Browse Source

V8: Upgrade to 3.14.5.8

v0.9.12-release
isaacs 12 years ago
parent
commit
81c278d58d
  1. 1
      deps/v8/AUTHORS
  2. 11
      deps/v8/build/common.gypi
  3. 6
      deps/v8/include/v8.h
  4. 11
      deps/v8/src/api.cc
  5. 7
      deps/v8/src/arm/stub-cache-arm.cc
  6. 6
      deps/v8/src/contexts.h
  7. 7
      deps/v8/src/hydrogen-instructions.cc
  8. 3
      deps/v8/src/hydrogen-instructions.h
  9. 5
      deps/v8/src/hydrogen.cc
  10. 2
      deps/v8/src/ia32/code-stubs-ia32.cc
  11. 14
      deps/v8/src/ia32/stub-cache-ia32.cc
  12. 81
      deps/v8/src/json-parser.h
  13. 4
      deps/v8/src/lithium.h
  14. 10
      deps/v8/src/messages.cc
  15. 2
      deps/v8/src/mips/lithium-codegen-mips.cc
  16. 9
      deps/v8/src/mips/stub-cache-mips.cc
  17. 36
      deps/v8/src/objects-inl.h
  18. 56
      deps/v8/src/objects.cc
  19. 2
      deps/v8/src/objects.h
  20. 14
      deps/v8/src/parser.cc
  21. 17
      deps/v8/src/platform-posix.cc
  22. 4
      deps/v8/src/preparser.h
  23. 11
      deps/v8/src/scopes.cc
  24. 2
      deps/v8/src/v8utils.h
  25. 2
      deps/v8/src/version.cc
  26. 2
      deps/v8/src/x64/code-stubs-x64.cc
  27. 14
      deps/v8/src/x64/stub-cache-x64.cc
  28. 3
      deps/v8/test/cctest/test-api.cc
  29. 40
      deps/v8/test/mjsunit/regress/regress-2315.js
  30. 50
      deps/v8/test/mjsunit/regress/regress-2489.js
  31. 40
      deps/v8/test/mjsunit/regress/regress-492.js
  32. 14
      deps/v8/test/mjsunit/regress/regress-crbug-135066.js
  33. 54
      deps/v8/test/mjsunit/regress/regress-crbug-157019.js
  34. 38
      deps/v8/test/mjsunit/regress/regress-crbug-157520.js
  35. 38
      deps/v8/test/mjsunit/regress/regress-crbug-158185.js
  36. 15
      deps/v8/tools/gen-postmortem-metadata.py
  37. 2
      deps/v8/tools/run-tests.py

1
deps/v8/AUTHORS

@ -20,6 +20,7 @@ Burcu Dogan <burcujdogan@gmail.com>
Craig Schlenter <craig.schlenter@gmail.com> Craig Schlenter <craig.schlenter@gmail.com>
Daniel Andersson <kodandersson@gmail.com> Daniel Andersson <kodandersson@gmail.com>
Daniel James <dnljms@gmail.com> Daniel James <dnljms@gmail.com>
Derek J Conrod <dconrod@codeaurora.org>
Dineel D Sule <dsule@codeaurora.org> Dineel D Sule <dsule@codeaurora.org>
Erich Ocean <erich.ocean@me.com> Erich Ocean <erich.ocean@me.com>
Fedor Indutny <fedor@indutny.com> Fedor Indutny <fedor@indutny.com>

11
deps/v8/build/common.gypi

@ -157,7 +157,7 @@
[ 'v8_use_arm_eabi_hardfloat=="true"', { [ 'v8_use_arm_eabi_hardfloat=="true"', {
'defines': [ 'defines': [
'USE_EABI_HARDFLOAT=1', 'USE_EABI_HARDFLOAT=1',
'CAN_USE_VFP2_INSTRUCTIONS', 'CAN_USE_VFP3_INSTRUCTIONS',
], ],
'target_conditions': [ 'target_conditions': [
['_toolset=="target"', { ['_toolset=="target"', {
@ -378,6 +378,15 @@
'conditions': [ 'conditions': [
['OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="netbsd" \ ['OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="netbsd" \
or OS=="android"', { or OS=="android"', {
'cflags!': [
'-O2',
'-Os',
],
'cflags': [
'-fdata-sections',
'-ffunction-sections',
'-O3',
],
'conditions': [ 'conditions': [
[ 'gcc_version==44 and clang==0', { [ 'gcc_version==44 and clang==0', {
'cflags': [ 'cflags': [

6
deps/v8/include/v8.h

@ -3102,8 +3102,12 @@ class V8EXPORT V8 {
* *
* The same message listener can be added more than once and in that * The same message listener can be added more than once and in that
* case it will be called more than once for each message. * case it will be called more than once for each message.
*
* If data is specified, it will be passed to the callback when it is called.
* Otherwise, the exception object will be passed to the callback instead.
*/ */
static bool AddMessageListener(MessageCallback that); static bool AddMessageListener(MessageCallback that,
Handle<Value> data = Handle<Value>());
/** /**
* Remove all message listeners from the specified callback function. * Remove all message listeners from the specified callback function.

11
deps/v8/src/api.cc

@ -5270,14 +5270,18 @@ void V8::IgnoreOutOfMemoryException() {
} }
bool V8::AddMessageListener(MessageCallback that) { bool V8::AddMessageListener(MessageCallback that, Handle<Value> data) {
i::Isolate* isolate = i::Isolate::Current(); i::Isolate* isolate = i::Isolate::Current();
EnsureInitializedForIsolate(isolate, "v8::V8::AddMessageListener()"); EnsureInitializedForIsolate(isolate, "v8::V8::AddMessageListener()");
ON_BAILOUT(isolate, "v8::V8::AddMessageListener()", return false); ON_BAILOUT(isolate, "v8::V8::AddMessageListener()", return false);
ENTER_V8(isolate); ENTER_V8(isolate);
i::HandleScope scope(isolate); i::HandleScope scope(isolate);
NeanderArray listeners(isolate->factory()->message_listeners()); NeanderArray listeners(isolate->factory()->message_listeners());
listeners.add(isolate->factory()->NewForeign(FUNCTION_ADDR(that))); NeanderObject obj(2);
obj.set(0, *isolate->factory()->NewForeign(FUNCTION_ADDR(that)));
obj.set(1, data.IsEmpty() ? isolate->heap()->undefined_value()
: *Utils::OpenHandle(*data));
listeners.add(obj.value());
return true; return true;
} }
@ -5292,7 +5296,8 @@ void V8::RemoveMessageListeners(MessageCallback that) {
for (int i = 0; i < listeners.length(); i++) { for (int i = 0; i < listeners.length(); i++) {
if (listeners.get(i)->IsUndefined()) continue; // skip deleted ones if (listeners.get(i)->IsUndefined()) continue; // skip deleted ones
i::Handle<i::Foreign> callback_obj(i::Foreign::cast(listeners.get(i))); NeanderObject listener(i::JSObject::cast(listeners.get(i)));
i::Handle<i::Foreign> callback_obj(i::Foreign::cast(listener.get(0)));
if (callback_obj->foreign_address() == FUNCTION_ADDR(that)) { if (callback_obj->foreign_address() == FUNCTION_ADDR(that)) {
listeners.set(i, isolate->heap()->undefined_value()); listeners.set(i, isolate->heap()->undefined_value());
} }

