RubyGems - libv8 - Versions diffs - 3.10.8.0 → 3.11.8.0 - Mend

libv8 3.10.8.0 → 3.11.8.0

Files changed (215) hide show

data/Rakefile +10 -3
data/ext/libv8/compiler.rb +46 -0
data/ext/libv8/extconf.rb +5 -1
data/ext/libv8/make.rb +13 -0
data/lib/libv8/version.rb +1 -1
data/patches/add-freebsd9-and-freebsd10-to-gyp-GetFlavor.patch +11 -0
data/patches/src_platform-freebsd.cc.patch +10 -0
data/vendor/v8/ChangeLog +124 -0
data/vendor/v8/DEPS +27 -0
data/vendor/v8/Makefile +7 -0
data/vendor/v8/SConstruct +15 -2
data/vendor/v8/build/common.gypi +129 -157
data/vendor/v8/build/gyp_v8 +11 -25
data/vendor/v8/build/standalone.gypi +9 -3
data/vendor/v8/include/v8.h +5 -3
data/vendor/v8/src/SConscript +1 -0
data/vendor/v8/src/api.cc +4 -33
data/vendor/v8/src/api.h +2 -2
data/vendor/v8/src/arm/builtins-arm.cc +5 -4
data/vendor/v8/src/arm/code-stubs-arm.cc +21 -14
data/vendor/v8/src/arm/codegen-arm.cc +2 -2
data/vendor/v8/src/arm/debug-arm.cc +3 -1
data/vendor/v8/src/arm/full-codegen-arm.cc +3 -102
data/vendor/v8/src/arm/ic-arm.cc +30 -33
data/vendor/v8/src/arm/lithium-arm.cc +20 -7
data/vendor/v8/src/arm/lithium-arm.h +10 -4
data/vendor/v8/src/arm/lithium-codegen-arm.cc +106 -60
data/vendor/v8/src/arm/macro-assembler-arm.cc +49 -39
data/vendor/v8/src/arm/macro-assembler-arm.h +5 -4
data/vendor/v8/src/arm/regexp-macro-assembler-arm.cc +115 -55
data/vendor/v8/src/arm/regexp-macro-assembler-arm.h +7 -6
data/vendor/v8/src/arm/simulator-arm.h +6 -6
data/vendor/v8/src/arm/stub-cache-arm.cc +64 -19
data/vendor/v8/src/array.js +7 -3
data/vendor/v8/src/ast.cc +11 -6
data/vendor/v8/src/bootstrapper.cc +9 -11
data/vendor/v8/src/builtins.cc +61 -31
data/vendor/v8/src/code-stubs.cc +23 -9
data/vendor/v8/src/code-stubs.h +1 -0
data/vendor/v8/src/codegen.h +3 -3
data/vendor/v8/src/compiler.cc +1 -1
data/vendor/v8/src/contexts.h +2 -18
data/vendor/v8/src/d8.cc +94 -93
data/vendor/v8/src/d8.h +1 -1
data/vendor/v8/src/debug-agent.cc +3 -3
data/vendor/v8/src/debug.cc +41 -1
data/vendor/v8/src/debug.h +50 -0
data/vendor/v8/src/elements-kind.cc +134 -0
data/vendor/v8/src/elements-kind.h +210 -0
data/vendor/v8/src/elements.cc +356 -190
data/vendor/v8/src/elements.h +36 -28
data/vendor/v8/src/factory.cc +44 -4
data/vendor/v8/src/factory.h +11 -7
data/vendor/v8/src/flag-definitions.h +3 -0
data/vendor/v8/src/frames.h +3 -0
data/vendor/v8/src/full-codegen.cc +2 -1
data/vendor/v8/src/func-name-inferrer.h +2 -0
data/vendor/v8/src/globals.h +3 -0
data/vendor/v8/src/heap-inl.h +16 -4
data/vendor/v8/src/heap.cc +38 -32
data/vendor/v8/src/heap.h +3 -17
data/vendor/v8/src/hydrogen-instructions.cc +28 -5
data/vendor/v8/src/hydrogen-instructions.h +142 -44
data/vendor/v8/src/hydrogen.cc +160 -55
data/vendor/v8/src/hydrogen.h +2 -0
data/vendor/v8/src/ia32/assembler-ia32.h +3 -0
data/vendor/v8/src/ia32/builtins-ia32.cc +5 -4
data/vendor/v8/src/ia32/code-stubs-ia32.cc +22 -16
data/vendor/v8/src/ia32/codegen-ia32.cc +2 -2
data/vendor/v8/src/ia32/debug-ia32.cc +29 -2
data/vendor/v8/src/ia32/full-codegen-ia32.cc +8 -101
data/vendor/v8/src/ia32/ic-ia32.cc +23 -19
data/vendor/v8/src/ia32/lithium-codegen-ia32.cc +126 -80
data/vendor/v8/src/ia32/lithium-codegen-ia32.h +2 -1
data/vendor/v8/src/ia32/lithium-ia32.cc +15 -9
data/vendor/v8/src/ia32/lithium-ia32.h +14 -6
data/vendor/v8/src/ia32/macro-assembler-ia32.cc +50 -40
data/vendor/v8/src/ia32/macro-assembler-ia32.h +5 -4
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.cc +113 -43
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.h +9 -4
data/vendor/v8/src/ia32/simulator-ia32.h +4 -4
data/vendor/v8/src/ia32/stub-cache-ia32.cc +52 -14
data/vendor/v8/src/ic.cc +77 -20
data/vendor/v8/src/ic.h +18 -2
data/vendor/v8/src/incremental-marking-inl.h +21 -5
data/vendor/v8/src/incremental-marking.cc +35 -8
data/vendor/v8/src/incremental-marking.h +12 -3
data/vendor/v8/src/isolate.cc +12 -2
data/vendor/v8/src/isolate.h +1 -1
data/vendor/v8/src/jsregexp.cc +66 -26
data/vendor/v8/src/jsregexp.h +60 -31
data/vendor/v8/src/list-inl.h +8 -0
data/vendor/v8/src/list.h +3 -0
data/vendor/v8/src/lithium.cc +5 -2
data/vendor/v8/src/liveedit.cc +57 -5
data/vendor/v8/src/mark-compact-inl.h +17 -11
data/vendor/v8/src/mark-compact.cc +100 -143
data/vendor/v8/src/mark-compact.h +44 -20
data/vendor/v8/src/messages.js +131 -99
data/vendor/v8/src/mips/builtins-mips.cc +5 -4
data/vendor/v8/src/mips/code-stubs-mips.cc +23 -15
data/vendor/v8/src/mips/codegen-mips.cc +2 -2
data/vendor/v8/src/mips/debug-mips.cc +3 -1
data/vendor/v8/src/mips/full-codegen-mips.cc +4 -102
data/vendor/v8/src/mips/ic-mips.cc +34 -36
data/vendor/v8/src/mips/lithium-codegen-mips.cc +116 -68
data/vendor/v8/src/mips/lithium-mips.cc +20 -7
data/vendor/v8/src/mips/lithium-mips.h +11 -4
data/vendor/v8/src/mips/macro-assembler-mips.cc +50 -39
data/vendor/v8/src/mips/macro-assembler-mips.h +5 -4
data/vendor/v8/src/mips/regexp-macro-assembler-mips.cc +110 -50
data/vendor/v8/src/mips/regexp-macro-assembler-mips.h +6 -5
data/vendor/v8/src/mips/simulator-mips.h +5 -5
data/vendor/v8/src/mips/stub-cache-mips.cc +66 -20
