[v8-dev] Merged r11813, r11826 into trunk branch. (issue 10545195)

[danno]

Reviewers: Michael Starzinger,

Description:
Merged r11813, r11826 into trunk branch.
Workaround for: Chrome dev tools crashes when taking a heap snapshot of Docs
offline shared worker.

Fix packed-element.js test on ARM with no snap

BUG=chromium:132727
R=mstarzin...@chromium.org


Please review this at https://chromiumcodereview.appspot.com/10545195/

SVN Base: https://v8.googlecode.com/svn/trunk

Affected files:
  M src/arm/macro-assembler-arm.cc
  M src/profile-generator.cc
  M src/version.cc


Index: src/arm/macro-assembler-arm.cc
diff --git a/src/arm/macro-assembler-arm.cc b/src/arm/macro-assembler-arm.cc
index  
7c49e9e58ae7689c9b9b16e52e537072f1981476..933399e00f43bd62c65993cb1b820d0035aa2cc7  
100644
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -2878,7 +2878,8 @@ void  
MacroAssembler::LoadTransitionedArrayMapConditional(
                  Context::SlotOffset(Context::JS_ARRAY_MAPS_INDEX)));
   size_t offset = expected_kind * kPointerSize +
       FixedArrayBase::kHeaderSize;
-  cmp(map_in_out, scratch);
+  ldr(ip, FieldMemOperand(scratch, offset));
+  cmp(map_in_out, ip);
   b(ne, no_map_match);

   // Use the transitioned cached map.
Index: src/profile-generator.cc
diff --git a/src/profile-generator.cc b/src/profile-generator.cc
index  
ca19f4aaaffea68b8a12e0764086bfa09ec5e06a..a3143bea5b8d46aac2a03bf3e696e28cc61740e6  
100644
--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -2692,6 +2692,10 @@ void V8HeapExplorer::TagGlobalObjects() {
     Object* obj_document;
     if (global_obj->GetProperty(*document_string)->ToObject(&obj_document)  
&&
         obj_document->IsJSObject()) {
+      // FixMe: Workaround: SharedWorker's current Isolate has NULL  
context.
+      // As result GetProperty(*url_string) will crash.
+      if (!Isolate::Current()->context() &&  
obj_document->IsJSGlobalProxy())
+        continue;
       JSObject* document = JSObject::cast(obj_document);
       Object* obj_url;
       if (document->GetProperty(*url_string)->ToObject(&obj_url) &&
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index  
86f18b652ba77a2b79d4a614472aed201428a3bc..39d5fef7278a6501900c3441c6846f0c372d2ecd  
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     11
 #define BUILD_NUMBER      10
-#define PATCH_LEVEL       3
+#define PATCH_LEVEL       4
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0


--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev