Revision: 19696
Author: [email protected]
Date: Thu Mar 6 17:59:13 2014 UTC
Log: Version 3.25.5 (based on bleeding_edge revision r19695)
Fix HConstants with Smi-ranged HeapNumber values (Chromium issue 349878).
Fix issues with JSON stringify replacer array (issues 3200, 3201).
Performance and stability improvements on all platforms.
http://code.google.com/p/v8/source/detail?r=19696
Added:
/trunk/test/mjsunit/regress/regress-349870.js
/trunk/test/mjsunit/regress/regress-349885.js
/trunk/test/mjsunit/regress/regress-crbug-349465.js
/trunk/test/mjsunit/regress/regress-crbug-349853.js
/trunk/test/mjsunit/regress/regress-crbug-349878.js
/trunk/test/mjsunit/regress/regress-force-representation.js
/trunk/test/mjsunit/regress-keyed-store-non-strict-arguments.js
Modified:
/trunk/ChangeLog
/trunk/Makefile
/trunk/src/a64/lithium-codegen-a64.cc
/trunk/src/arm/lithium-codegen-arm.cc
/trunk/src/hydrogen-instructions.cc
/trunk/src/hydrogen-instructions.h
/trunk/src/hydrogen-representation-changes.cc
/trunk/src/hydrogen.cc
/trunk/src/ia32/lithium-codegen-ia32.cc
/trunk/src/ic.cc
/trunk/src/json.js
/trunk/src/mips/lithium-codegen-mips.cc
/trunk/src/objects.cc
/trunk/src/objects.h
/trunk/src/platform-win32.cc
/trunk/src/runtime.cc
/trunk/src/types.cc
/trunk/src/version.cc
/trunk/src/x64/lithium-codegen-x64.cc
/trunk/test/mjsunit/mjsunit.status
/trunk/test/mjsunit/regress/regress-3135.js
/trunk/test/mjsunit/regress/regress-crbug-349079.js
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-349870.js Thu Mar 6 17:59:13 2014
UTC
@@ -0,0 +1,7 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var r = /x/;
+Object.freeze(r);
+r.compile("x");
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-349885.js Thu Mar 6 17:59:13 2014
UTC
@@ -0,0 +1,15 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+// The bug 349885
+
+function foo(a) {
+ a[292755462] = new Object();
+}
+foo(new Array(5));
+foo(new Array(5));
+%OptimizeFunctionOnNextCall(foo);
+foo(new Array(10));
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-crbug-349465.js Thu Mar 6 17:59:13
2014 UTC
@@ -0,0 +1,17 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --debug-code --use-gvn
+
+function f(a, base) {
+ a[base] = 1;
+ a[base + 4] = 2;
+ a[base] = 3;
+}
+var a1 = new Array(1024);
+var a2 = new Array(128);
+f(a1, 1);
+f(a2, -2);
+%OptimizeFunctionOnNextCall(f);
+f(a1, -2);
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-crbug-349853.js Thu Mar 6 17:59:13
2014 UTC
@@ -0,0 +1,21 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+var a = ["string"];
+function funky(array) { return array[0] = 1; }
+funky(a);
+
+function crash() {
+ var q = [0];
+ // The failing ASSERT was only triggered when compiling for OSR.