data/vendor/v8/src/mksnapshot.cc +5 -1
data/vendor/v8/src/objects-debug.cc +103 -6
data/vendor/v8/src/objects-inl.h +215 -116
data/vendor/v8/src/objects-printer.cc +13 -8
data/vendor/v8/src/objects.cc +608 -331
data/vendor/v8/src/objects.h +129 -94
data/vendor/v8/src/parser.cc +16 -4
data/vendor/v8/src/platform-freebsd.cc +1 -0
data/vendor/v8/src/platform-linux.cc +9 -30
data/vendor/v8/src/platform-posix.cc +28 -7
data/vendor/v8/src/platform-win32.cc +15 -3
data/vendor/v8/src/platform.h +2 -1
data/vendor/v8/src/profile-generator-inl.h +25 -2
data/vendor/v8/src/profile-generator.cc +300 -822
data/vendor/v8/src/profile-generator.h +97 -214
data/vendor/v8/src/regexp-macro-assembler-irregexp.cc +2 -1
data/vendor/v8/src/regexp-macro-assembler-irregexp.h +2 -2
data/vendor/v8/src/regexp-macro-assembler-tracer.cc +6 -5
data/vendor/v8/src/regexp-macro-assembler-tracer.h +1 -1
data/vendor/v8/src/regexp-macro-assembler.cc +7 -3
data/vendor/v8/src/regexp-macro-assembler.h +10 -2
data/vendor/v8/src/regexp.js +6 -0
data/vendor/v8/src/runtime.cc +265 -212
data/vendor/v8/src/runtime.h +6 -5
data/vendor/v8/src/scopes.cc +20 -0
data/vendor/v8/src/scopes.h +6 -3
data/vendor/v8/src/spaces.cc +0 -2
data/vendor/v8/src/string-stream.cc +2 -2
data/vendor/v8/src/v8-counters.h +0 -2
data/vendor/v8/src/v8natives.js +2 -2
data/vendor/v8/src/v8utils.h +6 -3
data/vendor/v8/src/version.cc +1 -1
data/vendor/v8/src/x64/assembler-x64.h +2 -1
data/vendor/v8/src/x64/builtins-x64.cc +5 -4
data/vendor/v8/src/x64/code-stubs-x64.cc +25 -16
data/vendor/v8/src/x64/codegen-x64.cc +2 -2
data/vendor/v8/src/x64/debug-x64.cc +14 -1
data/vendor/v8/src/x64/disasm-x64.cc +1 -1
data/vendor/v8/src/x64/full-codegen-x64.cc +10 -106
data/vendor/v8/src/x64/ic-x64.cc +20 -16
data/vendor/v8/src/x64/lithium-codegen-x64.cc +156 -79
data/vendor/v8/src/x64/lithium-codegen-x64.h +2 -1
data/vendor/v8/src/x64/lithium-x64.cc +18 -8
data/vendor/v8/src/x64/lithium-x64.h +7 -2
data/vendor/v8/src/x64/macro-assembler-x64.cc +50 -40
data/vendor/v8/src/x64/macro-assembler-x64.h +5 -4
data/vendor/v8/src/x64/regexp-macro-assembler-x64.cc +122 -51
data/vendor/v8/src/x64/regexp-macro-assembler-x64.h +17 -8
data/vendor/v8/src/x64/simulator-x64.h +4 -4
data/vendor/v8/src/x64/stub-cache-x64.cc +55 -17
data/vendor/v8/test/cctest/cctest.status +1 -0
data/vendor/v8/test/cctest/test-api.cc +24 -0
data/vendor/v8/test/cctest/test-func-name-inference.cc +38 -0
data/vendor/v8/test/cctest/test-heap-profiler.cc +21 -77
data/vendor/v8/test/cctest/test-heap.cc +164 -3
data/vendor/v8/test/cctest/test-list.cc +12 -0
data/vendor/v8/test/cctest/test-mark-compact.cc +5 -5
data/vendor/v8/test/cctest/test-regexp.cc +14 -8
data/vendor/v8/test/cctest/testcfg.py +2 -0
data/vendor/v8/test/mjsunit/accessor-map-sharing.js +176 -0
data/vendor/v8/test/mjsunit/array-construct-transition.js +3 -3
data/vendor/v8/test/mjsunit/array-literal-transitions.js +10 -10
data/vendor/v8/test/mjsunit/big-array-literal.js +3 -0
data/vendor/v8/test/mjsunit/compiler/inline-construct.js +4 -2
data/vendor/v8/test/mjsunit/debug-liveedit-stack-padding.js +88 -0
data/vendor/v8/test/mjsunit/elements-kind.js +4 -4
data/vendor/v8/test/mjsunit/elements-transition-hoisting.js +2 -2
data/vendor/v8/test/mjsunit/elements-transition.js +5 -5
data/vendor/v8/test/mjsunit/error-constructors.js +68 -33
data/vendor/v8/test/mjsunit/harmony/proxies.js +14 -6
data/vendor/v8/test/mjsunit/mjsunit.status +1 -0
data/vendor/v8/test/mjsunit/packed-elements.js +112 -0
data/vendor/v8/test/mjsunit/regexp-capture-3.js +6 -0
data/vendor/v8/test/mjsunit/regexp-global.js +132 -0
data/vendor/v8/test/mjsunit/regexp.js +11 -0
data/vendor/v8/test/mjsunit/regress/regress-117409.js +52 -0
data/vendor/v8/test/mjsunit/regress/regress-126412.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-128018.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-128146.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-1639-2.js +4 -1
data/vendor/v8/test/mjsunit/regress/regress-1639.js +14 -8
data/vendor/v8/test/mjsunit/regress/regress-1849.js +3 -3
data/vendor/v8/test/mjsunit/regress/regress-1878.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-2071.js +79 -0
data/vendor/v8/test/mjsunit/regress/regress-2153.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-122271.js +4 -4
data/vendor/v8/test/mjsunit/regress/regress-crbug-126414.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-smi-only-concat.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-transcendental.js +49 -0
data/vendor/v8/test/mjsunit/stack-traces.js +14 -0
data/vendor/v8/test/mjsunit/unbox-double-arrays.js +4 -3
data/vendor/v8/test/test262/testcfg.py +6 -1
data/vendor/v8/tools/check-static-initializers.sh +11 -3
data/vendor/v8/tools/fuzz-harness.sh +92 -0
data/vendor/v8/tools/grokdump.py +658 -67
data/vendor/v8/tools/gyp/v8.gyp +21 -39
data/vendor/v8/tools/js2c.py +3 -3
data/vendor/v8/tools/jsmin.py +2 -2
data/vendor/v8/tools/presubmit.py +2 -1
data/vendor/v8/tools/test-wrapper-gypbuild.py +25 -11
metadata +624 -612

