Revision: 18684
Author: [email protected]
Date: Mon Jan 20 09:56:42 2014 UTC
Log: Merge missing r18658 from bleeding_edge and add missing files.
BUG=
[email protected]
Review URL: https://codereview.chromium.org/138843005
http://code.google.com/p/v8/source/detail?r=18684
Added:
/branches/experimental/parser/test/cctest/print-extension.cc
/branches/experimental/parser/test/cctest/print-extension.h
/branches/experimental/parser/test/cctest/trace-extension.cc
/branches/experimental/parser/test/cctest/trace-extension.h
/branches/experimental/parser/test/mjsunit/arguments-apply-deopt.js
/branches/experimental/parser/test/mjsunit/regress/regress-2758.js
/branches/experimental/parser/test/mjsunit/regress/regress-crbug-315252.js
/branches/experimental/parser/test/mjsunit/regress/regress-is-contextual.js
Modified:
/branches/experimental/parser/src/arm/stub-cache-arm.cc
/branches/experimental/parser/src/ia32/stub-cache-ia32.cc
/branches/experimental/parser/src/mips/stub-cache-mips.cc
/branches/experimental/parser/src/stub-cache.cc
/branches/experimental/parser/src/x64/stub-cache-x64.cc
/branches/experimental/parser/test/cctest/test-api.cc
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/cctest/print-extension.cc Mon Jan 20
09:56:42 2014 UTC
@@ -0,0 +1,51 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "print-extension.h"
+
+namespace v8 {
+namespace internal {
+
+v8::Handle<v8::FunctionTemplate> PrintExtension::GetNativeFunctionTemplate(
+ v8::Isolate* isolate,
+ v8::Handle<v8::String> str) {
+ return v8::FunctionTemplate::New(isolate, PrintExtension::Print);
+}
+
+
+void PrintExtension::Print(const v8::FunctionCallbackInfo<v8::Value>&
args) {
+ for (int i = 0; i < args.Length(); i++) {
+ if (i != 0) printf(" ");
+ v8::HandleScope scope(args.GetIsolate());
+ v8::String::Utf8Value str(args[i]);
+ if (*str == NULL) return;
+ printf("%s", *str);
+ }
+ printf("\n");
+}
+
+} } // namespace v8::internal
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/cctest/print-extension.h Mon Jan 20
09:56:42 2014 UTC
@@ -0,0 +1,47 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef V8_TEST_CCTEST_PRINT_EXTENSION_H_
+#define V8_TEST_CCTEST_PRINT_EXTENSION_H_
+
+#include "v8.h"
+
+namespace v8 {
+namespace internal {
+
+class PrintExtension : public v8::Extension {
+ public:
+ PrintExtension() : v8::Extension("v8/print", "native function print();")
{ }
+ virtual v8::Handle<v8::FunctionTemplate> GetNativeFunctionTemplate(
+ v8::Isolate* isolate,
+ v8::Handle<v8::String> name);
+ static void Print(const v8::FunctionCallbackInfo<v8::Value>& args);
+};
+
+} } // namespace v8::internal
+
+#endif
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/cctest/trace-extension.cc Mon Jan 20
09:56:42 2014 UTC
@@ -0,0 +1,142 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "trace-extension.h"
+
+#include "cctest.h"
+#include "sampler.h"
+
+namespace v8 {
+namespace internal {
+
+const char* TraceExtension::kSource =
+ "native function trace();"
+ "native function js_trace();"
+ "native function js_entry_sp();"
+ "native function js_entry_sp_level2();";
+
+
+v8::Handle<v8::FunctionTemplate> TraceExtension::GetNativeFunctionTemplate(
+ v8::Isolate* isolate, v8::Handle<v8::String> name) {
+ if (name->Equals(v8::String::NewFromUtf8(isolate, "trace"))) {
+ return v8::FunctionTemplate::New(isolate, TraceExtension::Trace);
+ } else if (name->Equals(v8::String::NewFromUtf8(isolate, "js_trace"))) {
+ return v8::FunctionTemplate::New(isolate, TraceExtension::JSTrace);
+ } else if
(name->Equals(v8::String::NewFromUtf8(isolate, "js_entry_sp"))) {
+ return v8::FunctionTemplate::New(isolate, TraceExtension::JSEntrySP);
+ } else if (name->Equals(v8::String::NewFromUtf8(isolate,
+ "js_entry_sp_level2"))) {
+ return v8::FunctionTemplate::New(isolate,
TraceExtension::JSEntrySPLevel2);
+ } else {
+ CHECK(false);
+ return v8::Handle<v8::FunctionTemplate>();
+ }
+}
+
+
+Address TraceExtension::GetFP(const v8::FunctionCallbackInfo<v8::Value>&
args) {
+ // Convert frame pointer from encoding as smis in the arguments to a
pointer.