+ for (var i = 0; i < 100000; i++) {
+ funky(q);
+ }
+ q[0] = 0;
+ funky(q)
+}
+
+crash();
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-crbug-349878.js Thu Mar 6 17:59:13
2014 UTC
@@ -0,0 +1,33 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function f(a, b) {
+ a == b;
+}
+
+f({}, {});
+
+var a = { y: 1.5 };
+a.y = 777;
+var b = a.y;
+
+function h() {
+ var d = 1;
+ var e = 777;
+ while (d-- > 0) e++;
+ f(1, e);
+}
+
+var global;
+function g() {
+ global = b;
+ return h(b);
+}
+
+g();
+g();
+%OptimizeFunctionOnNextCall(g);
+g();
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress/regress-force-representation.js Thu Mar 6
17:59:13 2014 UTC
@@ -0,0 +1,22 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function optimize(crankshaft_test) {
+ crankshaft_test();
+ crankshaft_test();
+ %OptimizeFunctionOnNextCall(crankshaft_test);
+ crankshaft_test();
+}
+
+function f() {
+ var v1 = 0;
+ var v2 = -0;
+ var t = v2++;
+ v2++;
+ return Math.max(v2++, v1++);
+}
+
+optimize(f);
=======================================
--- /dev/null
+++ /trunk/test/mjsunit/regress-keyed-store-non-strict-arguments.js Thu
Mar 6 17:59:13 2014 UTC
@@ -0,0 +1,16 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function args(arg) { return arguments; }
+var a = args(false);
+
+(function () {
+ "use strict";
+ a["const" + 0] = 0;
+})();
+
+(function () {
+ "use strict";
+ a[0] = 0;
+})();
=======================================
--- /trunk/ChangeLog Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/ChangeLog Thu Mar 6 17:59:13 2014 UTC
@@ -1,3 +1,13 @@
+2014-03-06: Version 3.25.5
+
+ Fix HConstants with Smi-ranged HeapNumber values (Chromium issue
+ 349878).
+
+ Fix issues with JSON stringify replacer array (issues 3200, 3201).
+
+ Performance and stability improvements on all platforms.
+
+
2014-03-05: Version 3.25.4
x64: Fix LMathMinMax for constant Smi right-hand operands (Chromium
=======================================
--- /trunk/Makefile Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/Makefile Thu Mar 6 17:59:13 2014 UTC
@@ -247,13 +247,15 @@
$(addsuffix .$(mode),$(NACL_ARCHES)))
# Generates corresponding test targets, e.g. "ia32.release.check".
CHECKS = $(addsuffix .check,$(BUILDS))
+QUICKCHECKS = $(addsuffix .quickcheck,$(BUILDS))
ANDROID_CHECKS = $(addsuffix .check,$(ANDROID_BUILDS))
NACL_CHECKS = $(addsuffix .check,$(NACL_BUILDS))
# File where previously used GYPFLAGS are stored.
ENVFILE = $(OUTDIR)/environment
.PHONY: all check clean dependencies $(ENVFILE).new native \
- qc quickcheck \
+ qc quickcheck $(QUICKCHECKS) \
+ $(addsuffix .quickcheck,$(MODES))
$(addsuffix .quickcheck,$(ARCHES)) \
$(ARCHES) $(MODES) $(BUILDS) $(CHECKS)
$(addsuffix .clean,$(ARCHES)) \
$(addsuffix .check,$(MODES)) $(addsuffix .check,$(ARCHES)) \
$(ANDROID_ARCHES) $(ANDROID_BUILDS) $(ANDROID_CHECKS) \
@@ -332,6 +334,18 @@
@tools/run-tests.py $(TESTJOBS) --outdir=$(OUTDIR) \
--arch-and-mode=$(basename $@) $(TESTFLAGS)
+$(addsuffix .quickcheck,$(MODES)): $$(basename $$@)
+ @tools/run-tests.py $(TESTJOBS) --outdir=$(OUTDIR) \
+ --mode=$(basename $@) $(TESTFLAGS) --quickcheck
+
+$(addsuffix .quickcheck,$(ARCHES)): $$(basename $$@)
+ @tools/run-tests.py $(TESTJOBS) --outdir=$(OUTDIR) \
+ --arch=$(basename $@) $(TESTFLAGS) --quickcheck
+
+$(QUICKCHECKS): $$(basename $$@)
+ @tools/run-tests.py $(TESTJOBS) --outdir=$(OUTDIR) \
+ --arch-and-mode=$(basename $@) $(TESTFLAGS) --quickcheck
+
$(addsuffix .sync, $(ANDROID_BUILDS)): $$(basename $$@)
@tools/android-sync.sh $(basename $@) $(OUTDIR) \
$(shell pwd) $(ANDROID_V8)
=======================================
--- /trunk/src/a64/lithium-codegen-a64.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/a64/lithium-codegen-a64.cc Thu Mar 6 17:59:13 2014 UTC