7
deps/v8/src/arm/stub-cache-arm.cc

@ -3467,7 +3467,13 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
// r1: constructor function // r1: constructor function
// r2: initial map // r2: initial map
// r7: undefined // r7: undefined
ASSERT(function->has_initial_map());
__ ldrb(r3, FieldMemOperand(r2, Map::kInstanceSizeOffset)); __ ldrb(r3, FieldMemOperand(r2, Map::kInstanceSizeOffset));
#ifdef DEBUG
int instance_size = function->initial_map()->instance_size();
__ cmp(r3, Operand(instance_size >> kPointerSizeLog2));
__ Check(eq, "Instance size of initial map changed.");
#endif
__ AllocateInNewSpace(r3, r4, r5, r6, &generic_stub_call, SIZE_IN_WORDS); __ AllocateInNewSpace(r3, r4, r5, r6, &generic_stub_call, SIZE_IN_WORDS);
// Allocated the JSObject, now initialize the fields. Map is set to initial // Allocated the JSObject, now initialize the fields. Map is set to initial
@ -3525,7 +3531,6 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
} }
// Fill the unused in-object property fields with undefined. // Fill the unused in-object property fields with undefined.
ASSERT(function->has_initial_map());
for (int i = shared->this_property_assignments_count(); for (int i = shared->this_property_assignments_count();
i < function->initial_map()->inobject_properties(); i < function->initial_map()->inobject_properties();
i++) { i++) {

6
deps/v8/src/contexts.h

@ -344,9 +344,13 @@ class Context: public FixedArray {
// Compute the native context by traversing the context chain. // Compute the native context by traversing the context chain.
Context* native_context(); Context* native_context();
// Predicates for context types. IsNativeContext is defined on Object // Predicates for context types. IsNativeContext is also defined on Object
// because we frequently have to know if arbitrary objects are natives // because we frequently have to know if arbitrary objects are natives
// contexts. // contexts.
bool IsNativeContext() {
Map* map = this->map();
return map == map->GetHeap()->native_context_map();
}
bool IsFunctionContext() { bool IsFunctionContext() {
Map* map = this->map(); Map* map = this->map();
return map == map->GetHeap()->function_context_map(); return map == map->GetHeap()->function_context_map();

7
deps/v8/src/hydrogen-instructions.cc

@ -725,6 +725,13 @@ void HClassOfTestAndBranch::PrintDataTo(StringStream* stream) {
} }
void HWrapReceiver::PrintDataTo(StringStream* stream) {
receiver()->PrintNameTo(stream);
stream->Add(" ");
function()->PrintNameTo(stream);
}
void HAccessArgumentsAt::PrintDataTo(StringStream* stream) { void HAccessArgumentsAt::PrintDataTo(StringStream* stream) {
arguments()->PrintNameTo(stream); arguments()->PrintNameTo(stream);
stream->Add("["); stream->Add("[");

3
deps/v8/src/hydrogen-instructions.h

@ -2760,6 +2760,8 @@ class HWrapReceiver: public HTemplateInstruction<2> {
virtual HValue* Canonicalize(); virtual HValue* Canonicalize();
virtual void PrintDataTo(StringStream* stream);
DECLARE_CONCRETE_INSTRUCTION(WrapReceiver) DECLARE_CONCRETE_INSTRUCTION(WrapReceiver)
}; };
@ -4805,6 +4807,7 @@ class HStringAdd: public HBinaryOperation {
set_representation(Representation::Tagged()); set_representation(Representation::Tagged());
SetFlag(kUseGVN); SetFlag(kUseGVN);
SetGVNFlag(kDependsOnMaps); SetGVNFlag(kDependsOnMaps);
SetGVNFlag(kChangesNewSpacePromotion);
} }
virtual Representation RequiredInputRepresentation(int index) { virtual Representation RequiredInputRepresentation(int index) {

5
deps/v8/src/hydrogen.cc

@ -7502,7 +7502,10 @@ bool HGraphBuilder::TryCallApply(Call* expr) {
return true; return true;
} else { } else {
// We are inside inlined function and we know exactly what is inside // We are inside inlined function and we know exactly what is inside
// arguments object. // arguments object. But we need to be able to materialize at deopt.
// TODO(mstarzinger): For now we just ensure arguments are pushed
// right after HEnterInlined, but we could be smarter about this.
EnsureArgumentsArePushedForAccess();
HValue* context = environment()->LookupContext(); HValue* context = environment()->LookupContext();
HValue* wrapped_receiver = HValue* wrapped_receiver =

2
deps/v8/src/ia32/code-stubs-ia32.cc

@ -3593,7 +3593,7 @@ void ArgumentsAccessStub::GenerateNewNonStrictFast(MacroAssembler* masm) {
__ bind(&runtime); __ bind(&runtime);
__ pop(eax); // Remove saved parameter count. __ pop(eax); // Remove saved parameter count.
__ mov(Operand(esp, 1 * kPointerSize), ecx); // Patch argument count. __ mov(Operand(esp, 1 * kPointerSize), ecx); // Patch argument count.
__ TailCallRuntime(Runtime::kNewStrictArgumentsFast, 3, 1); __ TailCallRuntime(Runtime::kNewArgumentsFast, 3, 1);
} }