data/vendor/v8/src/arm/regexp-macro-assembler-arm.h CHANGED

@@ -1,4 +1,4 @@
-// Copyright 2006-2008 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -113,7 +113,7 @@ class RegExpMacroAssemblerARM: public NativeRegExpMacroAssembler {
   virtual void ReadStackPointerFromRegister(int reg);
   virtual void SetCurrentPositionFromEnd(int by);
   virtual void SetRegister(int register_index, int to);
-  virtual void Succeed();
+  virtual bool Succeed();
   virtual void WriteCurrentPositionToRegister(int reg, int cp_offset);
   virtual void ClearRegisters(int reg_from, int reg_to);
   virtual void WriteStackPointerToRegister(int reg);
@@ -137,7 +137,8 @@ class RegExpMacroAssemblerARM: public NativeRegExpMacroAssembler {
   static const int kSecondaryReturnAddress = kReturnAddress + kPointerSize;
   // Stack parameters placed by caller.
   static const int kRegisterOutput = kSecondaryReturnAddress + kPointerSize;
-  static const int kStackHighEnd = kRegisterOutput + kPointerSize;
+  static const int kNumOutputRegisters = kRegisterOutput + kPointerSize;
+  static const int kStackHighEnd = kNumOutputRegisters + kPointerSize;
   static const int kDirectCall = kStackHighEnd + kPointerSize;
   static const int kIsolate = kDirectCall + kPointerSize;
@@ -149,10 +150,10 @@ class RegExpMacroAssemblerARM: public NativeRegExpMacroAssembler {
   static const int kInputString = kStartIndex - kPointerSize;
   // When adding local variables remember to push space for them in
   // the frame in GetCode.
-  static const int kInputStartMinusOne = kInputString - kPointerSize;
-  static const int kAtStart = kInputStartMinusOne - kPointerSize;
+  static const int kSuccessfulCaptures = kInputString - kPointerSize;
+  static const int kInputStartMinusOne = kSuccessfulCaptures - kPointerSize;
   // First register address. Following registers are below it on the stack.
-  static const int kRegisterZero = kAtStart - kPointerSize;
+  static const int kRegisterZero = kInputStartMinusOne - kPointerSize;
   // Initial size of code buffer.
   static const size_t kRegExpCodeSize = 1024;