@@ -1489,11 +1489,7 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- if (size <= Page::kMaxRegularHeapObjectSize) {
- __ Allocate(size, result, temp1, temp2, deferred->entry(), flags);
- } else {
- __ B(deferred->entry());
- }
+ __ Allocate(size, result, temp1, temp2, deferred->entry(), flags);
} else {
Register size = ToRegister32(instr->size());
__ Sxtw(size.X(), size);
=======================================
--- /trunk/src/arm/lithium-codegen-arm.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/arm/lithium-codegen-arm.cc Thu Mar 6 17:59:13 2014 UTC
@@ -5262,11 +5262,7 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- if (size <= Page::kMaxRegularHeapObjectSize) {
- __ Allocate(size, result, scratch, scratch2, deferred->entry(),
flags);
- } else {
- __ jmp(deferred->entry());
- }
+ __ Allocate(size, result, scratch, scratch2, deferred->entry(), flags);
} else {
Register size = ToRegister(instr->size());
__ Allocate(size,
=======================================
--- /trunk/src/hydrogen-instructions.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/hydrogen-instructions.cc Thu Mar 6 17:59:13 2014 UTC
@@ -2562,7 +2562,11 @@
boolean_value_(integer_value != 0),
int32_value_(integer_value),
double_value_(FastI2D(integer_value)) {
- set_type(has_smi_value_ ? HType::Smi() : HType::TaggedNumber());
+ // It's possible to create a constant with a value in Smi-range but
stored
+ // in a (pre-existing) HeapNumber. See crbug.com/349878.
+ bool could_be_heapobject = r.IsTagged() && !object.handle().is_null();
+ bool is_smi = has_smi_value_ && !could_be_heapobject;
+ set_type(is_smi ? HType::Smi() : HType::TaggedNumber());
Initialize(r);
}
@@ -2582,7 +2586,11 @@
int32_value_(DoubleToInt32(double_value)),
double_value_(double_value) {
has_smi_value_ = has_int32_value_ && Smi::IsValid(int32_value_);
- set_type(has_smi_value_ ? HType::Smi() : HType::TaggedNumber());
+ // It's possible to create a constant with a value in Smi-range but
stored
+ // in a (pre-existing) HeapNumber. See crbug.com/349878.
+ bool could_be_heapobject = r.IsTagged() && !object.handle().is_null();
+ bool is_smi = has_smi_value_ && !could_be_heapobject;
+ set_type(is_smi ? HType::Smi() : HType::TaggedNumber());
Initialize(r);
}
@@ -2605,8 +2613,8 @@
void HConstant::Initialize(Representation r) {
if (r.IsNone()) {
- if (has_smi_value_ && SmiValuesAre31Bits()) {
- r = Representation::Smi();
+ if (has_smi_value_) {
+ r = Representation::FromType(Type::Smi());
} else if (has_int32_value_) {
r = Representation::Integer32();
} else if (has_double_value_) {
=======================================
--- /trunk/src/hydrogen-instructions.h Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/hydrogen-instructions.h Thu Mar 6 17:59:13 2014 UTC
@@ -6884,6 +6884,8 @@
return original_map_ == instr->original_map_ &&
transitioned_map_ == instr->transitioned_map_;
}
+
+ virtual int RedefinedOperandIndex() { return 0; }
private:
HTransitionElementsKind(HValue* context,
=======================================
--- /trunk/src/hydrogen-representation-changes.cc Tue Mar 4 09:06:17 2014
UTC
+++ /trunk/src/hydrogen-representation-changes.cc Thu Mar 6 17:59:13 2014
UTC
@@ -78,7 +78,10 @@
HValue* value) {
Representation r = value->representation();
if (r.IsNone()) return;
- if (value->HasNoUses()) return;
+ if (value->HasNoUses()) {
+ if (value->IsForceRepresentation()) value->DeleteAndReplaceWith(NULL);
+ return;
+ }
for (HUseIterator it(value->uses()); !it.Done(); it.Advance()) {
HValue* use_value = it.value();
=======================================
--- /trunk/src/hydrogen.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/hydrogen.cc Thu Mar 6 17:59:13 2014 UTC
@@ -8741,7 +8741,7 @@
// The input to the count operation is on top of the expression stack.