14
deps/v8/src/ia32/stub-cache-ia32.cc

@ -3421,6 +3421,7 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
#endif #endif
// Load the initial map and verify that it is in fact a map. // Load the initial map and verify that it is in fact a map.
// edi: constructor
__ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset)); __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
// Will both indicate a NULL and a Smi. // Will both indicate a NULL and a Smi.
__ JumpIfSmi(ebx, &generic_stub_call); __ JumpIfSmi(ebx, &generic_stub_call);
@ -3429,19 +3430,23 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
#ifdef DEBUG #ifdef DEBUG
// Cannot construct functions this way. // Cannot construct functions this way.
// edi: constructor
// ebx: initial map // ebx: initial map
__ CmpInstanceType(ebx, JS_FUNCTION_TYPE); __ CmpInstanceType(ebx, JS_FUNCTION_TYPE);
__ Assert(not_equal, "Function constructed by construct stub."); __ Check(not_equal, "Function constructed by construct stub.");
#endif #endif
// Now allocate the JSObject on the heap by moving the new space allocation // Now allocate the JSObject on the heap by moving the new space allocation
// top forward. // top forward.
// edi: constructor
// ebx: initial map // ebx: initial map
ASSERT(function->has_initial_map());
int instance_size = function->initial_map()->instance_size();
#ifdef DEBUG
__ movzx_b(ecx, FieldOperand(ebx, Map::kInstanceSizeOffset)); __ movzx_b(ecx, FieldOperand(ebx, Map::kInstanceSizeOffset));
__ shl(ecx, kPointerSizeLog2); __ shl(ecx, kPointerSizeLog2);
__ AllocateInNewSpace(ecx, edx, ecx, no_reg, __ cmp(ecx, Immediate(instance_size));
__ Check(equal, "Instance size of initial map changed.");
#endif
__ AllocateInNewSpace(instance_size, edx, ecx, no_reg,
&generic_stub_call, NO_ALLOCATION_FLAGS); &generic_stub_call, NO_ALLOCATION_FLAGS);
// Allocated the JSObject, now initialize the fields and add the heap tag. // Allocated the JSObject, now initialize the fields and add the heap tag.
@ -3501,7 +3506,6 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
} }
// Fill the unused in-object property fields with undefined. // Fill the unused in-object property fields with undefined.
ASSERT(function->has_initial_map());
for (int i = shared->this_property_assignments_count(); for (int i = shared->this_property_assignments_count();
i < function->initial_map()->inobject_properties(); i < function->initial_map()->inobject_properties();
i++) { i++) {

81
deps/v8/src/json-parser.h

@ -192,8 +192,10 @@ Handle<Object> JsonParser<seq_ascii>::ParseJson(Handle<String> source,
AdvanceSkipWhitespace(); AdvanceSkipWhitespace();
Handle<Object> result = ParseJsonValue(); Handle<Object> result = ParseJsonValue();
if (result.is_null() || c0_ != kEndOfString) { if (result.is_null() || c0_ != kEndOfString) {
// Parse failed. Current character is the unexpected token. // Some exception (for example stack overflow) is already pending.
if (isolate_->has_pending_exception()) return Handle<Object>::null();
// Parse failed. Current character is the unexpected token.
const char* message; const char* message;
Factory* factory = this->factory(); Factory* factory = this->factory();
Handle<JSArray> array; Handle<JSArray> array;
@ -244,6 +246,12 @@ Handle<Object> JsonParser<seq_ascii>::ParseJson(Handle<String> source,
// Parse any JSON value. // Parse any JSON value.
template <bool seq_ascii> template <bool seq_ascii>
Handle<Object> JsonParser<seq_ascii>::ParseJsonValue() { Handle<Object> JsonParser<seq_ascii>::ParseJsonValue() {
StackLimitCheck stack_check(isolate_);
if (stack_check.HasOverflowed()) {
isolate_->StackOverflow();
return Handle<Object>::null();
}
if (c0_ == '"') return ParseJsonString(); if (c0_ == '"') return ParseJsonString();
if ((c0_ >= '0' && c0_ <= '9') || c0_ == '-') return ParseJsonNumber(); if ((c0_ >= '0' && c0_ <= '9') || c0_ == '-') return ParseJsonNumber();
if (c0_ == '{') return ParseJsonObject(); if (c0_ == '{') return ParseJsonObject();
@ -293,45 +301,56 @@ Handle<Object> JsonParser<seq_ascii>::ParseJsonObject() {
Advance(); Advance();
uint32_t index = 0; uint32_t index = 0;
while (c0_ >= '0' && c0_ <= '9') { if (c0_ >= '0' && c0_ <= '9') {
int d = c0_ - '0'; // Maybe an array index, try to parse it.
if (index > 429496729U - ((d > 5) ? 1 : 0)) break; if (c0_ == '0') {
index = (index * 10) + d; // With a leading zero, the string has to be "0" only to be an index.
Advance(); Advance();
} } else {
do {
int d = c0_ - '0';
if (index > 429496729U - ((d > 5) ? 1 : 0)) break;
index = (index * 10) + d;
Advance();
} while (c0_ >= '0' && c0_ <= '9');
}
if (position_ != start_position + 1 && c0_ == '"') { if (c0_ == '"') {
AdvanceSkipWhitespace(); // Successfully parsed index, parse and store element.
AdvanceSkipWhitespace();
if (c0_ != ':') return ReportUnexpectedCharacter(); if (c0_ != ':') return ReportUnexpectedCharacter();
AdvanceSkipWhitespace(); AdvanceSkipWhitespace();
Handle<Object> value = ParseJsonValue(); Handle<Object> value = ParseJsonValue();
if (value.is_null()) return ReportUnexpectedCharacter(); if (value.is_null()) return ReportUnexpectedCharacter();
JSObject::SetOwnElement(json_object, index, value, kNonStrictMode); JSObject::SetOwnElement(json_object, index, value, kNonStrictMode);
} else { continue;
position_ = start_position; }
// Not an index, fallback to the slow path.
}
position_ = start_position;
#ifdef DEBUG #ifdef DEBUG
c0_ = '"'; c0_ = '"';
#endif #endif
Handle<String> key = ParseJsonSymbol(); Handle<String> key = ParseJsonSymbol();
if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter(); if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter();
AdvanceSkipWhitespace(); AdvanceSkipWhitespace();
Handle<Object> value = ParseJsonValue(); Handle<Object> value = ParseJsonValue();
if (value.is_null()) return ReportUnexpectedCharacter(); if (value.is_null()) return ReportUnexpectedCharacter();
if (key->Equals(isolate()->heap()->Proto_symbol())) { if (key->Equals(isolate()->heap()->Proto_symbol())) {
prototype = value; prototype = value;
} else {
if (JSObject::TryTransitionToField(json_object, key)) {
int index = json_object->LastAddedFieldIndex();
json_object->FastPropertyAtPut(index, *value);
} else { } else {
if (JSObject::TryTransitionToField(json_object, key)) { JSObject::SetLocalPropertyIgnoreAttributes(
int index = json_object->LastAddedFieldIndex(); json_object, key, value, NONE);
json_object->FastPropertyAtPut(index, *value);
} else {
JSObject::SetLocalPropertyIgnoreAttributes(
json_object, key, value, NONE);
}
} }
} }
} while (MatchSkipWhiteSpace(',')); } while (MatchSkipWhiteSpace(','));

