE__)
   // pthread_setname_np is only available in 10.6 or later, so test
   // for it at runtime.
@@ -520,14 +519,12 @@ static void SetThreadName(const char* name) {
   // Mac OS X does not expose the length limit of the name, so hardcode it.
   static const int kMaxNameLength = 63;
   STATIC_ASSERT(Thread::kMaxThreadNameLength <= kMaxNameLength);
-  result = dynamic_pthread_setname_np(name);
+  dynamic_pthread_setname_np(name);
 #elif defined(PR_SET_NAME)
-  result = prctl(PR_SET_NAME,
-                 reinterpret_cast<unsigned long>(name),  // NOLINT
-                 0, 0, 0);
+  prctl(PR_SET_NAME,
+        reinterpret_cast<unsigned long>(name),  // NOLINT
+        0, 0, 0);
 #endif
-  ASSERT_EQ(0, result);
-  USE(result);
 }


Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index  
b8a9b2645aa6d922d17c4377c7623b47bd58fdb6..b0e60db155ee226ad42a39443f6ef2239f98c8bf  
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     20
 #define BUILD_NUMBER      8
-#define PATCH_LEVEL       1
+#define PATCH_LEVEL       2
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: test/mjsunit/regress/regress-crbug-263276.js
diff --git a/test/mjsunit/array-non-smi-length.js  
b/test/mjsunit/regress/regress-crbug-263276.js
similarity index 83%
copy from test/mjsunit/array-non-smi-length.js
copy to test/mjsunit/regress/regress-crbug-263276.js
index  
23a25ee797bd68690ad2a7ce26a9135e23b486e2..05aa94cc857136d070093e026ef3daa6d98189c0  
100644
--- a/test/mjsunit/array-non-smi-length.js
+++ b/test/mjsunit/regress/regress-crbug-263276.js
@@ -27,20 +27,20 @@

 // Flags: --allow-natives-syntax

-function TestNonSmiArrayLength() {
-  function f(a) {
-    return a.length+1;
-  }
+var array1 = [];
+array1.foo = true;

-  var a = [];
-  a.length = 0xFFFF;
-  assertSame(0x10000, f(a));
-  assertSame(0x10000, f(a));
+var array2 = [];
+array2.bar = true;

-  %OptimizeFunctionOnNextCall(f);
-  a.length = 0xFFFFFFFF;
-  assertSame(0x100000000, f(a));
+function bad(array) {
+  array[array.length] = 1;
 }

-TestNonSmiArrayLength();
-
+bad(array1);
+bad(array1);
+bad(array2);  // Length is now 1.
+bad(array2);  // Length is now 2.
+%OptimizeFunctionOnNextCall(bad);
+bad(array2);  // Length is now 3.
+assertEquals(3, array2.length);


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.