Representation rep = Representation::FromType(expr->type());
if (rep.IsNone() || rep.IsTagged()) {
- rep = Representation::Smi();
+ rep = Representation::FromType(Type::Smi());
}
if (returns_original_input) {
@@ -8991,14 +8991,8 @@
HValue* HGraphBuilder::EnforceNumberType(HValue* number,
Type* expected) {
- if (expected->Is(Type::Smi())) {
- return AddUncasted<HForceRepresentation>(number,
Representation::Smi());
- }
- if (expected->Is(Type::Signed32())) {
- return AddUncasted<HForceRepresentation>(number,
- Representation::Integer32());
- }
- return number;
+ return AddUncasted<HForceRepresentation>(
+ number, Representation::FromType(expected));
}
=======================================
--- /trunk/src/ia32/lithium-codegen-ia32.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/ia32/lithium-codegen-ia32.cc Thu Mar 6 17:59:13 2014 UTC
@@ -5789,11 +5789,7 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- if (size <= Page::kMaxRegularHeapObjectSize) {
- __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
- } else {
- __ jmp(deferred->entry());
- }
+ __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
} else {
Register size = ToRegister(instr->size());
__ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
=======================================
--- /trunk/src/ic.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/ic.cc Thu Mar 6 17:59:13 2014 UTC
@@ -1689,7 +1689,9 @@
bool key_is_smi_like = key->IsSmi() || !key->ToSmi()->IsFailure();
if (receiver->elements()->map() ==
isolate()->heap()->non_strict_arguments_elements_map()) {
- stub = non_strict_arguments_stub();
+ if (strict_mode() == kNonStrictMode) {
+ stub = non_strict_arguments_stub();
+ }
} else if (key_is_smi_like &&
!(target().is_identical_to(non_strict_arguments_stub())))
{
// We should go generic if receiver isn't a dictionary, but our
@@ -1699,7 +1701,12 @@
if
(!(receiver->map()->DictionaryElementsInPrototypeChainOnly())) {
KeyedAccessStoreMode store_mode =
GetStoreMode(receiver, key, value);
- stub = StoreElementStub(receiver, store_mode);
+ // Use the generic stub if the store would send the receiver to
+ // dictionary mode.
+ if (!IsGrowStoreMode(store_mode) ||
+ !receiver->WouldConvertToSlowElements(key)) {
+ stub = StoreElementStub(receiver, store_mode);
+ }
}
}
}
=======================================
--- /trunk/src/json.js Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/src/json.js Thu Mar 6 17:59:13 2014 UTC
@@ -213,14 +213,21 @@
if (IS_ARRAY(replacer)) {
// Deduplicate replacer array items.
var property_list = new InternalArray();
- var seen_properties = {};
+ var seen_properties = { __proto__: null };
+ var seen_sentinel = {};
var length = replacer.length;
for (var i = 0; i < length; i++) {
var item = replacer[i];
- if (IS_NUMBER(item)) item = %_NumberToString(item);
- if (IS_STRING(item) && !(item in seen_properties)) {
+ if (IS_STRING_WRAPPER(item)) {
+ item = ToString(item);
+ } else {
+ if (IS_NUMBER_WRAPPER(item)) item = ToNumber(item);
+ if (IS_NUMBER(item)) item = %_NumberToString(item);
+ }
+ if (IS_STRING(item) && seen_properties[item] != seen_sentinel) {
property_list.push(item);
- seen_properties[item] = true;
+ // We cannot use true here because __proto__ needs to be an object.
