From 7d469e82e274d334c7d03d81b10d225c59d30798 Mon Sep 17 00:00:00 2001
From: David McFarland <corngood@gmail.com>
Date: Sat, 25 May 2013 22:54:44 -0300
Subject: Fix and test for assert/crash in v8 inlining of local functions in
 qml mode

When v8 tries to inline a local function which has been flagged
is_qml_global, the assert "CHECK(location_ != __null)" fails.

This happens because of the early out in RecordTypeFeedback for
is_qml_global.  I've limited the early out to UNALLOCATED
variables with is_qml_global.

bug: https://bugreports.qt-project.org/browse/QTBUG-31366

Change-Id: I360ef1a05a970589159686cf3100cb70de9ae29d
Reviewed-by: Alan Alpert <aalpert@blackberry.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/3rdparty/v8/src/ast.cc |  2 +-
 tests/auto/v8/tst_v8.cpp   |  6 ++++++
 tests/auto/v8/v8main.cpp   |  1 +
 tests/auto/v8/v8test.cpp   | 34 ++++++++++++++++++++++++++++++++++
 tests/auto/v8/v8test.h     |  1 +
 5 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/src/3rdparty/v8/src/ast.cc b/src/3rdparty/v8/src/ast.cc
index 3015b1e..5d7baf2 100644
--- a/src/3rdparty/v8/src/ast.cc
+++ b/src/3rdparty/v8/src/ast.cc
@@ -566,7 +566,7 @@ void Call::RecordTypeFeedback(TypeFeedbackOracle* oracle,
   Property* property = expression()->AsProperty();
   if (property == NULL) {
     if (VariableProxy *proxy = expression()->AsVariableProxy()) {
-        if (proxy->var()->is_qml_global())
+        if (proxy->var()->IsUnallocated() && proxy->var()->is_qml_global())
             return;
     }
 
diff --git a/tests/auto/v8/tst_v8.cpp b/tests/auto/v8/tst_v8.cpp
index 7461ce3..d4193e4 100644
--- a/tests/auto/v8/tst_v8.cpp
+++ b/tests/auto/v8/tst_v8.cpp
@@ -69,6 +69,7 @@ private slots:
     void completehash();
     void stringhashcomparison();
     void qmlmodevariables();
+    void qmlmodeinlinelocal();
 };
 
 void tst_v8::eval()
@@ -146,6 +147,11 @@ void tst_v8::qmlmodevariables()
     QVERIFY(v8test_qmlmodevariables());
 }
 
+void tst_v8::qmlmodeinlinelocal()
+{
+    QVERIFY(v8test_qmlmodeinlinelocal());
+}
+
 int main(int argc, char *argv[])
 {
     V8::SetFlagsFromCommandLine(&argc, argv, true);
diff --git a/tests/auto/v8/v8main.cpp b/tests/auto/v8/v8main.cpp
index 5ec41ad..21440fd 100644
--- a/tests/auto/v8/v8main.cpp
+++ b/tests/auto/v8/v8main.cpp
@@ -75,6 +75,7 @@ int main(int argc, char *argv[])
     RUN_TEST(fallbackpropertyhandler_nonempty);
     RUN_TEST(completehash);
     RUN_TEST(qmlmodevariables);
+    RUN_TEST(qmlmodeinlinelocal);
 
     return exit_status;
 }
diff --git a/tests/auto/v8/v8test.cpp b/tests/auto/v8/v8test.cpp
index 6621846..6429cd7 100644
--- a/tests/auto/v8/v8test.cpp
+++ b/tests/auto/v8/v8test.cpp
@@ -1210,3 +1210,37 @@ cleanup:
 
     ENDTEST();
 }
+
+// test for https://bugreports.qt-project.org/browse/QTBUG-31366
+// assert/crash when inlining local functions in qml mode
+bool v8test_qmlmodeinlinelocal()
+{
+    BEGINTEST();
+
+    HandleScope handle_scope;
+    Persistent<Context> context = Context::New();
+    Context::Scope context_scope(context);
+
+    Local<Object> qmlglobal = Object::New();
+
+    Local<String> source = String::New(
+        "function func() {"
+            "function local_function () {"
+            "}"
+            // high enough to get it to opt; 10000 seems to be too low
+            "for (var i = 0; i < 100000; ++i) local_function();"
+        "}"
+        "func();"
+      );
+
+    Local<Script> script = Script::Compile(source, NULL, NULL, Handle<String>(), Script::QmlMode);
+
+    TryCatch tc;
+    script->Run(qmlglobal);
+    VERIFY(!tc.HasCaught());
+
+cleanup:
+    context.Dispose();
+
+    ENDTEST();
+}
diff --git a/tests/auto/v8/v8test.h b/tests/auto/v8/v8test.h
index 2db655c..e9fc8f6 100644
--- a/tests/auto/v8/v8test.h
+++ b/tests/auto/v8/v8test.h
@@ -63,6 +63,7 @@ bool v8test_fallbackpropertyhandler_nonempty();
 bool v8test_completehash();
 bool v8test_stringhashcomparison();
 bool v8test_qmlmodevariables();
+bool v8test_qmlmodeinlinelocal();
 
 #endif // V8TEST_H
 
-- 
cgit v1.2.1


From ca1ac7634f00b845ded92b5fabfa0d1c53197b01 Mon Sep 17 00:00:00 2001
From: Peter Varga <pvarga@inf.u-szeged.hu>
Date: Tue, 25 Jun 2013 15:53:03 +0200
Subject: [V8] Fix stack alignment corruption for MinGW32 build

BUG: https://bugreports.qt-project.org/browse/QTBUG-31396

Change-Id: If9b236f24ed82f4b6b19a2af938b422c68e5eab8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
(cherry picked from commit 91f936a862644c7ca7a1762ad05cc91d263b808e)
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Liang Qi <liang.qi@digia.com>
---
 src/3rdparty/v8/src/platform-win32.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/3rdparty/v8/src/platform-win32.cc b/src/3rdparty/v8/src/platform-win32.cc
index 76e35f5..ae9ab2a 100644
--- a/src/3rdparty/v8/src/platform-win32.cc
+++ b/src/3rdparty/v8/src/platform-win32.cc
@@ -1523,9 +1523,12 @@ double OS::nan_value() {
 int OS::ActivationFrameAlignment() {
 #ifdef _WIN64
   return 16;  // Windows 64-bit ABI requires the stack to be 16-byte aligned.
-#else
-  return 8;  // Floating-point math runs faster with 8-byte alignment.
+#elif defined(__MINGW32__)
+  // With gcc 4.4 the tree vectorization optimizer can generate code
+  // that requires 16 byte alignment such as movdqa on x86.
+  return 16;
 #endif
+  return 8;  // Floating-point math runs faster with 8-byte alignment.
 }
 
 
-- 
cgit v1.2.1