+ CHECK_EQ(2, args.Length()); // Ignore second argument on 32-bit
platform.
+#if defined(V8_HOST_ARCH_32_BIT)
+ Address fp = *reinterpret_cast<Address*>(*args[0]);
+#elif defined(V8_HOST_ARCH_64_BIT)
+ int64_t low_bits = *reinterpret_cast<uint64_t*>(*args[0]) >> 32;
+ int64_t high_bits = *reinterpret_cast<uint64_t*>(*args[1]);
+ Address fp = reinterpret_cast<Address>(high_bits | low_bits);
+#else
+#error Host architecture is neither 32-bit nor 64-bit.
+#endif
+ printf("Trace: %p\n", fp);
+ return fp;
+}
+
+
+static struct {
+ TickSample* sample;
+} trace_env = { NULL };
+
+
+void TraceExtension::InitTraceEnv(TickSample* sample) {
+ trace_env.sample = sample;
+}
+
+
+void TraceExtension::DoTrace(Address fp) {
+ RegisterState regs;
+ regs.fp = fp;
+ // sp is only used to define stack high bound
+ regs.sp =
+ reinterpret_cast<Address>(trace_env.sample) - 10240;
+ trace_env.sample->Init(CcTest::i_isolate(), regs);
+}
+
+
+void TraceExtension::Trace(const v8::FunctionCallbackInfo<v8::Value>&
args) {
+ DoTrace(GetFP(args));
+}
+
+
+// Hide c_entry_fp to emulate situation when sampling is done while
+// pure JS code is being executed
+static void DoTraceHideCEntryFPAddress(Address fp) {
+ v8::internal::Address saved_c_frame_fp =
+ *(CcTest::i_isolate()->c_entry_fp_address());
+ CHECK(saved_c_frame_fp);
+ *(CcTest::i_isolate()->c_entry_fp_address()) = 0;
+ i::TraceExtension::DoTrace(fp);
+ *(CcTest::i_isolate()->c_entry_fp_address()) = saved_c_frame_fp;
+}
+
+
+void TraceExtension::JSTrace(const v8::FunctionCallbackInfo<v8::Value>&
args) {
+ DoTraceHideCEntryFPAddress(GetFP(args));
+}
+
+
+Address TraceExtension::GetJsEntrySp() {
+ CHECK_NE(NULL, CcTest::i_isolate()->thread_local_top());
+ return CcTest::i_isolate()->js_entry_sp();
+}
+
+
+void TraceExtension::JSEntrySP(
+ const v8::FunctionCallbackInfo<v8::Value>& args) {
+ CHECK_NE(0, GetJsEntrySp());
+}
+
+
+void TraceExtension::JSEntrySPLevel2(
+ const v8::FunctionCallbackInfo<v8::Value>& args) {
+ v8::HandleScope scope(args.GetIsolate());
+ const Address js_entry_sp = GetJsEntrySp();
+ CHECK_NE(0, js_entry_sp);
+ CompileRun("js_entry_sp();");
+ CHECK_EQ(js_entry_sp, GetJsEntrySp());
+}
+
+
+} } // namespace v8::internal
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/cctest/trace-extension.h Mon Jan 20
09:56:42 2014 UTC
@@ -0,0 +1,56 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef V8_TEST_CCTEST_TRACE_EXTENSION_H_
+#define V8_TEST_CCTEST_TRACE_EXTENSION_H_
+
+#include "v8.h"
+
+namespace v8 {
+namespace internal {
+
+class TraceExtension : public v8::Extension {
+ public:
+ TraceExtension() : v8::Extension("v8/trace", kSource) { }
+ virtual v8::Handle<v8::FunctionTemplate> GetNativeFunctionTemplate(
+ v8::Isolate* isolate,
+ v8::Handle<v8::String> name);
+ static void Trace(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void JSTrace(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void JSEntrySP(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void JSEntrySPLevel2(const v8::FunctionCallbackInfo<v8::Value>&
args);
+ static Address GetJsEntrySp();
+ static void InitTraceEnv(TickSample* sample);