data/vendor/v8/src/arm/simulator-arm.h CHANGED

@@ -1,4 +1,4 @@
-// Copyright 2011 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
@@ -49,16 +49,16 @@ namespace internal {
   (entry(p0, p1, p2, p3, p4))
 typedef int (*arm_regexp_matcher)(String*, int, const byte*, const byte*,
-                                  void*, int*, Address, int, Isolate*);
+                                  void*, int*, int, Address, int, Isolate*);
 // Call the generated regexp code directly. The code at the entry address
 // should act as a function matching the type arm_regexp_matcher.
 // The fifth argument is a dummy that reserves the space used for
 // the return address added by the ExitFrame in native calls.
-#define CALL_GENERATED_REGEXP_CODE(entry, p0, p1, p2, p3, p4, p5, p6, p7) \
+#define CALL_GENERATED_REGEXP_CODE(entry, p0, p1, p2, p3, p4, p5, p6, p7, p8) \
   (FUNCTION_CAST<arm_regexp_matcher>(entry)(                              \
-      p0, p1, p2, p3, NULL, p4, p5, p6, p7))
+      p0, p1, p2, p3, NULL, p4, p5, p6, p7, p8))
 #define TRY_CATCH_FROM_ADDRESS(try_catch_address) \
   reinterpret_cast<TryCatch*>(try_catch_address)
@@ -401,9 +401,9 @@ class Simulator {
   reinterpret_cast<Object*>(Simulator::current(Isolate::Current())->Call( \
       FUNCTION_ADDR(entry), 5, p0, p1, p2, p3, p4))
-#define CALL_GENERATED_REGEXP_CODE(entry, p0, p1, p2, p3, p4, p5, p6, p7) \
+#define CALL_GENERATED_REGEXP_CODE(entry, p0, p1, p2, p3, p4, p5, p6, p7, p8) \
   Simulator::current(Isolate::Current())->Call( \
-      entry, 9, p0, p1, p2, p3, NULL, p4, p5, p6, p7)
+      entry, 10, p0, p1, p2, p3, NULL, p4, p5, p6, p7, p8)
 #define TRY_CATCH_FROM_ADDRESS(try_catch_address)                              \
   try_catch_address == NULL ?                                                  \