+ seen_properties[item] = seen_sentinel;
}
}
replacer = property_list;
=======================================
--- /trunk/src/mips/lithium-codegen-mips.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/mips/lithium-codegen-mips.cc Thu Mar 6 17:59:13 2014 UTC
@@ -5217,11 +5217,7 @@
}
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- if (size <= Page::kMaxRegularHeapObjectSize) {
- __ Allocate(size, result, scratch, scratch2, deferred->entry(),
flags);
- } else {
- __ jmp(deferred->entry());
- }
+ __ Allocate(size, result, scratch, scratch2, deferred->entry(), flags);
} else {
Register size = ToRegister(instr->size());
__ Allocate(size,
=======================================
--- /trunk/src/objects.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/objects.cc Thu Mar 6 17:59:13 2014 UTC
@@ -13111,6 +13111,21 @@
}
}
}
+
+
+bool JSObject::WouldConvertToSlowElements(Handle<Object> key) {
+ uint32_t index;
+ if (HasFastElements() && key->ToArrayIndex(&index)) {
+ Handle<FixedArrayBase> backing_store(FixedArrayBase::cast(elements()));
+ uint32_t capacity = static_cast<uint32_t>(backing_store->length());
+ if (index >= capacity) {
+ if ((index - capacity) >= kMaxGap) return true;
+ uint32_t new_capacity = NewElementsCapacity(index + 1);
+ return ShouldConvertToSlowElements(new_capacity);
+ }
+ }
+ return false;
+}
bool JSObject::ShouldConvertToSlowElements(int new_capacity) {
=======================================
--- /trunk/src/objects.h Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/src/objects.h Thu Mar 6 17:59:13 2014 UTC
@@ -2412,6 +2412,9 @@
uint32_t arg_count,
EnsureElementsMode mode);
+ // Would we convert a fast elements array to dictionary mode given
+ // an access at key?
+ bool WouldConvertToSlowElements(Handle<Object> key);
// Do we want to keep the elements in fast case when increasing the
// capacity?
bool ShouldConvertToSlowElements(int new_capacity);
=======================================
--- /trunk/src/platform-win32.cc Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/src/platform-win32.cc Thu Mar 6 17:59:13 2014 UTC
@@ -662,15 +662,15 @@
static void VPrintHelper(FILE* stream, const char* format, va_list args) {
- if (HasConsole()) {
- vfprintf(stream, format, args);
- } else {
+ if ((stream == stdout || stream == stderr) && !HasConsole()) {
// It is important to use safe print here in order to avoid
// overflowing the buffer. We might truncate the output, but this
// does not crash.
EmbeddedVector<char, 4096> buffer;
OS::VSNPrintF(buffer, format, args);
OutputDebugStringA(buffer.start());
+ } else {
+ vfprintf(stream, format, args);
}
}
=======================================
--- /trunk/src/runtime.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/runtime.cc Thu Mar 6 17:59:13 2014 UTC
@@ -2540,7 +2540,6 @@
RUNTIME_FUNCTION(MaybeObject*, Runtime_RegExpInitializeObject) {
HandleScope scope(isolate);
- DisallowHeapAllocation no_allocation;
ASSERT(args.length() == 5);
CONVERT_ARG_HANDLE_CHECKED(JSRegExp, regexp, 0);
CONVERT_ARG_HANDLE_CHECKED(String, source, 1);
=======================================
--- /trunk/src/types.cc Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/src/types.cc Thu Mar 6 17:59:13 2014 UTC
@@ -568,7 +568,8 @@
// TODO(rossberg): this does not belong here.
