Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Imported Upstream version 3.1.8.18

  • Loading branch information...
commit bc5d4d33a93cb72d6330bb3bb21b8f2a83ca96d6 1 parent 95cc200
Jérémy Lal authored May 23, 2011
8  src/arm/code-stubs-arm.cc
@@ -3425,6 +3425,8 @@ void TypeRecordingBinaryOpStub::GenerateInt32Stub(MacroAssembler* masm) {
3425 3425
         // Save the left value on the stack.
3426 3426
         __ Push(r5, r4);
3427 3427
 
  3428
+        Label pop_and_call_runtime;
  3429
+
3428 3430
         // Allocate a heap number to store the result.
3429 3431
         heap_number_result = r5;
3430 3432
         GenerateHeapResultAllocation(masm,
@@ -3432,7 +3434,7 @@ void TypeRecordingBinaryOpStub::GenerateInt32Stub(MacroAssembler* masm) {
3432 3434
                                      heap_number_map,
3433 3435
                                      scratch1,
3434 3436
                                      scratch2,
3435  
-                                     &call_runtime);
  3437
+                                     &pop_and_call_runtime);
3436 3438
 
3437 3439
         // Load the left value from the value saved on the stack.
3438 3440
         __ Pop(r1, r0);
@@ -3440,6 +3442,10 @@ void TypeRecordingBinaryOpStub::GenerateInt32Stub(MacroAssembler* masm) {
3440 3442
         // Call the C function to handle the double operation.
3441 3443
         FloatingPointHelper::CallCCodeForDoubleOperation(
3442 3444
             masm, op_, heap_number_result, scratch1);
  3445
+
  3446
+        __ bind(&pop_and_call_runtime);
  3447
+        __ Drop(2);
  3448
+        __ b(&call_runtime);
3443 3449
       }
3444 3450
 
3445 3451
       break;
4  src/builtins.cc
@@ -818,8 +818,8 @@ BUILTIN(ArraySplice) {
818 818
       const int delta = actual_delete_count - item_count;
819 819
 
820 820
       if (actual_start > 0) {
821  
-        Object** start = elms->data_start();
822  
-        memmove(start + delta, start, actual_start * kPointerSize);
  821
+        AssertNoAllocation no_gc;
  822
+        MoveElements(&no_gc, elms, delta, elms, 0, actual_start);
823 823
       }
824 824
 
825 825
       elms = LeftTrimFixedArray(elms, delta);
22  src/hydrogen-instructions.h
@@ -789,15 +789,33 @@ class HBlockEntry: public HTemplateInstruction<0> {
789 789
 };
790 790
 
791 791
 
792  
-class HDeoptimize: public HTemplateControlInstruction<0> {
  792
+class HDeoptimize: public HControlInstruction {
793 793
  public:
794  
-  HDeoptimize() : HTemplateControlInstruction<0>(NULL, NULL) { }
  794
+  HDeoptimize(int environment_length)
  795
+      : HControlInstruction(NULL, NULL),
  796
+        values_(environment_length) { }
795 797
 
796 798
   virtual Representation RequiredInputRepresentation(int index) const {
797 799
     return Representation::None();
798 800
   }
799 801
 
  802
+  virtual int OperandCount() { return values_.length(); }
  803
+  virtual HValue* OperandAt(int index) { return values_[index]; }
  804
+
  805
+  void AddEnvironmentValue(HValue* value) {
  806
+    values_.Add(NULL);
  807
+    SetOperandAt(values_.length() - 1, value);
  808
+  }
  809
+
800 810
   DECLARE_CONCRETE_INSTRUCTION(Deoptimize, "deoptimize")
  811
+
  812
+ protected:
  813
+  virtual void InternalSetOperandAt(int index, HValue* value) {
  814
+    values_[index] = value;
  815
+  }
  816
+
  817
+ private:
  818
+  ZoneList<HValue*> values_;
801 819
 };
802 820
 
803 821
 
23  src/hydrogen.cc
@@ -113,6 +113,21 @@ void HBasicBlock::AddInstruction(HInstruction* instr) {
113 113
 }
114 114
 