data/vendor/v8/src/arm/stub-cache-arm.cc CHANGED

@@ -473,10 +473,20 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
   }
   if (!transition.is_null()) {
-    // Update the map of the object; no write barrier updating is
-    // needed because the map is never in new space.
-    __ mov(ip, Operand(transition));
-    __ str(ip, FieldMemOperand(receiver_reg, HeapObject::kMapOffset));
+    // Update the map of the object.
+    __ mov(scratch, Operand(transition));
+    __ str(scratch, FieldMemOperand(receiver_reg, HeapObject::kMapOffset));
+    // Update the write barrier for the map field and pass the now unused
+    // name_reg as scratch register.
+    __ RecordWriteField(receiver_reg,
+                        HeapObject::kMapOffset,
+                        scratch,
+                        name_reg,
+                        kLRHasNotBeenSaved,
+                        kDontSaveFPRegs,
+                        OMIT_REMEMBERED_SET,
+                        OMIT_SMI_CHECK);
   }
   // Adjust for the number of properties stored in the object. Even in the
@@ -1273,12 +1283,19 @@ void StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
                                           name, miss);
     ASSERT(holder_reg.is(receiver) || holder_reg.is(scratch1));
+    // Preserve the receiver register explicitly whenever it is different from
+    // the holder and it is needed should the interceptor return without any
+    // result. The CALLBACKS case needs the receiver to be passed into C++ code,
+    // the FIELD case might cause a miss during the prototype check.
+    bool must_perfrom_prototype_check = *interceptor_holder != lookup->holder();
+    bool must_preserve_receiver_reg = !receiver.is(holder_reg) &&
+        (lookup->type() == CALLBACKS || must_perfrom_prototype_check);
     // Save necessary data before invoking an interceptor.
     // Requires a frame to make GC aware of pushed pointers.
     {
       FrameScope frame_scope(masm(), StackFrame::INTERNAL);
-      if (lookup->type() == CALLBACKS && !receiver.is(holder_reg)) {
-        // CALLBACKS case needs a receiver to be passed into C++ callback.
+      if (must_preserve_receiver_reg) {
         __ Push(receiver, holder_reg, name_reg);
       } else {
         __ Push(holder_reg, name_reg);
@@ -1303,14 +1320,14 @@ void StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
       __ bind(&interceptor_failed);
       __ pop(name_reg);
       __ pop(holder_reg);
-      if (lookup->type() == CALLBACKS && !receiver.is(holder_reg)) {
+      if (must_preserve_receiver_reg) {
         __ pop(receiver);
       }
       // Leave the internal frame.
     }
     // Check that the maps from interceptor's holder to lookup's holder
     // haven't changed.  And load lookup's holder into |holder| register.
-    if (*interceptor_holder != lookup->holder()) {
+    if (must_perfrom_prototype_check) {
       holder_reg = CheckPrototypes(interceptor_holder,
                                    holder_reg,
                                    Handle<JSObject>(lookup->holder()),
@@ -1574,16 +1591,29 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
         __ jmp(&fast_object);
         // In case of fast smi-only, convert to fast object, otherwise bail out.
         __ bind(&not_fast_object);
-        __ CheckFastSmiOnlyElements(r3, r7, &call_builtin);
+        __ CheckFastSmiElements(r3, r7, &call_builtin);
         // edx: receiver
         // r3: map
-        __ LoadTransitionedArrayMapConditional(FAST_SMI_ONLY_ELEMENTS,
+        Label try_holey_map;
+        __ LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS,
                                                FAST_ELEMENTS,
                                                r3,
                                                r7,
+                                               &try_holey_map);
+        __ mov(r2, receiver);
+        ElementsTransitionGenerator::
+            GenerateMapChangeElementsTransition(masm());
+        __ jmp(&fast_object);
+        __ bind(&try_holey_map);
+        __ LoadTransitionedArrayMapConditional(FAST_HOLEY_SMI_ELEMENTS,
+                                               FAST_HOLEY_ELEMENTS,
+                                               r3,
+                                               r7,
                                                &call_builtin);
         __ mov(r2, receiver);
-        ElementsTransitionGenerator::GenerateSmiOnlyToObject(masm());
+        ElementsTransitionGenerator::
+            GenerateMapChangeElementsTransition(masm());
         __ bind(&fast_object);
       } else {
         __ CheckFastObjectElements(r3, r3, &call_builtin);
@@ -3365,8 +3395,11 @@ static bool IsElementTypeSigned(ElementsKind elements_kind) {
     case EXTERNAL_FLOAT_ELEMENTS:
     case EXTERNAL_DOUBLE_ELEMENTS:
     case FAST_ELEMENTS:
-    case FAST_SMI_ONLY_ELEMENTS:
+    case FAST_SMI_ELEMENTS:
     case FAST_DOUBLE_ELEMENTS:
+    case FAST_HOLEY_ELEMENTS:
+    case FAST_HOLEY_SMI_ELEMENTS:
+    case FAST_HOLEY_DOUBLE_ELEMENTS:
     case DICTIONARY_ELEMENTS:
     case NON_STRICT_ARGUMENTS_ELEMENTS:
       UNREACHABLE();
@@ -3490,8 +3523,11 @@ void KeyedLoadStubCompiler::GenerateLoadExternalArray(
       }
       break;
     case FAST_ELEMENTS:
-    case FAST_SMI_ONLY_ELEMENTS:
+    case FAST_SMI_ELEMENTS:
     case FAST_DOUBLE_ELEMENTS:
+    case FAST_HOLEY_ELEMENTS:
+    case FAST_HOLEY_SMI_ELEMENTS:
+    case FAST_HOLEY_DOUBLE_ELEMENTS:
     case DICTIONARY_ELEMENTS:
     case NON_STRICT_ARGUMENTS_ELEMENTS:
       UNREACHABLE();
@@ -3831,8 +3867,11 @@ void KeyedStoreStubCompiler::GenerateStoreExternalArray(
       }
       break;
     case FAST_ELEMENTS:
-    case FAST_SMI_ONLY_ELEMENTS:
+    case FAST_SMI_ELEMENTS:
     case FAST_DOUBLE_ELEMENTS:
+    case FAST_HOLEY_ELEMENTS:
+    case FAST_HOLEY_SMI_ELEMENTS:
+    case FAST_HOLEY_DOUBLE_ELEMENTS:
     case DICTIONARY_ELEMENTS:
     case NON_STRICT_ARGUMENTS_ELEMENTS:
       UNREACHABLE();
@@ -3895,8 +3934,11 @@ void KeyedStoreStubCompiler::GenerateStoreExternalArray(
           case EXTERNAL_FLOAT_ELEMENTS:
           case EXTERNAL_DOUBLE_ELEMENTS:
           case FAST_ELEMENTS:
-          case FAST_SMI_ONLY_ELEMENTS:
+          case FAST_SMI_ELEMENTS:
           case FAST_DOUBLE_ELEMENTS:
+          case FAST_HOLEY_ELEMENTS:
+          case FAST_HOLEY_SMI_ELEMENTS:
+          case FAST_HOLEY_DOUBLE_ELEMENTS:
           case DICTIONARY_ELEMENTS:
           case NON_STRICT_ARGUMENTS_ELEMENTS:
             UNREACHABLE();
@@ -4035,8 +4077,11 @@ void KeyedStoreStubCompiler::GenerateStoreExternalArray(
           case EXTERNAL_FLOAT_ELEMENTS:
           case EXTERNAL_DOUBLE_ELEMENTS:
           case FAST_ELEMENTS:
-          case FAST_SMI_ONLY_ELEMENTS:
+          case FAST_SMI_ELEMENTS:
           case FAST_DOUBLE_ELEMENTS:
+          case FAST_HOLEY_ELEMENTS:
+          case FAST_HOLEY_SMI_ELEMENTS:
+          case FAST_HOLEY_DOUBLE_ELEMENTS:
           case DICTIONARY_ELEMENTS:
           case NON_STRICT_ARGUMENTS_ELEMENTS:
             UNREACHABLE();
@@ -4218,7 +4263,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(
   // Check that the key is a smi or a heap number convertible to a smi.
   GenerateSmiKeyCheck(masm, key_reg, r4, r5, d1, &miss_force_generic);
-  if (elements_kind == FAST_SMI_ONLY_ELEMENTS) {
+  if (IsFastSmiElementsKind(elements_kind)) {
     __ JumpIfNotSmi(value_reg, &transition_elements_kind);
   }
@@ -4246,7 +4291,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(
               DONT_DO_SMI_CHECK);
   __ bind(&finish_store);
-  if (elements_kind == FAST_SMI_ONLY_ELEMENTS) {
+  if (IsFastSmiElementsKind(elements_kind)) {
     __ add(scratch,
            elements_reg,
            Operand(FixedArray::kHeaderSize - kHeapObjectTag));
@@ -4256,7 +4301,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastElement(
            Operand(key_reg, LSL, kPointerSizeLog2 - kSmiTagSize));
     __ str(value_reg, MemOperand(scratch));
   } else {
-    ASSERT(elements_kind == FAST_ELEMENTS);
+    ASSERT(IsFastObjectElementsKind(elements_kind));
     __ add(scratch,
            elements_reg,
            Operand(FixedArray::kHeaderSize - kHeapObjectTag));

