1 files changed, 43 insertions, 71 deletions

diff --git a/deps/v8/src/runtime/runtime-compiler.cc b/deps/v8/src/runtime/runtime-compiler.cc
index 7b73967acc..6cd8541585 100644
--- a/deps/v8/src/runtime/runtime-compiler.cc
+++ b/deps/v8/src/runtime/runtime-compiler.cc
@@ -33,7 +33,9 @@ RUNTIME_FUNCTION(Runtime_CompileLazy) {
 #endif
 
   StackLimitCheck check(isolate);
-  if (check.JsHasOverflowed(1 * KB)) return isolate->StackOverflow();
+  if (check.JsHasOverflowed(kStackSpaceRequiredForCompilation * KB)) {
+    return isolate->StackOverflow();
+  }
   if (!Compiler::Compile(function, Compiler::KEEP_EXCEPTION)) {
     return isolate->heap()->exception();
   }
@@ -46,8 +48,10 @@ RUNTIME_FUNCTION(Runtime_CompileOptimized_Concurrent) {
   DCHECK_EQ(1, args.length());
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
   StackLimitCheck check(isolate);
-  if (check.JsHasOverflowed(1 * KB)) return isolate->StackOverflow();
-  if (!Compiler::CompileOptimized(function, Compiler::CONCURRENT)) {
+  if (check.JsHasOverflowed(kStackSpaceRequiredForCompilation * KB)) {
+    return isolate->StackOverflow();
+  }
+  if (!Compiler::CompileOptimized(function, ConcurrencyMode::kConcurrent)) {
     return isolate->heap()->exception();
   }
   DCHECK(function->is_compiled());
@@ -60,8 +64,10 @@ RUNTIME_FUNCTION(Runtime_CompileOptimized_NotConcurrent) {
   DCHECK_EQ(1, args.length());
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
   StackLimitCheck check(isolate);
-  if (check.JsHasOverflowed(1 * KB)) return isolate->StackOverflow();
-  if (!Compiler::CompileOptimized(function, Compiler::NOT_CONCURRENT)) {
+  if (check.JsHasOverflowed(kStackSpaceRequiredForCompilation * KB)) {
+    return isolate->StackOverflow();
+  }
+  if (!Compiler::CompileOptimized(function, ConcurrencyMode::kNotConcurrent)) {
     return isolate->heap()->exception();
   }
   DCHECK(function->is_compiled());
@@ -73,7 +79,8 @@ RUNTIME_FUNCTION(Runtime_EvictOptimizedCodeSlot) {
   DCHECK_EQ(1, args.length());
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
 
-  DCHECK(function->is_compiled());
+  DCHECK(function->shared()->is_compiled());
+
   function->feedback_vector()->EvictOptimizedCodeMarkedForDeoptimization(
       function->shared(), "Runtime_EvictOptimizedCodeSlot");
   return function->code();
@@ -88,9 +95,9 @@ RUNTIME_FUNCTION(Runtime_InstantiateAsmJs) {
   if (args[1]->IsJSReceiver()) {
     stdlib = args.at<JSReceiver>(1);
   }
-  Handle<JSObject> foreign;
-  if (args[2]->IsJSObject()) {
-    foreign = args.at<JSObject>(2);
+  Handle<JSReceiver> foreign;
+  if (args[2]->IsJSReceiver()) {
+    foreign = args.at<JSReceiver>(2);
   }
   Handle<JSArrayBuffer> memory;
   if (args[3]->IsJSArrayBuffer()) {
@@ -168,22 +175,13 @@ RUNTIME_FUNCTION(Runtime_NotifyDeoptimized) {
   Handle<Code> optimized_code = deoptimizer->compiled_code();
 
   DCHECK(optimized_code->kind() == Code::OPTIMIZED_FUNCTION);
+  DCHECK(optimized_code->is_turbofanned());
   DCHECK(type == deoptimizer->bailout_type());
   DCHECK_NULL(isolate->context());
 
-  // TODO(turbofan): For Crankshaft we restore the context before objects are
-  // being materialized, because it never de-materializes the context but it
-  // requires a context to materialize arguments objects. This is specific to
-  // Crankshaft and can be removed once only TurboFan goes through here.
-  if (!optimized_code->is_turbofanned()) {
-    JavaScriptFrameIterator top_it(isolate);
-    JavaScriptFrame* top_frame = top_it.frame();
-    isolate->set_context(Context::cast(top_frame->context()));
-  } else {
-    // TODO(turbofan): We currently need the native context to materialize
-    // the arguments object, but only to get to its map.
-    isolate->set_context(function->native_context());
-  }
+  // TODO(turbofan): We currently need the native context to materialize
+  // the arguments object, but only to get to its map.
+  isolate->set_context(function->native_context());
 
   // Make sure to materialize objects before causing any allocation.
   JavaScriptFrameIterator it(isolate);
@@ -191,11 +189,9 @@ RUNTIME_FUNCTION(Runtime_NotifyDeoptimized) {
   delete deoptimizer;
 