115 115
 
  116
+HDeoptimize* HBasicBlock::CreateDeoptimize() {
  117
+  ASSERT(HasEnvironment());
  118
+  HEnvironment* environment = last_environment();
  119
+
  120
+  HDeoptimize* instr = new HDeoptimize(environment->length());
  121
+
  122
+  for (int i = 0; i < environment->length(); i++) {
  123
+    HValue* val = environment->values()->at(i);
  124
+    instr->AddEnvironmentValue(val);
  125
+  }
  126
+
  127
+  return instr;
  128
+}
  129
+
  130
+
116 131
 HSimulate* HBasicBlock::CreateSimulate(int id) {
117 132
   ASSERT(HasEnvironment());
118 133
   HEnvironment* environment = last_environment();
@@ -2560,7 +2575,7 @@ void HGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
2560 2575
   // If we have a non-smi compare clause, we deoptimize after trying
2561 2576
   // all the previous compares.
2562 2577
   if (num_smi_clauses < num_clauses) {
2563  
-    last_false_block->Finish(new HDeoptimize);
  2578
+    last_false_block->FinishExitWithDeoptimization();
2564 2579
   }
2565 2580
 
2566 2581
   // Build statement blocks, connect them to their comparison block and
@@ -3230,7 +3245,7 @@ void HGraphBuilder::HandlePolymorphicStoreNamedField(Assignment* expr,
3230 3245
     HSubgraph* default_graph = CreateBranchSubgraph(environment());
3231 3246
     { SubgraphScope scope(this, default_graph);
3232 3247
       if (!needs_generic && FLAG_deoptimize_uncommon_cases) {
3233  
-        default_graph->exit_block()->FinishExit(new HDeoptimize());
  3248
+        default_graph->exit_block()->FinishExitWithDeoptimization();
3234 3249
         default_graph->set_exit_block(NULL);
3235 3250
       } else {
3236 3251
         HInstruction* instr = BuildStoreNamedGeneric(object, name, value);
@@ -3567,7 +3582,7 @@ void HGraphBuilder::HandlePolymorphicLoadNamedField(Property* expr,
3567 3582
     HSubgraph* default_graph = CreateBranchSubgraph(environment());
3568 3583
     { SubgraphScope scope(this, default_graph);
3569 3584
       if (!needs_generic && FLAG_deoptimize_uncommon_cases) {
3570  
-        default_graph->exit_block()->FinishExit(new HDeoptimize());
  3585
+        default_graph->exit_block()->FinishExitWithDeoptimization();
3571 3586
         default_graph->set_exit_block(NULL);
3572 3587
       } else {
3573 3588
         HInstruction* instr = BuildLoadNamedGeneric(object, expr);
@@ -3928,7 +3943,7 @@ void HGraphBuilder::HandlePolymorphicCallNamed(Call* expr,
3928 3943
     HSubgraph* default_graph = CreateBranchSubgraph(environment());
3929 3944
     { SubgraphScope scope(this, default_graph);
3930 3945
       if (!needs_generic && FLAG_deoptimize_uncommon_cases) {
3931  
-        default_graph->exit_block()->FinishExit(new HDeoptimize());
  3946
+        default_graph->exit_block()->FinishExitWithDeoptimization();
3932 3947
         default_graph->set_exit_block(NULL);
3933 3948
       } else {
3934 3949
         HContext* context = new HContext;
5  src/hydrogen.h
@@ -124,6 +124,10 @@ class HBasicBlock: public ZoneObject {
124 124
   void AddSimulate(int id) { AddInstruction(CreateSimulate(id)); }
125 125
   void AssignCommonDominator(HBasicBlock* other);
126 126
 
  127
+  void FinishExitWithDeoptimization() {
  128
+    FinishExit(CreateDeoptimize());
  129
+  }
  130
+
127 131
   // Add the inlined function exit sequence, adding an HLeaveInlined
128 132
   // instruction and updating the bailout environment.
129 133
   void AddLeaveInlined(HValue* return_value, HBasicBlock* target);
@@ -146,6 +150,7 @@ class HBasicBlock: public ZoneObject {
146 150
   void AddDominatedBlock(HBasicBlock* block);
147 151
 
148 152
   HSimulate* CreateSimulate(int id);
  153
+  HDeoptimize* CreateDeoptimize();
149 154
 
