Reviewers: Michael Starzinger,
Message:
$ git diff svn/tags/3.12.19.12 | wc -l
0
Description:
Revert merges of r12531 and r12562 from 3.12 branch, going back to
3.12.19.12
Fix casting error for receiver of interceptors.
Fix LBoundsCheck on x64 to handle (stack slot + constant) correctly.
BUG=chromium:149912,150729
Please review this at https://codereview.chromium.org/11024005/
SVN Base: https://v8.googlecode.com/svn/branches/3.12
Affected files:
M src/objects.h
M src/objects.cc
M src/version.cc
M src/x64/lithium-codegen-x64.cc
M test/cctest/test-api.cc
D test/mjsunit/regress/regress-crbug-150729.js
Index: test/mjsunit/regress/regress-crbug-150729.js
diff --git a/test/mjsunit/regress/regress-crbug-150729.js
b/test/mjsunit/regress/regress-crbug-150729.js
deleted file mode 100644
index
15aa587d184a1fdc67f0c47bae4137beffb266f2..0000000000000000000000000000000000000000
--- a/test/mjsunit/regress/regress-crbug-150729.js
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2012 the V8 project authors. All rights reserved.
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Flags: --allow-natives-syntax
-
-var t = 0;
-function burn() {
- i = [t, 1];
- var M = [i[0], Math.cos(t) + i[7074959]];
- t += .05;
-}
-for (var j = 0; j < 5; j++) {
- if (j == 2) %OptimizeFunctionOnNextCall(burn);
- burn();
-}
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
d476cfeeff4bcdef751be0186d77a011637dbe90..f45da3d4817f380b616b1acac8b040886e673820
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -650,9 +650,11 @@ MaybeObject* Object::GetProperty(Object* receiver,
receiver, result->GetCallbackObject(), name);
case HANDLER:
return result->proxy()->GetPropertyWithHandler(receiver, name);
- case INTERCEPTOR:
+ case INTERCEPTOR: {
+ JSObject* recvr = JSObject::cast(receiver);
return result->holder()->GetPropertyWithInterceptor(
- receiver, name, attributes);
+ recvr, name, attributes);
+ }
case TRANSITION:
case NONEXISTENT:
UNREACHABLE();
@@ -10237,7 +10239,7 @@ InterceptorInfo* JSObject::GetIndexedInterceptor() {
MaybeObject* JSObject::GetPropertyPostInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes) {
// Check local property in holder, ignore interceptor.
@@ -10255,7 +10257,7 @@ MaybeObject* JSObject::GetPropertyPostInterceptor(
MaybeObject* JSObject::GetLocalPropertyPostInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes) {
// Check local property in holder, ignore interceptor.
@@ -10269,13 +10271,13 @@ MaybeObject*
JSObject::GetLocalPropertyPostInterceptor(
MaybeObject* JSObject::GetPropertyWithInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes) {
Isolate* isolate = GetIsolate();
InterceptorInfo* interceptor = GetNamedInterceptor();
HandleScope scope(isolate);
- Handle<Object> receiver_handle(receiver);
+ Handle<JSReceiver> receiver_handle(receiver);
Handle<JSObject> holder_handle(this);
Handle<String> name_handle(name);
Index: src/objects.h
diff --git a/src/objects.h b/src/objects.h
index
c548f7257dbee3939439fcabd3a26319de2fdb42..40c5e4ecc7b510329c8f059b66fec60a2f425f99
100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -1683,15 +1683,15 @@ class JSObject: public JSReceiver {
String* name,
PropertyAttributes* attributes);
MUST_USE_RESULT MaybeObject* GetPropertyWithInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes);
MUST_USE_RESULT MaybeObject* GetPropertyPostInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes);
MUST_USE_RESULT MaybeObject* GetLocalPropertyPostInterceptor(
- Object* receiver,
+ JSReceiver* receiver,
String* name,
PropertyAttributes* attributes);
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
9db064f7ace5b36120a3862b79084257efb2b6c7..2a1eac344ac4fd66797ea31af77c30c5f29085f6
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 12
#define BUILD_NUMBER 19
-#define PATCH_LEVEL 14
+#define PATCH_LEVEL 12
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: src/x64/lithium-codegen-x64.cc
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index
7afc8e3da36940eaeeb8448bf36549ed0e0bfe18..8dd58a2ae6d26efcfa8245a3da6320b3cb5bacb3
100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -3643,17 +3643,11 @@ void LCodeGen::DoBoundsCheck(LBoundsCheck* instr) {
__ cmpq(reg, reg2);
}
} else {
- Operand length = ToOperand(instr->length());
if (instr->index()->IsConstantOperand()) {
- int constant_index =
- ToInteger32(LConstantOperand::cast(instr->index()));
- if (instr->hydrogen()->length()->representation().IsTagged()) {
- __ Cmp(length, Smi::FromInt(constant_index));
- } else {
- __ cmpq(length, Immediate(constant_index));
- }
+ __ cmpq(ToOperand(instr->length()),
+
Immediate(ToInteger32(LConstantOperand::cast(instr->index()))));
} else {
- __ cmpq(length, ToRegister(instr->index()));
+ __ cmpq(ToOperand(instr->length()), ToRegister(instr->index()));
}
}
DeoptimizeIf(below_equal, instr->environment());
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
3bc393fdb032d0f647371a05b16c3187bc20c682..8419e739477701fed3b1ecfcad1b46ae4b52a2cb
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -17182,13 +17182,3 @@ THREADED_TEST(Regress137496) {
CompileRun("try { throw new Error(); } finally { gc(); }");
CHECK(try_catch.HasCaught());
}
-
-
-THREADED_TEST(Regress149912) {
- v8::HandleScope scope;
- LocalContext context;
- Handle<FunctionTemplate> templ = FunctionTemplate::New();
- AddInterceptor(templ, EmptyInterceptorGetter, EmptyInterceptorSetter);
- context->Global()->Set(v8_str("Bug"), templ->GetFunction());
- CompileRun("Number.prototype.__proto__ = new Bug; var x = 0; x.foo();");
-}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