+ static void DoTrace(Address fp);
+ private:
+ static Address GetFP(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static const char* kSource;
+};
+
+} } // namespace v8::internal
+
+#endif
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/mjsunit/arguments-apply-deopt.js Mon
Jan 20 09:56:42 2014 UTC
@@ -0,0 +1,77 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+(function ApplyArgumentsDeoptInReceiverMapCheck() {
+ function invoker(h, r) {
+ return function XXXXX() {
+ var res = h.apply({ fffffff : r(this) }, arguments);
+ return res;
+ };
+ }
+
+ var y = invoker(m, selfOf);
+
+ function selfOf(c) {
+ var sssss = c.self_;
+ return sssss;
+ }
+
+ function m() {
+ return this.fffffff;
+ }
+
+ y.apply({ self_ : 3 });
+ y.apply({ self_ : 3 });
+ y.apply({ self_ : 3 });
+
+ %OptimizeFunctionOnNextCall(y);
+
+ assertEquals(y.apply({ self_ : 3, uuu : 4 }), 3);
+})();
+
+(function ApplyArgumentsDeoptInReceiverExplicit() {
+ function f() { return this + 21; }
+
+ function deopt() {
+ %DeoptimizeFunction(XXXXX);
+ return 21;
+ }
+
+ function XXXXX() {
+ return f.apply(deopt(), arguments);
+ };
+
+ XXXXX();
+ XXXXX();
+ XXXXX();
+
+ %OptimizeFunctionOnNextCall(XXXXX);
+
+ assertEquals(42, XXXXX());
+})();
=======================================
--- /dev/null
+++ /branches/experimental/parser/test/mjsunit/regress/regress-2758.js Mon
Jan 20 09:56:42 2014 UTC
@@ -0,0 +1,49 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+var functions = [
+ function() { var f = [].concat; f() },
+ function() { var f = [].push; f() },
+ function() { var f = [].shift; f() },
+ function() { (0, [].concat)() },
+ function() { (0, [].push)() },
+ function() { (0, [].shift)() }
+]
+
+for (var i = 0; i < 5; ++i) {
+ for (var j in functions) {
+ print(functions[i])
+ assertThrows(functions[j], TypeError)
+ }
+
+ if (i === 3) {
+ for (var j in functions)
+ %OptimizeFunctionOnNextCall(functions[j]);
+ }
+}
=======================================
--- /dev/null
+++
/branches/experimental/parser/test/mjsunit/regress/regress-crbug-315252.js
Mon Jan 20 09:56:42 2014 UTC
@@ -0,0 +1,61 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+function f(a, b, c) {
+ this.a = a;
+ this.b = b;
+ this.c = c;
+}
+var o3 = new f(1, 2, 3.5);
+var o4 = new f(1, 2.5, 3);
+var o1 = new f(1.5, 2, 3);
+var o2 = new f(1.5, 2, 3);
+function migrate(o) {
+ return o.a;
+}
+// Use migrate to stabilize o1, o2 and o4 in [double, double, smi].
+migrate(o4);
+migrate(o1);
+migrate(o2);
+function store_transition(o) {
+ o.d = 1;
+}
+// Optimize "store_transition" to transition from [double, double, smi] to
+// [double, double, smi, smi]. This adds a dependency on the
+// [double, double, smi] map.
+store_transition(o4);
+store_transition(o1);
+store_transition(o2);
+%OptimizeFunctionOnNextCall(store_transition);
+// Pass in a deprecated object of format [smi, smi, double]. This will
migrate
+// the instance, forcing a merge with [double, double, smi], ending up with
+// [double, double, double], which deprecates [double, double, smi] and
+// deoptimizes all dependencies of [double, double, smi], including
+// store_transition itself.