4
deps/v8/src/lithium.h

@ -156,8 +156,8 @@ class LUnallocated: public LOperand {
}; };
static const int kMaxVirtualRegisters = 1 << kVirtualRegisterWidth; static const int kMaxVirtualRegisters = 1 << kVirtualRegisterWidth;
static const int kMaxFixedIndex = (1 << kFixedIndexWidth) - 1; static const int kMaxFixedIndex = (1 << (kFixedIndexWidth - 1)) - 1;
static const int kMinFixedIndex = -(1 << kFixedIndexWidth); static const int kMinFixedIndex = -(1 << (kFixedIndexWidth - 1));
bool HasAnyPolicy() const { bool HasAnyPolicy() const {
return policy() == ANY; return policy() == ANY;

10
deps/v8/src/messages.cc

@ -130,15 +130,19 @@ void MessageHandler::ReportMessage(Isolate* isolate,
} }
} else { } else {
for (int i = 0; i < global_length; i++) { for (int i = 0; i < global_length; i++) {
HandleScope scope; HandleScope scope(isolate);
if (global_listeners.get(i)->IsUndefined()) continue; if (global_listeners.get(i)->IsUndefined()) continue;
Handle<Foreign> callback_obj(Foreign::cast(global_listeners.get(i))); v8::NeanderObject listener(JSObject::cast(global_listeners.get(i)));
Handle<Foreign> callback_obj(Foreign::cast(listener.get(0)));
v8::MessageCallback callback = v8::MessageCallback callback =
FUNCTION_CAST<v8::MessageCallback>(callback_obj->foreign_address()); FUNCTION_CAST<v8::MessageCallback>(callback_obj->foreign_address());
Handle<Object> callback_data(listener.get(1), isolate);
{ {
// Do not allow exceptions to propagate. // Do not allow exceptions to propagate.
v8::TryCatch try_catch; v8::TryCatch try_catch;
callback(api_message_obj, api_exception_obj); callback(api_message_obj, callback_data->IsUndefined()
? api_exception_obj
: v8::Utils::ToLocal(callback_data));
} }
if (isolate->has_scheduled_exception()) { if (isolate->has_scheduled_exception()) {
isolate->clear_scheduled_exception(); isolate->clear_scheduled_exception();

2
deps/v8/src/mips/lithium-codegen-mips.cc

@ -3938,7 +3938,7 @@ void LCodeGen::DoTransitionElementsKind(LTransitionElementsKind* instr) {
__ Branch(&not_applicable, ne, scratch, Operand(from_map)); __ Branch(&not_applicable, ne, scratch, Operand(from_map));
__ li(new_map_reg, Operand(to_map)); __ li(new_map_reg, Operand(to_map));
if (IsFastSmiElementsKind(from_kind) && IsFastObjectElementsKind(to_kind)) { if (IsSimpleMapChangeTransition(from_kind, to_kind)) {
__ sw(new_map_reg, FieldMemOperand(object_reg, HeapObject::kMapOffset)); __ sw(new_map_reg, FieldMemOperand(object_reg, HeapObject::kMapOffset));
// Write barrier. // Write barrier.
__ RecordWriteField(object_reg, HeapObject::kMapOffset, new_map_reg, __ RecordWriteField(object_reg, HeapObject::kMapOffset, new_map_reg,

9
deps/v8/src/mips/stub-cache-mips.cc

@ -3453,7 +3453,7 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
// t7: undefined // t7: undefined
__ lbu(a3, FieldMemOperand(a2, Map::kInstanceTypeOffset)); __ lbu(a3, FieldMemOperand(a2, Map::kInstanceTypeOffset));
__ Check(ne, "Function constructed by construct stub.", __ Check(ne, "Function constructed by construct stub.",
a3, Operand(JS_FUNCTION_TYPE)); a3, Operand(JS_FUNCTION_TYPE));
#endif #endif
// Now allocate the JSObject in new space. // Now allocate the JSObject in new space.
@ -3461,7 +3461,13 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
// a1: constructor function // a1: constructor function
// a2: initial map // a2: initial map
// t7: undefined // t7: undefined
ASSERT(function->has_initial_map());
__ lbu(a3, FieldMemOperand(a2, Map::kInstanceSizeOffset)); __ lbu(a3, FieldMemOperand(a2, Map::kInstanceSizeOffset));
#ifdef DEBUG
int instance_size = function->initial_map()->instance_size();
__ Check(eq, "Instance size of initial map changed.",
a3, Operand(instance_size >> kPointerSizeLog2));
#endif
__ AllocateInNewSpace(a3, t4, t5, t6, &generic_stub_call, SIZE_IN_WORDS); __ AllocateInNewSpace(a3, t4, t5, t6, &generic_stub_call, SIZE_IN_WORDS);
// Allocated the JSObject, now initialize the fields. Map is set to initial // Allocated the JSObject, now initialize the fields. Map is set to initial
@ -3524,7 +3530,6 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
} }
// Fill the unused in-object property fields with undefined. // Fill the unused in-object property fields with undefined.
ASSERT(function->has_initial_map());
for (int i = shared->this_property_assignments_count(); for (int i = shared->this_property_assignments_count();
i < function->initial_map()->inobject_properties(); i < function->initial_map()->inobject_properties();
i++) { i++) {

36
deps/v8/src/objects-inl.h

@ -4412,42 +4412,6 @@ void JSFunction::set_initial_map(Map* value) {
} }
MaybeObject* JSFunction::set_initial_map_and_cache_transitions(
Map* initial_map) {
Context* native_context = context()->native_context();
Object* array_function =
native_context->get(Context::ARRAY_FUNCTION_INDEX);
if (array_function->IsJSFunction() &&
this == JSFunction::cast(array_function)) {
// Replace all of the cached initial array maps in the native context with
// the appropriate transitioned elements kind maps.
Heap* heap = GetHeap();
MaybeObject* maybe_maps =
heap->AllocateFixedArrayWithHoles(kElementsKindCount);
FixedArray* maps;
if (!maybe_maps->To(&maps)) return maybe_maps;
Map* current_map = initial_map;
ElementsKind kind = current_map->elements_kind();
ASSERT(kind == GetInitialFastElementsKind());
maps->set(kind, current_map);
for (int i = GetSequenceIndexFromFastElementsKind(kind) + 1;
i < kFastElementsKindCount; ++i) {
Map* new_map;
ElementsKind next_kind = GetFastElementsKindFromSequenceIndex(i);
MaybeObject* maybe_new_map =
current_map->CopyAsElementsKind(next_kind, INSERT_TRANSITION);
if (!maybe_new_map->To(&new_map)) return maybe_new_map;
maps->set(next_kind, new_map);
current_map = new_map;
}
native_context->set_js_array_maps(maps);
}
set_initial_map(initial_map);
return this;
}
bool JSFunction::has_initial_map() { bool JSFunction::has_initial_map() {
return prototype_or_initial_map()->IsMap(); return prototype_or_initial_map()->IsMap();
} }