data/vendor/v8/src/array.js CHANGED

@@ -827,7 +827,8 @@ function ArraySort(comparefn) {
       var element = a[i];
       var order = %_CallFunction(receiver, element, pivot, comparefn);
       if (order < 0) {
-        %_SwapElements(a, i, low_end);
+        a[i] = a[low_end];
+        a[low_end] = element;
         low_end++;
       } else if (order > 0) {
         do {
@@ -836,9 +837,12 @@ function ArraySort(comparefn) {
           var top_elem = a[high_start];
           order = %_CallFunction(receiver, top_elem, pivot, comparefn);
         } while (order > 0);
-        %_SwapElements(a, i, high_start);
+        a[i] = a[high_start];
+        a[high_start] = element;
         if (order < 0) {
-          %_SwapElements(a, i, low_end);
+          element = a[i];
+          a[i] = a[low_end];
+          a[low_end] = element;
           low_end++;
         }
       }

data/vendor/v8/src/ast.cc CHANGED

@@ -962,6 +962,14 @@ RegExpDisjunction::RegExpDisjunction(ZoneList<RegExpTree*>* alternatives)
 }
+static int IncreaseBy(int previous, int increase) {
+  if (RegExpTree::kInfinity - previous < increase) {
+    return RegExpTree::kInfinity;
+  } else {
+    return previous + increase;
+  }
+}
 RegExpAlternative::RegExpAlternative(ZoneList<RegExpTree*>* nodes)
     : nodes_(nodes) {
   ASSERT(nodes->length() > 1);
@@ -969,13 +977,10 @@ RegExpAlternative::RegExpAlternative(ZoneList<RegExpTree*>* nodes)
   max_match_ = 0;
   for (int i = 0; i < nodes->length(); i++) {
     RegExpTree* node = nodes->at(i);
-    min_match_ += node->min_match();
+    int node_min_match = node->min_match();
+    min_match_ = IncreaseBy(min_match_, node_min_match);
     int node_max_match = node->max_match();
-    if (kInfinity - max_match_ < node_max_match) {
-      max_match_ = kInfinity;
-    } else {
-      max_match_ += node->max_match();
-    }
+    max_match_ = IncreaseBy(max_match_, node_max_match);
   }
 }

data/vendor/v8/src/bootstrapper.cc CHANGED

@@ -484,8 +484,8 @@ Handle<JSFunction> Genesis::CreateEmptyFunction(Isolate* isolate) {
     global_context()->set_initial_object_prototype(*prototype);
     SetPrototype(object_fun, prototype);
-    object_function_map->
-      set_instance_descriptors(heap->empty_descriptor_array());
+    object_function_map->set_instance_descriptors(
+        heap->empty_descriptor_array());
   }
   // Allocate the empty function as the prototype for function ECMAScript
@@ -516,12 +516,10 @@ Handle<JSFunction> Genesis::CreateEmptyFunction(Isolate* isolate) {
   function_instance_map_writable_prototype_->set_prototype(*empty_function);
   // Allocate the function map first and then patch the prototype later
-  Handle<Map> empty_fm = factory->CopyMapDropDescriptors(
-      function_without_prototype_map);
-  empty_fm->set_instance_descriptors(
-      function_without_prototype_map->instance_descriptors());
-  empty_fm->set_prototype(global_context()->object_function()->prototype());
-  empty_function->set_map(*empty_fm);
+  Handle<Map> empty_function_map = CreateFunctionMap(DONT_ADD_PROTOTYPE);
+  empty_function_map->set_prototype(
+      global_context()->object_function()->prototype());
+  empty_function->set_map(*empty_function_map);
   return empty_function;
 }
@@ -1094,7 +1092,7 @@ bool Genesis::InitializeGlobal(Handle<GlobalObject> inner_global,
     // Check the state of the object.
     ASSERT(result->HasFastProperties());
-    ASSERT(result->HasFastElements());
+    ASSERT(result->HasFastObjectElements());
 #endif
   }
@@ -1187,7 +1185,7 @@ bool Genesis::InitializeGlobal(Handle<GlobalObject> inner_global,
     // Check the state of the object.
     ASSERT(result->HasFastProperties());
-    ASSERT(result->HasFastElements());
+    ASSERT(result->HasFastObjectElements());
 #endif
   }
@@ -1637,7 +1635,7 @@ bool Genesis::InstallNatives() {
         array_function->initial_map()->CopyDropTransitions();
     Map* new_map;
     if (!maybe_map->To<Map>(&new_map)) return false;
-    new_map->set_elements_kind(FAST_ELEMENTS);
+    new_map->set_elements_kind(FAST_HOLEY_ELEMENTS);
     array_function->set_initial_map(new_map);
     // Make "length" magic on instances.

