From f4f0daa44d57b93135bbaad3e81b8d199f42938b Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 24 Jul 2012 14:18:47 -0700 Subject: [PATCH] V8: Upgrade to 3.11.10.17 --- deps/v8/build/common.gypi | 11 ++-- deps/v8/src/ast.cc | 1 + deps/v8/src/ic.cc | 3 ++ deps/v8/src/version.cc | 2 +- deps/v8/test/cctest/test-api.cc | 43 +++++++++++++++ .../mjsunit/regress/regress-crbug-125148.js | 52 +++++++++++++++++++ 6 files changed, 108 insertions(+), 4 deletions(-) create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-125148.js diff --git a/deps/v8/build/common.gypi b/deps/v8/build/common.gypi index 1609197876..7f084b8c1d 100644 --- a/deps/v8/build/common.gypi +++ b/deps/v8/build/common.gypi @@ -239,6 +239,7 @@ 'WIN32', ], 'msvs_configuration_attributes': { + 'OutputDirectory': '<(DEPTH)\\build\\$(ConfigurationName)', 'IntermediateDirectory': '$(OutDir)\\obj\\$(ProjectName)', 'CharacterSet': '1', }, @@ -270,7 +271,7 @@ 'target_conditions': [ ['_toolset=="host"', { 'variables': { - 'm32flag': ' /dev/null 2>&1) && echo "-m32" || true)', + 'm32flag': ' /dev/null 2>&1) && echo -n "-m32" || true)', }, 'cflags': [ '<(m32flag)' ], 'ldflags': [ '<(m32flag)' ], @@ -280,7 +281,7 @@ }], ['_toolset=="target"', { 'variables': { - 'm32flag': ' /dev/null 2>&1) && echo "-m32" || true)', + 'm32flag': ' /dev/null 2>&1) && echo -n "-m32" || true)', }, 'cflags': [ '<(m32flag)' ], 'ldflags': [ '<(m32flag)' ], @@ -323,7 +324,7 @@ }, 'conditions': [ ['OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="netbsd"', { - 'cflags': [ '-Wno-unused-parameter', + 'cflags': [ '-Wall', '<(werror)', '-W', '-Wno-unused-parameter', '-Wnon-virtual-dtor', '-Woverloaded-virtual' ], }], ], @@ -332,6 +333,10 @@ 'conditions': [ ['OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="netbsd" \ or OS=="android"', { + 'cflags!': [ + '-O2', + '-Os', + ], 'cflags': [ '-fdata-sections', '-ffunction-sections', diff --git a/deps/v8/src/ast.cc b/deps/v8/src/ast.cc index 0970253c29..9523a34358 100644 --- a/deps/v8/src/ast.cc +++ b/deps/v8/src/ast.cc @@ -524,6 +524,7 @@ bool Call::ComputeTarget(Handle type, Handle name) { if (!type->prototype()->IsJSObject()) return false; // Go up the prototype chain, recording where we are currently. holder_ = Handle(JSObject::cast(type->prototype())); + if (!holder_->HasFastProperties()) return false; type = Handle(holder()->map()); } } diff --git a/deps/v8/src/ic.cc b/deps/v8/src/ic.cc index 47a72b4956..0ad0670c36 100644 --- a/deps/v8/src/ic.cc +++ b/deps/v8/src/ic.cc @@ -992,6 +992,7 @@ void LoadIC::UpdateCaches(LookupResult* lookup, if (callback->IsAccessorInfo()) { Handle info = Handle::cast(callback); if (v8::ToCData
(info->getter()) == 0) return; + if (!receiver->HasFastProperties()) return; if (!info->IsCompatibleReceiver(*receiver)) return; code = isolate()->stub_cache()->ComputeLoadCallback( name, receiver, holder, info); @@ -1268,6 +1269,7 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup, Handle callback = Handle::cast(callback_object); if (v8::ToCData
(callback->getter()) == 0) return; + if (!receiver->HasFastProperties()) return; if (!callback->IsCompatibleReceiver(*receiver)) return; code = isolate()->stub_cache()->ComputeKeyedLoadCallback( name, receiver, holder, callback); @@ -1487,6 +1489,7 @@ void StoreIC::UpdateCaches(LookupResult* lookup, if (callback->IsAccessorInfo()) { Handle info = Handle::cast(callback); if (v8::ToCData