150 155
   int block_id_;
151 156
   HGraph* graph_;
5  src/objects.h
@@ -585,6 +585,7 @@ enum CompareResult {
585 585
 
586 586
 class StringStream;
587 587
 class ObjectVisitor;
  588
+class Failure;
588 589
 
589 590
 struct ValueInfo : public Malloced {
590 591
   ValueInfo() : type(FIRST_TYPE), ptr(NULL), str(NULL), number(0) { }
@@ -611,6 +612,10 @@ class MaybeObject BASE_EMBEDDED {
611 612
     *obj = reinterpret_cast<Object*>(this);
612 613
     return true;
613 614
   }
  615
+  inline Failure* ToFailureUnchecked() {
  616
+    ASSERT(IsFailure());
  617
+    return reinterpret_cast<Failure*>(this);
  618
+  }
614 619
   inline Object* ToObjectUnchecked() {
615 620
     ASSERT(!IsFailure());
616 621
     return reinterpret_cast<Object*>(this);
2  src/runtime.cc
@@ -2625,7 +2625,7 @@ MUST_USE_RESULT static MaybeObject* StringReplaceRegExpWithEmptyString(
2625 2625
     end = RegExpImpl::GetCapture(match_info_array, 1);
2626 2626
   }
2627 2627
 
2628  
-  int length = subject->length();
  2628
+  int length = subject_handle->length();
2629 2629
   int new_length = length - (end - start);
2630 2630
   if (new_length == 0) {
2631 2631
     return Heap::empty_string();
3  src/top.cc
... ...
@@ -1,4 +1,4 @@
1  
-// Copyright 2006-2008 the V8 project authors. All rights reserved.
  1
+// Copyright 2011 the V8 project authors. All rights reserved.
2 2
 // Redistribution and use in source and binary forms, with or without
3 3
 // modification, are permitted provided that the following conditions are
4 4
 // met:
@@ -740,6 +740,7 @@ Failure* Top::ReThrow(MaybeObject* exception, MessageLocation* location) {
740 740
 
741 741
   // Set the exception being re-thrown.
742 742
   set_pending_exception(exception);
  743
+  if (exception->IsFailure()) return exception->ToFailureUnchecked();
743 744
   return Failure::Exception();
744 745
 }
745 746
 
14  src/v8natives.js
@@ -147,17 +147,6 @@ function GlobalEval(x) {
147 147
 }
148 148
 
149 149
 
150  
-// execScript for IE compatibility.
151  
-function GlobalExecScript(expr, lang) {
152  
-  // NOTE: We don't care about the character casing.
153  
-  if (!lang || /javascript/i.test(lang)) {
154  
-    var f = %CompileString(ToString(expr));
155  
-    f.call(%GlobalReceiver(global));
156  
-  }
157  
-  return null;
158  
-}
159  
-
160  
-
161 150
 // ----------------------------------------------------------------------------
162 151
 
163 152
 
@@ -177,8 +166,7 @@ function SetupGlobal() {
177 166
     "isFinite", GlobalIsFinite,
178 167
     "parseInt", GlobalParseInt,
179 168
     "parseFloat", GlobalParseFloat,
180  
-    "eval", GlobalEval,
181  
-    "execScript", GlobalExecScript
  169
+    "eval", GlobalEval
182 170
   ));
183 171
 }
184 172
 
2  src/version.cc
@@ -35,7 +35,7 @@
35 35
 #define MAJOR_VERSION     3
36 36
 #define MINOR_VERSION     1
37 37
 #define BUILD_NUMBER      8
38  
-#define PATCH_LEVEL       10
  38
+#define PATCH_LEVEL       18
39 39
 #define CANDIDATE_VERSION false
40 40
 