Representation Representation::FromType(Type* type) {
if (type->Is(Type::None())) return Representation::None();
- if (type->Is(Type::Smi())) return Representation::Smi();
+ if (type->Is(Type::Smi())) return SmiValuesAre31Bits()
+ ? Representation::Smi() : Representation::Integer32();
if (type->Is(Type::Signed32())) return Representation::Integer32();
if (type->Is(Type::Number())) return Representation::Double();
return Representation::Tagged();
=======================================
--- /trunk/src/version.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/version.cc Thu Mar 6 17:59:13 2014 UTC
@@ -34,7 +34,7 @@
// system so their names cannot be changed without changing the scripts.
#define MAJOR_VERSION 3
#define MINOR_VERSION 25
-#define BUILD_NUMBER 4
+#define BUILD_NUMBER 5
#define PATCH_LEVEL 0
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
=======================================
--- /trunk/src/x64/lithium-codegen-x64.cc Wed Mar 5 15:10:53 2014 UTC
+++ /trunk/src/x64/lithium-codegen-x64.cc Thu Mar 6 17:59:13 2014 UTC
@@ -4025,44 +4025,51 @@
void LCodeGen::DoBoundsCheck(LBoundsCheck* instr) {
- if (instr->hydrogen()->skip_check()) return;
+ HBoundsCheck* hinstr = instr->hydrogen();
+ if (hinstr->skip_check()) return;
+
+ Representation representation = hinstr->length()->representation();
+ ASSERT(representation.Equals(hinstr->index()->representation()));
+ ASSERT(representation.IsSmiOrInteger32());
if (instr->length()->IsRegister()) {
Register reg = ToRegister(instr->length());
- if (!instr->hydrogen()->length()->representation().IsSmi()) {
- __ AssertZeroExtended(reg);
- }
+
if (instr->index()->IsConstantOperand()) {
int32_t constant_index =
ToInteger32(LConstantOperand::cast(instr->index()));
- if (instr->hydrogen()->length()->representation().IsSmi()) {
+ if (representation.IsSmi()) {
__ Cmp(reg, Smi::FromInt(constant_index));
} else {
- __ cmpq(reg, Immediate(constant_index));
+ __ cmpl(reg, Immediate(constant_index));
}
} else {
Register reg2 = ToRegister(instr->index());
- if (!instr->hydrogen()->index()->representation().IsSmi()) {
- __ AssertZeroExtended(reg2);
+ if (representation.IsSmi()) {
+ __ cmpq(reg, reg2);
+ } else {
+ __ cmpl(reg, reg2);
}
- __ cmpq(reg, reg2);
}
} else {
Operand length = ToOperand(instr->length());
if (instr->index()->IsConstantOperand()) {
int32_t constant_index =
ToInteger32(LConstantOperand::cast(instr->index()));
- if (instr->hydrogen()->length()->representation().IsSmi()) {
+ if (representation.IsSmi()) {
__ Cmp(length, Smi::FromInt(constant_index));
} else {
- __ cmpq(length, Immediate(constant_index));
+ __ cmpl(length, Immediate(constant_index));
}
} else {
- __ cmpq(length, ToRegister(instr->index()));
+ if (representation.IsSmi()) {
+ __ cmpq(length, ToRegister(instr->index()));
+ } else {
+ __ cmpl(length, ToRegister(instr->index()));
+ }
}
}
- Condition condition =
- instr->hydrogen()->allow_equality() ? below : below_equal;
+ Condition condition = hinstr->allow_equality() ? below : below_equal;
ApplyCheckIf(condition, instr);
}
@@ -5085,11 +5092,7 @@
if (instr->size()->IsConstantOperand()) {
int32_t size = ToInteger32(LConstantOperand::cast(instr->size()));
- if (size <= Page::kMaxRegularHeapObjectSize) {
- __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
- } else {
- __ jmp(deferred->entry());
- }
+ __ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
} else {
Register size = ToRegister(instr->size());
__ Allocate(size, result, temp, no_reg, deferred->entry(), flags);
=======================================
--- /trunk/test/mjsunit/mjsunit.status Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/test/mjsunit/mjsunit.status Thu Mar 6 17:59:13 2014 UTC