(info->setter()) == 0) return; + if (!receiver->HasFastProperties()) return; ASSERT(info->IsCompatibleReceiver(*receiver)); code = isolate()->stub_cache()->ComputeStoreCallback( name, receiver, info, strict_mode); diff --git a/deps/v8/src/version.cc b/deps/v8/src/version.cc index 2243106e76..75abe57148 100644 --- a/deps/v8/src/version.cc +++ b/deps/v8/src/version.cc @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 11 #define BUILD_NUMBER 10 -#define PATCH_LEVEL 15 +#define PATCH_LEVEL 17 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 diff --git a/deps/v8/test/cctest/test-api.cc b/deps/v8/test/cctest/test-api.cc index ed31f6ffae..233cbabd15 100644 --- a/deps/v8/test/cctest/test-api.cc +++ b/deps/v8/test/cctest/test-api.cc @@ -16811,3 +16811,46 @@ TEST(TryFinallyMessage) { CHECK_EQ(6, message->GetLineNumber()); } } + + +THREADED_TEST(Regress137002a) { + i::FLAG_allow_natives_syntax = true; + v8::HandleScope scope; + LocalContext context; + Local templ = ObjectTemplate::New(); + templ->SetAccessor(v8_str("foo"), + GetterWhichReturns42, + SetterWhichSetsYOnThisTo23); + context->Global()->Set(v8_str("obj"), templ->NewInstance()); + + // Turn monomorphic on slow object with native accessor, then turn + // polymorphic, finally optimize to create negative lookup and fail. + CompileRun("function f(x) { return x.foo; }" + "%OptimizeObjectForAddingMultipleProperties(obj, 1);" + "obj.__proto__ = null;" + "f(obj); f(obj); f({});" + "%OptimizeFunctionOnNextCall(f);" + "var result = f(obj);"); + CHECK_EQ(42, context->Global()->Get(v8_str("result"))->Int32Value()); +} + + +THREADED_TEST(Regress137002b) { + i::FLAG_allow_natives_syntax = true; + v8::HandleScope scope; + LocalContext context; + Local templ = ObjectTemplate::New(); + templ->SetAccessor(v8_str("foo"), + GetterWhichReturns42, + SetterWhichSetsYOnThisTo23); + context->Global()->Set(v8_str("obj"), templ->NewInstance()); + + // Turn monomorphic on slow object with native accessor, then just + // delete the property and fail. + CompileRun("function f(x) { return x.foo; }" + "%OptimizeObjectForAddingMultipleProperties(obj, 1);" + "obj.__proto__ = null;" + "f(obj); f(obj); delete obj.foo;" + "var result = f(obj);"); + CHECK(context->Global()->Get(v8_str("result"))->IsUndefined()); +} diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-125148.js b/deps/v8/test/mjsunit/regress/regress-crbug-125148.js new file mode 100644 index 0000000000..025f9a5a4b --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-125148.js @@ -0,0 +1,52 @@ +// Copyright 2012 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Flags: --allow-natives-syntax + +var A = { + foo: function() { assertUnreachable(); } +} + +var B = { + b: 2, + foo: function() { return 1; } +} +B.__proto__ = A; + +var C = {}; +C.__proto__ = B; + +function bar(x) { + return x.foo(); +} + +for (var i = 0; i < 3; i++) { + assertEquals(1, bar(C)); +} +%OptimizeObjectForAddingMultipleProperties(B, 100); // Force dictionary mode. +%OptimizeFunctionOnNextCall(bar); +assertEquals(1, bar(C));