41 41
 // Define SONAME to have the SCons build the put a specific SONAME into the
2  src/x64/assembler-x64.cc
@@ -1379,7 +1379,7 @@ void Assembler::jmp(NearLabel* L) {
1379 1379
   EnsureSpace ensure_space(this);
1380 1380
   last_pc_ = pc_;
1381 1381
   if (L->is_bound()) {
1382  
-    const int short_size = sizeof(int8_t);
  1382
+    const int short_size = 2;
1383 1383
     int offs = L->pos() - pc_offset();
1384 1384
     ASSERT(offs <= 0);
1385 1385
     ASSERT(is_int8(offs - short_size));
2  test/mjsunit/function-names.js
@@ -128,6 +128,6 @@ var globalFunctions = [
128 128
     "encodeURI", "encodeURIComponent", "Error", "TypeError",
129 129
     "RangeError", "SyntaxError", "ReferenceError", "EvalError",
130 130
     "URIError", "isNaN", "isFinite", "parseInt", "parseFloat",
131  
-    "eval", "execScript"];
  131
+    "eval"];
132 132
 
133 133
 TestFunctionNames(this, globalFunctions);
36  test/mjsunit/execScript-case-insensitive.js → test/mjsunit/regress/regress-1257.js
... ...
@@ -1,4 +1,4 @@
1  
-// Copyright 2008 the V8 project authors. All rights reserved.
  1
+// Copyright 2011 the V8 project authors. All rights reserved.
2 2
 // Redistribution and use in source and binary forms, with or without
3 3
 // modification, are permitted provided that the following conditions are
4 4
 // met:
@@ -25,10 +25,34 @@
25 25
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 26
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 27
 
28  
-var x  = 0;
29  
-execScript('x = 1', 'javascript');
30  
-assertEquals(1, x);
  28
+function g(y) { assertEquals(y, 12); }
31 29
 
32  
-execScript('x = 2', 'JavaScript');
33  
-assertEquals(2, x);
  30
+var X = 0;
34 31
 
  32
+function foo () {
  33
+  var cnt = 0;
  34
+  var l = -1;
  35
+  var x = 0;
  36
+  while (1) switch (l) {
  37
+      case -1:
  38
+        var y = x + 12;
  39
+        l = 0;
  40
+        break;
  41
+      case 0:
  42
+        // Loop for to hit OSR.
  43
+        if (cnt++ < 10000000) {
  44
+          l = 0;
  45
+          break;
  46
+        } else {
  47
+          l = 1;
  48
+          break;
  49
+        }
  50
+      case 1:
  51
+        // This case will contain deoptimization
  52
+        // because it has no type feedback.
  53
+        g(y);
  54
+        return;
  55
+    };
  56
+}
  57
+
  58
+foo();
35  test/mjsunit/regress/regress-1341167.js → test/mjsunit/regress/splice-missing-wb.js
... ...
@@ -1,4 +1,4 @@
1  
-// Copyright 2008 the V8 project authors. All rights reserved.
  1
+// Copyright 2011 the V8 project authors. All rights reserved.
2 2
 // Redistribution and use in source and binary forms, with or without
3 3
 // modification, are permitted provided that the following conditions are
4 4
 // met:
@@ -25,9 +25,32 @@
25 25
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26 26
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 27
 
28  
-// Make sure that 'this' is bound to the global object when using
29  
-// execScript.
  28
+// Flags: --expose-gc
30 29
 
31  
-var result;
32  
-execScript("result = this");
33  
-assertTrue(result === this);
  30
+// Create array large enough to span several page regions.
  31
+var a = new Array(500);
  32
+
  33
+// Fill it with values.
  34
+for (var i = 0; i < a.length; i++) a[i] = {idx:i};
  35
+
  36
+// Force it into oldspace.
  37
+gc();
  38
+gc();
  39
+
  40
+// Array should be in old space now. Store young object into array.
  41
+// Region will be marked.
  42
+a[0] = {idx:0};
  43
+
  44
+// Delete elements a[2] .. a[201]. Internally we will use
  45
+// trimming of backing store. a[0] a[1] will be moved to
  46
+// memory location previously occupied by a[200] a[201].
  47
+a.splice(2, 200);
  48
+
  49
+// Force gc and heap verification.
  50
+gc();
  51
+
  52
+// Try accessing a[0].idx. It will segfault if write-barrier was accidentally
  53
+// omitted.
  54
+assertEquals(0, a[0].idx);
  55
+assertEquals(1, a[1].idx);
  56
+assertEquals(202, a[2].idx);

0 notes on commit bc5d4d3

Please sign in to comment.
Something went wrong with that request. Please try again.