+store_transition(o3);
=======================================
--- /dev/null
+++
/branches/experimental/parser/test/mjsunit/regress/regress-is-contextual.js
Mon Jan 20 09:56:42 2014 UTC
@@ -0,0 +1,41 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// CallIC accumulates feedback that string index is out of bounds, then
+// misses
+function foo(index) {
+ return text.charAt(index);
+}
+
+var text = "hi there";
+foo(0);
+foo(0);
+foo(100); // Accumulate feedback that index is out of bounds.
+text = false;
+
+// This line ASSERTS in debug without fix.
+assertThrows(function () { foo(); }, TypeError);
=======================================
--- /branches/experimental/parser/src/arm/stub-cache-arm.cc Mon Jan 20
09:40:41 2014 UTC
+++ /branches/experimental/parser/src/arm/stub-cache-arm.cc Mon Jan 20
09:56:42 2014 UTC
@@ -2130,13 +2130,14 @@
Handle<JSObject> holder,
Handle<Name> name,
Handle<ExecutableAccessorInfo> callback) {
- HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
- receiver(), holder, name);
+ Register holder_reg = HandlerFrontend(
+ IC::CurrentTypeOf(object, isolate()), receiver(), holder, name);
// Stub never generated for non-global objects that require access
checks.
ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
__ push(receiver()); // receiver
+ __ push(holder_reg);
__ mov(ip, Operand(callback)); // callback info
__ push(ip);
__ mov(ip, Operand(name));
@@ -2145,7 +2146,7 @@
// Do tail-call to the runtime system.
ExternalReference store_callback_property =
ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
- __ TailCallExternalReference(store_callback_property, 4, 1);
+ __ TailCallExternalReference(store_callback_property, 5, 1);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
=======================================
--- /branches/experimental/parser/src/ia32/stub-cache-ia32.cc Mon Jan 20
09:40:41 2014 UTC
+++ /branches/experimental/parser/src/ia32/stub-cache-ia32.cc Mon Jan 20
09:56:42 2014 UTC
@@ -2220,11 +2220,12 @@
Handle<JSObject> holder,
Handle<Name> name,
Handle<ExecutableAccessorInfo> callback) {
- HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
- receiver(), holder, name);
+ Register holder_reg = HandlerFrontend(
+ IC::CurrentTypeOf(object, isolate()), receiver(), holder, name);
__ pop(scratch1()); // remove the return address
__ push(receiver());
+ __ push(holder_reg);
__ Push(callback);
__ Push(name);
__ push(value());
@@ -2233,7 +2234,7 @@
// Do tail-call to the runtime system.
ExternalReference store_callback_property =
ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
- __ TailCallExternalReference(store_callback_property, 4, 1);
+ __ TailCallExternalReference(store_callback_property, 5, 1);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
=======================================
--- /branches/experimental/parser/src/mips/stub-cache-mips.cc Mon Jan 20
09:40:41 2014 UTC
+++ /branches/experimental/parser/src/mips/stub-cache-mips.cc Mon Jan 20
09:56:42 2014 UTC
@@ -2113,14 +2113,15 @@
Handle<JSObject> holder,
Handle<Name> name,
Handle<ExecutableAccessorInfo> callback) {
- HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
- receiver(), holder, name);
+ Register holder_reg = HandlerFrontend(
+ IC::CurrentTypeOf(object, isolate()), receiver(), holder, name);
// Stub never generated for non-global objects that require access
// checks.
ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
__ push(receiver()); // Receiver.
+ __ push(holder_reg);
__ li(at, Operand(callback)); // Callback info.
__ push(at);
__ li(at, Operand(name));
@@ -2129,7 +2130,7 @@
// Do tail-call to the runtime system.