@@ -165,7 +165,7 @@
# Long running tests.
'regress/regress-2185': [PASS, ['mode == debug', PASS, TIMEOUT]],
'regress/regress-2185-2': [PASS, TIMEOUT],
- 'whitespaces': [PASS, TIMEOUT],
+ 'whitespaces': [PASS, TIMEOUT, SLOW],
# Stack manipulations in LiveEdit is not implemented for this arch.
'debug-liveedit-check-stack': [SKIP],
@@ -211,8 +211,6 @@
'unicodelctest-no-optimization': [PASS, SLOW],
'unicodelctest': [PASS, SLOW],
'unicode-test': [PASS, SLOW],
- 'whitespaces': [PASS, SLOW],
- 'whitespaces': [PASS, SLOW],
}], # 'arch == a64'
['arch == a64 and mode == debug and simulator_run == True', {
=======================================
--- /trunk/test/mjsunit/regress/regress-3135.js Tue Mar 4 09:06:17 2014 UTC
+++ /trunk/test/mjsunit/regress/regress-3135.js Thu Mar 6 17:59:13 2014 UTC
@@ -19,10 +19,21 @@
assertEquals('{"y":4,"1":2,"x":3}',
JSON.stringify({ x : 3, y : 4, 1 : 2 }, ["y", 1, "x"]));
-// __proto__ is ignored and doesn't break anything.
+// With a replacer array the value of the property is retrieved using
[[Get]]
+// ignoring own and enumerability.
var a = { x : 8 };
+assertEquals('{"__proto__":{"__proto__":null},"x":8}',
+ JSON.stringify(a, ["__proto__", "x", "__proto__"]));
a.__proto__ = { x : 7 };
-assertEquals('{"x":8}', JSON.stringify(a,
["__proto__", "x", "__proto__"]));
+assertEquals('{"__proto__":{"__proto__":{"__proto__":null},"x":7},"x":8}',
+ JSON.stringify(a, ["__proto__", "x"]));
+var b = { __proto__: { x: 9 } };
+assertEquals('{}', JSON.stringify(b));
+assertEquals('{"x":9}', JSON.stringify(b, ["x"]));
+var c = {x: 10};
+Object.defineProperty(c, 'x', { enumerable: false });
+assertEquals('{}', JSON.stringify(c));
+assertEquals('{"x":10}', JSON.stringify(c, ["x"]));
// Arrays are not affected by the replacer array.
assertEquals("[9,8,7]", JSON.stringify([9, 8, 7], [1, 1]));
@@ -51,3 +62,12 @@
assertEquals('{}',
JSON.stringify({ x : 1, "1": 1 },
[{ valueOf: function() { return 1;} }]));
+
+// Make sure that property names that clash with the names of
Object.prototype
+// still works.
+assertEquals('{"toString":42}', JSON.stringify({ toString: 42 },
["toString"]));
+
+// Number wrappers and String wrappers should be unwrapped.
+assertEquals('{"1":1,"s":"s"}',
+ JSON.stringify({ 1: 1, s: "s" },
+ [new Number(1), new String("s")]));
=======================================
--- /trunk/test/mjsunit/regress/regress-crbug-349079.js Wed Mar 5 15:10:53
2014 UTC
+++ /trunk/test/mjsunit/regress/regress-crbug-349079.js Thu Mar 6 17:59:13
2014 UTC
@@ -21,3 +21,16 @@
crash();
%OptimizeFunctionOnNextCall(crash);
crash();
+
+function f() {
+ var v1 = 0;
+ var v2 = -0;
+ var t = v2++;
+ v2++;
+ return Math.max(v2++, v1++);
+}
+
+f();
+f();
+%OptimizeFunctionOnNextCall(f);
+f();
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