56
deps/v8/src/objects.cc

@ -7699,6 +7699,35 @@ MaybeObject* JSObject::OptimizeAsPrototype() {
} }
MUST_USE_RESULT static MaybeObject* CacheInitialJSArrayMaps(
Context* native_context, Map* initial_map) {
// Replace all of the cached initial array maps in the native context with
// the appropriate transitioned elements kind maps.
Heap* heap = native_context->GetHeap();
MaybeObject* maybe_maps =
heap->AllocateFixedArrayWithHoles(kElementsKindCount);
FixedArray* maps;
if (!maybe_maps->To(&maps)) return maybe_maps;
Map* current_map = initial_map;
ElementsKind kind = current_map->elements_kind();
ASSERT(kind == GetInitialFastElementsKind());
maps->set(kind, current_map);
for (int i = GetSequenceIndexFromFastElementsKind(kind) + 1;
i < kFastElementsKindCount; ++i) {
Map* new_map;
ElementsKind next_kind = GetFastElementsKindFromSequenceIndex(i);
MaybeObject* maybe_new_map =
current_map->CopyAsElementsKind(next_kind, INSERT_TRANSITION);
if (!maybe_new_map->To(&new_map)) return maybe_new_map;
maps->set(next_kind, new_map);
current_map = new_map;
}
native_context->set_js_array_maps(maps);
return initial_map;
}
MaybeObject* JSFunction::SetInstancePrototype(Object* value) { MaybeObject* JSFunction::SetInstancePrototype(Object* value) {
ASSERT(value->IsJSReceiver()); ASSERT(value->IsJSReceiver());
Heap* heap = GetHeap(); Heap* heap = GetHeap();
@ -7713,14 +7742,29 @@ MaybeObject* JSFunction::SetInstancePrototype(Object* value) {
// Now some logic for the maps of the objects that are created by using this // Now some logic for the maps of the objects that are created by using this
// function as a constructor. // function as a constructor.
if (has_initial_map()) { if (has_initial_map()) {
// If the function has allocated the initial map // If the function has allocated the initial map replace it with a
// replace it with a copy containing the new prototype. // copy containing the new prototype. Also complete any in-object
// slack tracking that is in progress at this point because it is
// still tracking the old copy.
if (shared()->IsInobjectSlackTrackingInProgress()) {
shared()->CompleteInobjectSlackTracking();
}
Map* new_map; Map* new_map;
MaybeObject* maybe_new_map = initial_map()->Copy(); MaybeObject* maybe_object = initial_map()->Copy();
if (!maybe_new_map->To(&new_map)) return maybe_new_map; if (!maybe_object->To(&new_map)) return maybe_object;
new_map->set_prototype(value); new_map->set_prototype(value);
MaybeObject* maybe_object = set_initial_map_and_cache_transitions(new_map);
if (maybe_object->IsFailure()) return maybe_object; // If the function is used as the global Array function, cache the
// initial map (and transitioned versions) in the native context.
Context* native_context = context()->native_context();
Object* array_function = native_context->get(Context::ARRAY_FUNCTION_INDEX);
if (array_function->IsJSFunction() &&
this == JSFunction::cast(array_function)) {
MaybeObject* ok = CacheInitialJSArrayMaps(native_context, new_map);
if (ok->IsFailure()) return ok;
}
set_initial_map(new_map);
} else { } else {
// Put the value in the initial map field until an initial map is // Put the value in the initial map field until an initial map is
// needed. At that point, a new initial map is created and the // needed. At that point, a new initial map is created and the

2
deps/v8/src/objects.h

@ -6111,8 +6111,6 @@ class JSFunction: public JSObject {
// The initial map for an object created by this constructor. // The initial map for an object created by this constructor.
inline Map* initial_map(); inline Map* initial_map();
inline void set_initial_map(Map* value); inline void set_initial_map(Map* value);
MUST_USE_RESULT inline MaybeObject* set_initial_map_and_cache_transitions(
Map* value);
inline bool has_initial_map(); inline bool has_initial_map();
// Get and set the prototype property on a JSFunction. If the // Get and set the prototype property on a JSFunction. If the

14
deps/v8/src/parser.cc

@ -614,11 +614,6 @@ FunctionLiteral* Parser::DoParseProgram(CompilationInfo* info,
ASSERT(target_stack_ == NULL); ASSERT(target_stack_ == NULL);
if (pre_data_ != NULL) pre_data_->Initialize(); if (pre_data_ != NULL) pre_data_->Initialize();
// Compute the parsing mode.
Mode mode = (FLAG_lazy && allow_lazy_) ? PARSE_LAZILY : PARSE_EAGERLY;
if (allow_natives_syntax_ || extension_ != NULL) mode = PARSE_EAGERLY;
ParsingModeScope parsing_mode(this, mode);
Handle<String> no_name = isolate()->factory()->empty_symbol(); Handle<String> no_name = isolate()->factory()->empty_symbol();
FunctionLiteral* result = NULL; FunctionLiteral* result = NULL;
@ -637,6 +632,13 @@ FunctionLiteral* Parser::DoParseProgram(CompilationInfo* info,
scope->set_start_position(0); scope->set_start_position(0);
scope->set_end_position(source->length()); scope->set_end_position(source->length());
// Compute the parsing mode.
Mode mode = (FLAG_lazy && allow_lazy_) ? PARSE_LAZILY : PARSE_EAGERLY;
if (allow_natives_syntax_ || extension_ != NULL || scope->is_eval_scope()) {
mode = PARSE_EAGERLY;
}
ParsingModeScope parsing_mode(this, mode);
FunctionState function_state(this, scope, isolate()); // Enters 'scope'. FunctionState function_state(this, scope, isolate()); // Enters 'scope'.
top_scope_->SetLanguageMode(info->language_mode()); top_scope_->SetLanguageMode(info->language_mode());
ZoneList<Statement*>* body = new(zone()) ZoneList<Statement*>(16, zone()); ZoneList<Statement*>* body = new(zone()) ZoneList<Statement*>(16, zone());
@ -1059,12 +1061,14 @@ void* Parser::ParseSourceElements(ZoneList<Statement*>* processor,
// as specified in ES5 10.4.2(3). The correct fix would be to always // as specified in ES5 10.4.2(3). The correct fix would be to always
// add this scope in DoParseProgram(), but that requires adaptations // add this scope in DoParseProgram(), but that requires adaptations
// all over the code base, so we go with a quick-fix for now. // all over the code base, so we go with a quick-fix for now.
// In the same manner, we have to patch the parsing mode.
if (is_eval && !top_scope_->is_eval_scope()) { if (is_eval && !top_scope_->is_eval_scope()) {
ASSERT(top_scope_->is_global_scope()); ASSERT(top_scope_->is_global_scope());
Scope* scope = NewScope(top_scope_, EVAL_SCOPE); Scope* scope = NewScope(top_scope_, EVAL_SCOPE);
scope->set_start_position(top_scope_->start_position()); scope->set_start_position(top_scope_->start_position());
scope->set_end_position(top_scope_->end_position()); scope->set_end_position(top_scope_->end_position());
top_scope_ = scope; top_scope_ = scope;
mode_ = PARSE_EAGERLY;
} }
// TODO(ES6): Fix entering extended mode, once it is specified. // TODO(ES6): Fix entering extended mode, once it is specified.
top_scope_->SetLanguageMode(FLAG_harmony_scoping top_scope_->SetLanguageMode(FLAG_harmony_scoping