ExternalReference store_callback_property =
ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
- __ TailCallExternalReference(store_callback_property, 4, 1);
+ __ TailCallExternalReference(store_callback_property, 5, 1);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
=======================================
--- /branches/experimental/parser/src/stub-cache.cc Mon Jan 20 09:40:41
2014 UTC
+++ /branches/experimental/parser/src/stub-cache.cc Mon Jan 20 09:56:42
2014 UTC
@@ -802,24 +802,25 @@
RUNTIME_FUNCTION(MaybeObject*, StoreCallbackProperty) {
- JSObject* recv = JSObject::cast(args[0]);
- ExecutableAccessorInfo* callback = ExecutableAccessorInfo::cast(args[1]);
+ JSObject* receiver = JSObject::cast(args[0]);
+ JSObject* holder = JSObject::cast(args[1]);
+ ExecutableAccessorInfo* callback = ExecutableAccessorInfo::cast(args[2]);
Address setter_address = v8::ToCData<Address>(callback->setter());
v8::AccessorSetterCallback fun =
FUNCTION_CAST<v8::AccessorSetterCallback>(setter_address);
ASSERT(fun != NULL);
- ASSERT(callback->IsCompatibleReceiver(recv));
- Handle<Name> name = args.at<Name>(2);
- Handle<Object> value = args.at<Object>(3);
+ ASSERT(callback->IsCompatibleReceiver(receiver));
+ Handle<Name> name = args.at<Name>(3);
+ Handle<Object> value = args.at<Object>(4);
HandleScope scope(isolate);
// TODO(rossberg): Support symbols in the API.
if (name->IsSymbol()) return *value;
Handle<String> str = Handle<String>::cast(name);
- LOG(isolate, ApiNamedPropertyAccess("store", recv, *name));
+ LOG(isolate, ApiNamedPropertyAccess("store", receiver, *name));
PropertyCallbackArguments
- custom_args(isolate, callback->data(), recv, recv);
+ custom_args(isolate, callback->data(), receiver, holder);
custom_args.Call(fun, v8::Utils::ToLocal(str),
v8::Utils::ToLocal(value));
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return *value;
=======================================
--- /branches/experimental/parser/src/x64/stub-cache-x64.cc Mon Jan 20
09:40:41 2014 UTC
+++ /branches/experimental/parser/src/x64/stub-cache-x64.cc Mon Jan 20
09:56:42 2014 UTC
@@ -2139,11 +2139,12 @@
Handle<JSObject> holder,
Handle<Name> name,
Handle<ExecutableAccessorInfo> callback) {
- HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
- receiver(), holder, name);
+ Register holder_reg = HandlerFrontend(
+ IC::CurrentTypeOf(object, isolate()), receiver(), holder, name);
__ PopReturnAddressTo(scratch1());
__ push(receiver());
+ __ push(holder_reg);
__ Push(callback); // callback info
__ Push(name);
__ push(value());
@@ -2152,7 +2153,7 @@
// Do tail-call to the runtime system.
ExternalReference store_callback_property =
ExternalReference(IC_Utility(IC::kStoreCallbackProperty), isolate());
- __ TailCallExternalReference(store_callback_property, 4, 1);
+ __ TailCallExternalReference(store_callback_property, 5, 1);
// Return the generated code.
return GetCode(kind(), Code::FAST, name);
=======================================
--- /branches/experimental/parser/test/cctest/test-api.cc Fri Jan 17
11:13:31 2014 UTC
+++ /branches/experimental/parser/test/cctest/test-api.cc Mon Jan 20
09:56:42 2014 UTC
@@ -21735,3 +21735,27 @@
}
}
}
+
+
+static void SetterWhichExpectsThisAndHolderToDiffer(
+ Local<String>, Local<Value>, const v8::PropertyCallbackInfo<void>&
info) {
+ CHECK(info.Holder() != info.This());
+}
+
+
+TEST(Regress239669) {
+ LocalContext context;
+ v8::Isolate* isolate = context->GetIsolate();
+ v8::HandleScope scope(isolate);
+ Local<ObjectTemplate> templ = ObjectTemplate::New(isolate);
+ templ->SetAccessor(v8_str("x"), 0,
SetterWhichExpectsThisAndHolderToDiffer);
+ context->Global()->Set(v8_str("P"), templ->NewInstance());
+ CompileRun(
+ "function C1() {"
+ " this.x = 23;"
+ "};"
+ "C1.prototype = P;"
+ "for (var i = 0; i < 4; i++ ) {"
+ " new C1();"
+ "}");
+}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