data/vendor/v8/src/builtins.cc CHANGED

@@ -200,9 +200,12 @@ static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
     array->set_elements(heap->empty_fixed_array());
     if (!FLAG_smi_only_arrays) {
       Context* global_context = isolate->context()->global_context();
-      if (array->GetElementsKind() == FAST_SMI_ONLY_ELEMENTS &&
-          !global_context->object_js_array_map()->IsUndefined()) {
-        array->set_map(Map::cast(global_context->object_js_array_map()));
+      if (array->GetElementsKind() == GetInitialFastElementsKind() &&
+          !global_context->js_array_maps()->IsUndefined()) {
+        FixedArray* map_array =
+            FixedArray::cast(global_context->js_array_maps());
+        array->set_map(Map::cast(map_array->
+                                 get(TERMINAL_FAST_ELEMENTS_KIND)));
       }
     }
   } else {
@@ -222,6 +225,13 @@ static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
         { MaybeObject* maybe_obj = heap->AllocateFixedArrayWithHoles(len);
           if (!maybe_obj->ToObject(&fixed_array)) return maybe_obj;
         }
+        ElementsKind elements_kind = array->GetElementsKind();
+        if (!IsFastHoleyElementsKind(elements_kind)) {
+          elements_kind = GetHoleyElementsKind(elements_kind);
+          MaybeObject* maybe_array =
+              array->TransitionElementsKind(elements_kind);
+          if (maybe_array->IsFailure()) return maybe_array;
+        }
         // We do not use SetContent to skip the unnecessary elements type check.
         array->set_elements(FixedArray::cast(fixed_array));
         array->set_length(Smi::cast(obj));
@@ -250,7 +260,7 @@ static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
   // Allocate an appropriately typed elements array.
   MaybeObject* maybe_elms;
   ElementsKind elements_kind = array->GetElementsKind();
-  if (elements_kind == FAST_DOUBLE_ELEMENTS) {
+  if (IsFastDoubleElementsKind(elements_kind)) {
     maybe_elms = heap->AllocateUninitializedFixedDoubleArray(
         number_of_elements);
   } else {
@@ -261,13 +271,15 @@ static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
   // Fill in the content
   switch (array->GetElementsKind()) {
-    case FAST_SMI_ONLY_ELEMENTS: {
+    case FAST_HOLEY_SMI_ELEMENTS:
+    case FAST_SMI_ELEMENTS: {
       FixedArray* smi_elms = FixedArray::cast(elms);
       for (int index = 0; index < number_of_elements; index++) {
         smi_elms->set(index, (*args)[index+1], SKIP_WRITE_BARRIER);
       }
       break;
     }
+    case FAST_HOLEY_ELEMENTS:
     case FAST_ELEMENTS: {
       AssertNoAllocation no_gc;
       WriteBarrierMode mode = elms->GetWriteBarrierMode(no_gc);
@@ -277,6 +289,7 @@ static MaybeObject* ArrayCodeGenericCommon(Arguments* args,
       }
       break;
     }
+    case FAST_HOLEY_DOUBLE_ELEMENTS:
     case FAST_DOUBLE_ELEMENTS: {
       FixedDoubleArray* double_elms = FixedDoubleArray::cast(elms);
       for (int index = 0; index < number_of_elements; index++) {
@@ -412,12 +425,17 @@ static inline MaybeObject* EnsureJSArrayWithWritableFastElements(
   HeapObject* elms = array->elements();
   Map* map = elms->map();
   if (map == heap->fixed_array_map()) {
-    if (args == NULL || !array->HasFastSmiOnlyElements()) {
+    if (args == NULL || array->HasFastObjectElements()) return elms;
+    if (array->HasFastDoubleElements()) {
+      ASSERT(elms == heap->empty_fixed_array());
+      MaybeObject* maybe_transition =
+          array->TransitionElementsKind(FAST_ELEMENTS);
+      if (maybe_transition->IsFailure()) return maybe_transition;
       return elms;
     }
   } else if (map == heap->fixed_cow_array_map()) {
     MaybeObject* maybe_writable_result = array->EnsureWritableFastElements();
-    if (args == NULL || !array->HasFastSmiOnlyElements() ||
+    if (args == NULL || array->HasFastObjectElements() ||
         maybe_writable_result->IsFailure()) {
       return maybe_writable_result;
     }
@@ -511,8 +529,8 @@ BUILTIN(ArrayPush) {
     }
     FixedArray* new_elms = FixedArray::cast(obj);
-    CopyObjectToObjectElements(elms, FAST_ELEMENTS, 0,
-                               new_elms, FAST_ELEMENTS, 0, len);
+    ElementsKind kind = array->GetElementsKind();
+    CopyObjectToObjectElements(elms, kind, 0, new_elms, kind, 0, len);
     FillWithHoles(heap, new_elms, new_length, capacity);
     elms = new_elms;
@@ -583,7 +601,7 @@ BUILTIN(ArrayShift) {
   }
   FixedArray* elms = FixedArray::cast(elms_obj);
   JSArray* array = JSArray::cast(receiver);
-  ASSERT(array->HasFastTypeElements());
+  ASSERT(array->HasFastSmiOrObjectElements());
   int len = Smi::cast(array->length())->value();
   if (len == 0) return heap->undefined_value();
@@ -625,7 +643,7 @@ BUILTIN(ArrayUnshift) {
   }
   FixedArray* elms = FixedArray::cast(elms_obj);
   JSArray* array = JSArray::cast(receiver);
-  ASSERT(array->HasFastTypeElements());
+  ASSERT(array->HasFastSmiOrObjectElements());
   int len = Smi::cast(array->length())->value();
   int to_add = args.length() - 1;
@@ -647,8 +665,8 @@ BUILTIN(ArrayUnshift) {
       if (!maybe_obj->ToObject(&obj)) return maybe_obj;
     }