   // Ensure the context register is updated for materialized objects.
-  if (optimized_code->is_turbofanned()) {
-    JavaScriptFrameIterator top_it(isolate);
-    JavaScriptFrame* top_frame = top_it.frame();
-    isolate->set_context(Context::cast(top_frame->context()));
-  }
+  JavaScriptFrameIterator top_it(isolate);
+  JavaScriptFrame* top_frame = top_it.frame();
+  isolate->set_context(Context::cast(top_frame->context()));
 
   if (type == Deoptimizer::LAZY) {
     return isolate->heap()->undefined_value();
@@ -218,12 +214,6 @@ RUNTIME_FUNCTION(Runtime_NotifyDeoptimized) {
     if (function->feedback_vector()->optimized_code() == *optimized_code) {
       function->ClearOptimizedCodeSlot("notify deoptimized");
     }
-    // Remove the code from the osr optimized code cache.
-    DeoptimizationInputData* deopt_data =
-        DeoptimizationInputData::cast(optimized_code->deoptimization_data());
-    if (deopt_data->OsrAstId()->value() == BailoutId::None().ToInt()) {
-      isolate->EvictOSROptimizedCode(*optimized_code, "notify deoptimized");
-    }
   } else {
     // TODO(titzer): we should probably do DeoptimizeCodeList(code)
     // unconditionally if the code is not already marked for deoptimization.
@@ -275,7 +265,7 @@ BailoutId DetermineEntryAndDisarmOSRForBaseline(JavaScriptFrame* frame) {
   // Return a BailoutId representing an AST id of the {IterationStatement}.
   uint32_t pc_offset =
       static_cast<uint32_t>(frame->pc() - caller_code->instruction_start());
-  return caller_code->TranslatePcOffsetToAstId(pc_offset);
+  return caller_code->TranslatePcOffsetToBytecodeOffset(pc_offset);
 }
 
 BailoutId DetermineEntryAndDisarmOSRForInterpreter(JavaScriptFrame* frame) {
@@ -342,28 +332,23 @@ RUNTIME_FUNCTION(Runtime_CompileForOnStackReplacement) {
         DeoptimizationInputData::cast(result->deoptimization_data());
 
     if (data->OsrPcOffset()->value() >= 0) {
-      DCHECK(BailoutId(data->OsrAstId()->value()) == ast_id);
+      DCHECK(BailoutId(data->OsrBytecodeOffset()->value()) == ast_id);
       if (FLAG_trace_osr) {
         PrintF("[OSR - Entry at AST id %d, offset %d in optimized code]\n",
                ast_id.ToInt(), data->OsrPcOffset()->value());
       }
 
-      if (result->is_turbofanned()) {
-        // When we're waiting for concurrent optimization, set to compile on
-        // the next call - otherwise we'd run unoptimized once more
-        // and potentially compile for OSR another time as well.
-        if (function->IsMarkedForConcurrentOptimization()) {
-          if (FLAG_trace_osr) {
-            PrintF("[OSR - Re-marking ");
-            function->PrintName();
-            PrintF(" for non-concurrent optimization]\n");
-          }
-          function->ReplaceCode(
-              isolate->builtins()->builtin(Builtins::kCompileOptimized));
+      DCHECK(result->is_turbofanned());
+      if (!function->HasOptimizedCode()) {
+        // If we're not already optimized, set to optimize non-concurrently on
+        // the next call, otherwise we'd run unoptimized once more and
+        // potentially compile for OSR again.
+        if (FLAG_trace_osr) {
+          PrintF("[OSR - Re-marking ");
+          function->PrintName();
+          PrintF(" for non-concurrent optimization]\n");
         }
-      } else {
-        // Crankshafted OSR code can be installed into the function.
-        function->ReplaceCode(*result);
+        function->SetOptimizationMarker(OptimizationMarker::kCompileOptimized);
       }
       return *result;
     }
@@ -390,33 +375,19 @@ RUNTIME_FUNCTION(Runtime_TryInstallOptimizedCode) {
 
   // First check if this is a real stack overflow.
   StackLimitCheck check(isolate);
-  if (check.JsHasOverflowed()) {
-    SealHandleScope shs(isolate);
+  if (check.JsHasOverflowed(kStackSpaceRequiredForCompilation * KB)) {
     return isolate->StackOverflow();
   }
 
-  isolate->optimizing_compile_dispatcher()->InstallOptimizedFunctions();
+  // Only try to install optimized functions if the interrupt was InstallCode.
+  if (isolate->stack_guard()->CheckAndClearInstallCode()) {
+    isolate->optimizing_compile_dispatcher()->InstallOptimizedFunctions();
+  }
+
   return (function->IsOptimized()) ? function->code()
                                    : function->shared()->code();
 }
 
-
-bool CodeGenerationFromStringsAllowed(Isolate* isolate,
-                                      Handle<Context> context) {
-  DCHECK(context->allow_code_gen_from_strings()->IsFalse(isolate));
-  // Check with callback if set.
-  AllowCodeGenerationFromStringsCallback callback =
-      isolate->allow_code_gen_callback();
-  if (callback == NULL) {
-    // No callback set and code generation disallowed.
-    return false;
-  } else {
-    // Callback set. Let it decide if code generation is allowed.
-    VMState<EXTERNAL> state(isolate);
-    return callback(v8::Utils::ToLocal(context));
-  }
-}
-
 static Object* CompileGlobalEval(Isolate* isolate, Handle<String> source,
                                  Handle<SharedFunctionInfo> outer_info,
                                  LanguageMode language_mode,
@@ -427,7 +398,8 @@ static Object* CompileGlobalEval(Isolate* isolate, Handle<String> source,
   // Check if native context allows code generation from
   // strings. Throw an exception if it doesn't.
   if (native_context->allow_code_gen_from_strings()->IsFalse(isolate) &&
-      !CodeGenerationFromStringsAllowed(isolate, native_context)) {
+      !Compiler::CodeGenerationFromStringsAllowed(isolate, native_context,
+                                                  source)) {
     Handle<Object> error_message =
         native_context->ErrorMessageForCodeGenerationFromStrings();
     Handle<Object> error;