17
deps/v8/src/platform-posix.cc

@ -109,20 +109,11 @@ void* OS::GetRandomMmapAddr() {
raw_addr &= V8_UINT64_C(0x3ffffffff000); raw_addr &= V8_UINT64_C(0x3ffffffff000);
#else #else
uint32_t raw_addr = V8::RandomPrivate(isolate); uint32_t raw_addr = V8::RandomPrivate(isolate);
// The range 0x20000000 - 0x60000000 is relatively unpopulated across a
// For our 32-bit mmap() hint, we pick a random address in the bottom // variety of ASLR modes (PAE kernel, NX compat mode, etc) and on macos
// half of the top half of the address space (that is, the third quarter). // 10.6 and 10.7.
// Because we do not MAP_FIXED, this will be treated only as a hint -- the
// system will not fail to mmap() because something else happens to already
// be mapped at our random address. We deliberately set the hint high enough
// to get well above the system's break (that is, the heap); systems will
// either try the hint and if that fails move higher (MacOS and other BSD
// derivatives) or try the hint and if that fails allocate as if there were
// no hint at all (Linux, Solaris, illumos and derivatives). The high hint
// prevents the break from getting hemmed in at low values, ceding half of
// the address space to the system heap.
raw_addr &= 0x3ffff000; raw_addr &= 0x3ffff000;
raw_addr += 0x80000000; raw_addr += 0x20000000;
#endif #endif
return reinterpret_cast<void*>(raw_addr); return reinterpret_cast<void*>(raw_addr);
} }

4
deps/v8/src/preparser.h

@ -150,11 +150,11 @@ class PreParser {
// Parses a single function literal, from the opening parentheses before // Parses a single function literal, from the opening parentheses before
// parameters to the closing brace after the body. // parameters to the closing brace after the body.
// Returns a FunctionEntry describing the body of the funciton in enough // Returns a FunctionEntry describing the body of the function in enough
// detail that it can be lazily compiled. // detail that it can be lazily compiled.
// The scanner is expected to have matched the "function" keyword and // The scanner is expected to have matched the "function" keyword and
// parameters, and have consumed the initial '{'. // parameters, and have consumed the initial '{'.
// At return, unless an error occured, the scanner is positioned before the // At return, unless an error occurred, the scanner is positioned before the
// the final '}'. // the final '}'.
PreParseResult PreParseLazyFunction(i::LanguageMode mode, PreParseResult PreParseLazyFunction(i::LanguageMode mode,
i::ParserRecorder* log); i::ParserRecorder* log);

11
deps/v8/src/scopes.cc

@ -702,17 +702,12 @@ bool Scope::HasTrivialOuterContext() const {
bool Scope::HasLazyCompilableOuterContext() const { bool Scope::HasLazyCompilableOuterContext() const {
Scope* outer = outer_scope_; Scope* outer = outer_scope_;
if (outer == NULL) return true; if (outer == NULL) return true;
// There are several reasons that prevent lazy compilation: // We have to prevent lazy compilation if this scope is inside a with scope
// - This scope is inside a with scope and all declaration scopes between // and all declaration scopes between them have empty contexts. Such
// them have empty contexts. Such declaration scopes become invisible // declaration scopes may become invisible during scope info deserialization.
// during scope info deserialization.
// - This scope is inside a strict eval scope with variables that are
// potentially context allocated in an artificial function scope that
// is not deserialized correctly.
outer = outer->DeclarationScope(); outer = outer->DeclarationScope();
bool found_non_trivial_declarations = false; bool found_non_trivial_declarations = false;
for (const Scope* scope = outer; scope != NULL; scope = scope->outer_scope_) { for (const Scope* scope = outer; scope != NULL; scope = scope->outer_scope_) {
if (scope->is_eval_scope()) return false;
if (scope->is_with_scope() && !found_non_trivial_declarations) return false; if (scope->is_with_scope() && !found_non_trivial_declarations) return false;
if (scope->is_declaration_scope() && scope->num_heap_slots() > 0) { if (scope->is_declaration_scope() && scope->num_heap_slots() > 0) {
found_non_trivial_declarations = true; found_non_trivial_declarations = true;

2
deps/v8/src/v8utils.h

@ -209,8 +209,6 @@ INLINE(void CopyChars(sinkchar* dest, const sourcechar* src, int chars));
template <typename sourcechar, typename sinkchar> template <typename sourcechar, typename sinkchar>
void CopyChars(sinkchar* dest, const sourcechar* src, int chars) { void CopyChars(sinkchar* dest, const sourcechar* src, int chars) {
ASSERT(chars >= 0);
if (chars == 0) return;
sinkchar* limit = dest + chars; sinkchar* limit = dest + chars;
#ifdef V8_HOST_CAN_READ_UNALIGNED #ifdef V8_HOST_CAN_READ_UNALIGNED
if (sizeof(*dest) == sizeof(*src)) { if (sizeof(*dest) == sizeof(*src)) {