     FixedArray* new_elms = FixedArray::cast(obj);
-    CopyObjectToObjectElements(elms, FAST_ELEMENTS, 0,
-                               new_elms, FAST_ELEMENTS, to_add, len);
+    ElementsKind kind = array->GetElementsKind();
+    CopyObjectToObjectElements(elms, kind, 0, new_elms, kind, to_add, len);
     FillWithHoles(heap, new_elms, new_length, capacity);
     elms = new_elms;
     array->set_elements(elms);
@@ -677,7 +695,7 @@ BUILTIN(ArraySlice) {
   int len = -1;
   if (receiver->IsJSArray()) {
     JSArray* array = JSArray::cast(receiver);
-    if (!array->HasFastTypeElements() ||
+    if (!array->HasFastSmiOrObjectElements() ||
         !IsJSArrayFastElementMovingAllowed(heap, array)) {
       return CallJsBuiltin(isolate, "ArraySlice", args);
     }
@@ -693,7 +711,7 @@ BUILTIN(ArraySlice) {
     bool is_arguments_object_with_fast_elements =
         receiver->IsJSObject()
         && JSObject::cast(receiver)->map() == arguments_map
-        && JSObject::cast(receiver)->HasFastTypeElements();
+        && JSObject::cast(receiver)->HasFastSmiOrObjectElements();
     if (!is_arguments_object_with_fast_elements) {
       return CallJsBuiltin(isolate, "ArraySlice", args);
     }
@@ -758,9 +776,9 @@ BUILTIN(ArraySlice) {
   JSArray* result_array;
   if (!maybe_array->To(&result_array)) return maybe_array;
-  CopyObjectToObjectElements(elms, FAST_ELEMENTS, k,
+  CopyObjectToObjectElements(elms, elements_kind, k,
                              FixedArray::cast(result_array->elements()),
-                             FAST_ELEMENTS, 0, result_len);
+                             elements_kind, 0, result_len);
   return result_array;
 }
@@ -781,7 +799,7 @@ BUILTIN(ArraySplice) {
   }
   FixedArray* elms = FixedArray::cast(elms_obj);
   JSArray* array = JSArray::cast(receiver);
-  ASSERT(array->HasFastTypeElements());
+  ASSERT(array->HasFastSmiOrObjectElements());
   int len = Smi::cast(array->length())->value();
@@ -832,9 +850,9 @@ BUILTIN(ArraySplice) {
   {
     // Fill newly created array.
-    CopyObjectToObjectElements(elms, FAST_ELEMENTS, actual_start,
+    CopyObjectToObjectElements(elms, elements_kind, actual_start,
                                FixedArray::cast(result_array->elements()),
-                               FAST_ELEMENTS, 0, actual_delete_count);
+                               elements_kind, 0, actual_delete_count);
   }
   int item_count = (n_arguments > 1) ? (n_arguments - 2) : 0;
@@ -883,12 +901,13 @@ BUILTIN(ArraySplice) {
       {
         // Copy the part before actual_start as is.
-        CopyObjectToObjectElements(elms, FAST_ELEMENTS, 0,
-                                   new_elms, FAST_ELEMENTS, 0, actual_start);
+        ElementsKind kind = array->GetElementsKind();
+        CopyObjectToObjectElements(elms, kind, 0,
+                                   new_elms, kind, 0, actual_start);
         const int to_copy = len - actual_delete_count - actual_start;
-        CopyObjectToObjectElements(elms, FAST_ELEMENTS,
+        CopyObjectToObjectElements(elms, kind,
                                    actual_start + actual_delete_count,
-                                   new_elms, FAST_ELEMENTS,
+                                   new_elms, kind,
                                    actual_start + item_count, to_copy);
       }
@@ -935,11 +954,12 @@ BUILTIN(ArrayConcat) {
   // and calculating total length.
   int n_arguments = args.length();
   int result_len = 0;
-  ElementsKind elements_kind = FAST_SMI_ONLY_ELEMENTS;
+  ElementsKind elements_kind = GetInitialFastElementsKind();
   for (int i = 0; i < n_arguments; i++) {
     Object* arg = args[i];
-    if (!arg->IsJSArray() || !JSArray::cast(arg)->HasFastTypeElements()
-        || JSArray::cast(arg)->GetPrototype() != array_proto) {
+    if (!arg->IsJSArray() ||
+        !JSArray::cast(arg)->HasFastSmiOrObjectElements() ||
+        JSArray::cast(arg)->GetPrototype() != array_proto) {
       return CallJsBuiltin(isolate, "ArrayConcat", args);
     }
@@ -956,8 +976,18 @@ BUILTIN(ArrayConcat) {
       return CallJsBuiltin(isolate, "ArrayConcat", args);
     }
-    if (!JSArray::cast(arg)->HasFastSmiOnlyElements()) {
-      elements_kind = FAST_ELEMENTS;
+    if (!JSArray::cast(arg)->HasFastSmiElements()) {
+      if (IsFastSmiElementsKind(elements_kind)) {
+        if (IsFastHoleyElementsKind(elements_kind)) {
+          elements_kind = FAST_HOLEY_ELEMENTS;
+        } else {
+          elements_kind = FAST_ELEMENTS;
+        }
+      }
+    }
+    if (JSArray::cast(arg)->HasFastHoleyElements()) {
+      elements_kind = GetHoleyElementsKind(elements_kind);
     }
   }
@@ -977,8 +1007,8 @@ BUILTIN(ArrayConcat) {
     JSArray* array = JSArray::cast(args[i]);
     int len = Smi::cast(array->length())->value();
     FixedArray* elms = FixedArray::cast(array->elements());
-    CopyObjectToObjectElements(elms, FAST_ELEMENTS, 0,
-                               result_elms, FAST_ELEMENTS,
+    CopyObjectToObjectElements(elms, elements_kind, 0,
+                               result_elms, elements_kind,
                                start_pos, len);
     start_pos += len;
   }