2
deps/v8/src/version.cc

@ -35,7 +35,7 @@
#define MAJOR_VERSION 3 #define MAJOR_VERSION 3
#define MINOR_VERSION 14 #define MINOR_VERSION 14
#define BUILD_NUMBER 5 #define BUILD_NUMBER 5
#define PATCH_LEVEL 0 #define PATCH_LEVEL 8
// Use 1 for candidates and 0 otherwise. // Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.) // (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0 #define IS_CANDIDATE_VERSION 0

2
deps/v8/src/x64/code-stubs-x64.cc

@ -2604,7 +2604,7 @@ void ArgumentsAccessStub::GenerateNewNonStrictFast(MacroAssembler* masm) {
__ bind(&runtime); __ bind(&runtime);
__ Integer32ToSmi(rcx, rcx); __ Integer32ToSmi(rcx, rcx);
__ movq(Operand(rsp, 1 * kPointerSize), rcx); // Patch argument count. __ movq(Operand(rsp, 1 * kPointerSize), rcx); // Patch argument count.
__ TailCallRuntime(Runtime::kNewStrictArgumentsFast, 3, 1); __ TailCallRuntime(Runtime::kNewArgumentsFast, 3, 1);
} }

14
deps/v8/src/x64/stub-cache-x64.cc

@ -3240,6 +3240,7 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
#endif #endif
// Load the initial map and verify that it is in fact a map. // Load the initial map and verify that it is in fact a map.
// rdi: constructor
__ movq(rbx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset)); __ movq(rbx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
// Will both indicate a NULL and a Smi. // Will both indicate a NULL and a Smi.
STATIC_ASSERT(kSmiTag == 0); STATIC_ASSERT(kSmiTag == 0);
@ -3249,18 +3250,22 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
#ifdef DEBUG #ifdef DEBUG
// Cannot construct functions this way. // Cannot construct functions this way.
// rdi: constructor
// rbx: initial map // rbx: initial map
__ CmpInstanceType(rbx, JS_FUNCTION_TYPE); __ CmpInstanceType(rbx, JS_FUNCTION_TYPE);
__ Assert(not_equal, "Function constructed by construct stub."); __ Check(not_equal, "Function constructed by construct stub.");
#endif #endif
// Now allocate the JSObject in new space. // Now allocate the JSObject in new space.
// rdi: constructor
// rbx: initial map // rbx: initial map
ASSERT(function->has_initial_map());
int instance_size = function->initial_map()->instance_size();
#ifdef DEBUG
__ movzxbq(rcx, FieldOperand(rbx, Map::kInstanceSizeOffset)); __ movzxbq(rcx, FieldOperand(rbx, Map::kInstanceSizeOffset));
__ shl(rcx, Immediate(kPointerSizeLog2)); __ shl(rcx, Immediate(kPointerSizeLog2));
__ AllocateInNewSpace(rcx, rdx, rcx, no_reg, __ cmpq(rcx, Immediate(instance_size));
__ Check(equal, "Instance size of initial map changed.");
#endif
__ AllocateInNewSpace(instance_size, rdx, rcx, no_reg,
&generic_stub_call, NO_ALLOCATION_FLAGS); &generic_stub_call, NO_ALLOCATION_FLAGS);
// Allocated the JSObject, now initialize the fields and add the heap tag. // Allocated the JSObject, now initialize the fields and add the heap tag.
@ -3306,7 +3311,6 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
} }
// Fill the unused in-object property fields with undefined. // Fill the unused in-object property fields with undefined.
ASSERT(function->has_initial_map());
for (int i = shared->this_property_assignments_count(); for (int i = shared->this_property_assignments_count();
i < function->initial_map()->inobject_properties(); i < function->initial_map()->inobject_properties();
i++) { i++) {

3
deps/v8/test/cctest/test-api.cc

@ -2457,6 +2457,7 @@ bool message_received;
static void check_message_0(v8::Handle<v8::Message> message, static void check_message_0(v8::Handle<v8::Message> message,
v8::Handle<Value> data) { v8::Handle<Value> data) {
CHECK_EQ(5.76, data->NumberValue());
CHECK_EQ(6.75, message->GetScriptResourceName()->NumberValue()); CHECK_EQ(6.75, message->GetScriptResourceName()->NumberValue());
CHECK_EQ(7.56, message->GetScriptData()->NumberValue()); CHECK_EQ(7.56, message->GetScriptData()->NumberValue());
message_received = true; message_received = true;
@ -2467,7 +2468,7 @@ THREADED_TEST(MessageHandler0) {
message_received = false; message_received = false;
v8::HandleScope scope; v8::HandleScope scope;
CHECK(!message_received); CHECK(!message_received);
v8::V8::AddMessageListener(check_message_0); v8::V8::AddMessageListener(check_message_0, v8_num(5.76));
LocalContext context; LocalContext context;
v8::ScriptOrigin origin = v8::ScriptOrigin origin =
v8::ScriptOrigin(v8_str("6.75")); v8::ScriptOrigin(v8_str("6.75"));

40
deps/v8/test/mjsunit/regress/regress-2315.js

@ -0,0 +1,40 @@
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --allow-natives-syntax
var foo = (function() {
return eval("(function bar() { return 1; })");
})();
foo();
foo();
%OptimizeFunctionOnNextCall(foo);
foo();
// Function should be optimized now.
assertTrue(%GetOptimizationStatus(foo) != 2);

50
deps/v8/test/mjsunit/regress/regress-2489.js

@ -0,0 +1,50 @@
// Copyright 2013 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --allow-natives-syntax
"use strict";
function f(a, b) {
return g("c", "d");
}
function g(a, b) {
g.constructor.apply(this, arguments);
}
g.constructor = function(a, b) {
assertEquals("c", a);
assertEquals("d", b);
}
f("a", "b");
f("a", "b");
%OptimizeFunctionOnNextCall(f);
f("a", "b");
g.x = "deopt";
f("a", "b");

40
deps/v8/test/mjsunit/regress/regress-492.js

@ -29,7 +29,7 @@
// This should not hit any asserts in debug mode on ARM. // This should not hit any asserts in debug mode on ARM.
function function_with_n_args(n) { function function_with_n_args(n) {
var source = '(function f('; var source = '(function f' + n + '(';
for (var arg = 0; arg < n; arg++) { for (var arg = 0; arg < n; arg++) {
if (arg != 0) source += ','; if (arg != 0) source += ',';
source += 'arg' + arg; source += 'arg' + arg;
@ -50,3 +50,41 @@ for (args = 500; args < 520; args++) {
for (args = 1019; args < 1041; args++) { for (args = 1019; args < 1041; args++) {
function_with_n_args(args); function_with_n_args(args);
} }
function foo(
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x,
x, x, x, x, x, x, x, x, x, x, x, x, x, x, x, x
) {}
for (var i = 0; i < 10000; ++i) foo();

14
deps/v8/test/mjsunit/regress/regress-crbug-135066.js

@ -29,25 +29,27 @@
var filler = "//" + new Array(1024).join('x'); var filler = "//" + new Array(1024).join('x');
// Test strict eval in global context. // Test strict eval in global context.
eval( assertEquals(23, eval(
"'use strict';" + "'use strict';" +
"var x = 23;" + "var x = 23;" +
"var f = function bozo1() {" + "var f = function bozo1() {" +
" return x;" + " return x;" +
"};" + "};" +
"assertSame(23, f());" + "assertSame(23, f());" +
"f;" +
filler filler
); )());
// Test default eval in strict context. // Test default eval in strict context.
(function() { assertEquals(42, (function() {
"use strict"; "use strict";
eval( return eval(
"var y = 42;" + "var y = 42;" +
"var g = function bozo2() {" + "var g = function bozo2() {" +
" return y;" + " return y;" +
"};" + "};" +
"assertSame(42, g());" + "assertSame(42, g());" +
"g;" +
filler filler
); )();
})(); })());

54
deps/v8/test/mjsunit/regress/regress-crbug-157019.js

@ -0,0 +1,54 @@
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --allow-natives-syntax --nocrankshaft
function makeConstructor() {
return function() {
this.a = 1;
this.b = 2;
};
}
var c1 = makeConstructor();
var o1 = new c1();
c1.prototype = {};
for (var i = 0; i < 10; i++) {
var o = new c1();
for (var j = 0; j < 8; j++) {
o["x" + j] = 0;
}
}
var c2 = makeConstructor();
var o2 = new c2();
for (var i = 0; i < 50000; i++) {
new c2();
}

38
deps/v8/test/mjsunit/regress/regress-crbug-157520.js

@ -0,0 +1,38 @@
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --nocrankshaft
(function(){
var f = function(arg) {
arg = 2;
return arguments[0];
};
for (var i = 0; i < 50000; i++) {
assertSame(2, f(1));
}
})();

38
deps/v8/test/mjsunit/regress/regress-crbug-158185.js

@ -0,0 +1,38 @@
// Copyright 2012 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
assertEquals("0023456",
Object.keys(JSON.parse('{"0023456": 1}'))[0]);
assertEquals("1234567890123",
Object.keys(JSON.parse('{"1234567890123": 1}'))[0]);
assertEquals("123456789ABCD",
Object.keys(JSON.parse('{"123456789ABCD": 1}'))[0]);
assertEquals("12A",
Object.keys(JSON.parse('{"12A": 1}'))[0]);
assertEquals(1, JSON.parse('{"0":1}')[0]);
assertEquals(undefined, JSON.parse('{"00":1}')[0]);

15
deps/v8/tools/gen-postmortem-metadata.py

@ -76,23 +76,16 @@ consts_misc = [
{ 'name': 'SmiTag', 'value': 'kSmiTag' }, { 'name': 'SmiTag', 'value': 'kSmiTag' },
{ 'name': 'SmiTagMask', 'value': 'kSmiTagMask' }, { 'name': 'SmiTagMask', 'value': 'kSmiTagMask' },
{ 'name': 'SmiValueShift', 'value': 'kSmiTagSize' }, { 'name': 'SmiValueShift', 'value': 'kSmiTagSize' },
{ 'name': 'SmiShiftSize', 'value': 'kSmiShiftSize' },
{ 'name': 'PointerSizeLog2', 'value': 'kPointerSizeLog2' }, { 'name': 'PointerSizeLog2', 'value': 'kPointerSizeLog2' },
{ 'name': 'prop_desc_key', { 'name': 'prop_idx_transitions',
'value': 'DescriptorArray::kDescriptorKey' }, 'value': 'DescriptorArray::kTransitionsIndex' },
{ 'name': 'prop_desc_details',
'value': 'DescriptorArray::kDescriptorDetails' },
{ 'name': 'prop_desc_value',
'value': 'DescriptorArray::kDescriptorValue' },
{ 'name': 'prop_desc_size',
'value': 'DescriptorArray::kDescriptorSize' },
{ 'name': 'prop_idx_first', { 'name': 'prop_idx_first',
'value': 'DescriptorArray::kFirstIndex' }, 'value': 'DescriptorArray::kFirstIndex' },
{ 'name': 'prop_type_field', { 'name': 'prop_type_field',
'value': 'FIELD' }, 'value': 'FIELD' },
{ 'name': 'prop_type_first_phantom', { 'name': 'prop_type_first_phantom',
'value': 'Code::MAP_TRANSITION' }, 'value': 'MAP_TRANSITION' },
{ 'name': 'prop_type_mask', { 'name': 'prop_type_mask',
'value': 'PropertyDetails::TypeField::kMask' }, 'value': 'PropertyDetails::TypeField::kMask' },
@ -114,7 +107,7 @@ extras_accessors = [
'JSObject, elements, Object, kElementsOffset', 'JSObject, elements, Object, kElementsOffset',
'FixedArray, data, uintptr_t, kHeaderSize', 'FixedArray, data, uintptr_t, kHeaderSize',
'Map, instance_attributes, int, kInstanceAttributesOffset', 'Map, instance_attributes, int, kInstanceAttributesOffset',
'Map, transitions, uintptr_t, kTransitionsOrBackPointerOffset', 'Map, instance_descriptors, int, kInstanceDescriptorsOrBitField3Offset',
'Map, inobject_properties, int, kInObjectPropertiesOffset', 'Map, inobject_properties, int, kInObjectPropertiesOffset',
'Map, instance_size, int, kInstanceSizeOffset', 'Map, instance_size, int, kInstanceSizeOffset',
'HeapNumber, value, double, kValueOffset', 'HeapNumber, value, double, kValueOffset',

2
deps/v8/tools/run-tests.py

@ -150,7 +150,7 @@ def ProcessOptions(options):
options.mode = tokens[1] options.mode = tokens[1]
options.mode = options.mode.split(",") options.mode = options.mode.split(",")
for mode in options.mode: for mode in options.mode:
if not mode in ["debug", "release"]: if not mode.lower() in ["debug", "release"]:
print "Unknown mode %s" % mode print "Unknown mode %s" % mode
return False return False
if options.arch in ["auto", "native"]: if options.arch in ["auto", "native"]:

Loading…
Cancel
Save