Permalink
Browse files

Version 3.4.1.

Fixed JSON stringify issue with arrays.

Changed calls to JS builtins to be passed undefined when called with implicit receiver.

Implemented the set trap for Harmony proxies. Proxies still need to be enabled with the --harmony-proxies flag.



git-svn-id: https://v8.googlecode.com/svn/trunk@8130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
  • Loading branch information...
1 parent d2ad7e1 commit 064fc53841ba4624b9e8487412ff274d034008d1 ricow@chromium.org committed Jun 1, 2011
Showing with 2,520 additions and 1,056 deletions.
  1. +11 −0 ChangeLog
  2. +1 −1 include/v8.h
  3. +4 −1 src/SConscript
  4. +2 −0 src/api.cc
  5. +17 −17 src/arm/builtins-arm.cc
  6. +15 −11 src/arm/code-stubs-arm.cc
  7. +31 −28 src/arm/full-codegen-arm.cc
  8. +10 −5 src/arm/ic-arm.cc
  9. +10 −0 src/arm/lithium-arm.cc
  10. +6 −0 src/arm/lithium-arm.h
  11. +56 −27 src/arm/lithium-codegen-arm.cc
  12. +8 −5 src/arm/macro-assembler-arm.cc
  13. +9 −8 src/arm/macro-assembler-arm.h
  14. +32 −21 src/arm/stub-cache-arm.cc
  15. +9 −12 src/ast.h
  16. +1 −0 src/bootstrapper.cc
  17. +5 −1 src/compiler.cc
  18. +12 −2 src/compiler.h
  19. +3 −1 src/contexts.h
  20. +94 −0 src/d8.cc
  21. +13 −0 src/d8.h
  22. +3 −1 src/extensions/experimental/break-iterator.cc
  23. +1 −1 src/extensions/experimental/break-iterator.h
  24. +1 −2 src/extensions/experimental/collator.cc
  25. +1 −2 src/extensions/experimental/collator.h
  26. +11 −4 src/extensions/experimental/experimental.gyp
  27. +6 −16 src/extensions/experimental/i18n-extension.cc
  28. +1 −1 src/extensions/experimental/i18n-extension.h
  29. +126 −0 src/extensions/experimental/i18n-js2c.py
  30. +3 −4 src/extensions/experimental/i18n-locale.cc
  31. +1 −1 src/extensions/experimental/i18n-locale.h
  32. +43 −0 src/extensions/experimental/i18n-natives.h
  33. +1 −1 src/extensions/experimental/i18n-utils.cc
  34. +4 −3 src/extensions/experimental/language-matcher.cc
  35. +1 −1 src/extensions/experimental/language-matcher.h
  36. +0 −21 src/flag-definitions.h
  37. +109 −159 src/full-codegen.cc
  38. +15 −36 src/full-codegen.h
  39. +4 −15 src/handles.cc
  40. +3 −7 src/handles.h
  41. +3 −1 src/heap.cc
  42. +4 −5 src/hydrogen-instructions.cc
  43. +39 −7 src/hydrogen-instructions.h
  44. +54 −18 src/hydrogen.cc
  45. +2 −0 src/hydrogen.h
  46. +20 −18 src/ia32/builtins-ia32.cc
  47. +12 −8 src/ia32/code-stubs-ia32.cc
  48. +29 −26 src/ia32/full-codegen-ia32.cc
  49. +10 −5 src/ia32/ic-ia32.cc
  50. +52 −25 src/ia32/lithium-codegen-ia32.cc
  51. +10 −0 src/ia32/lithium-ia32.cc
  52. +6 −0 src/ia32/lithium-ia32.h
  53. +8 −6 src/ia32/macro-assembler-ia32.cc
  54. +8 −7 src/ia32/macro-assembler-ia32.h
  55. +43 −19 src/ia32/stub-cache-ia32.cc
  56. +11 −4 src/ic.cc
  57. +4 −0 src/isolate.cc
  58. +9 −12 src/json.js
  59. +10 −0 src/lithium-allocator.cc
  60. +110 −14 src/liveedit.cc
  61. +3 −3 src/liveedit.h
  62. +6 −0 src/log.cc
  63. +1 −0 src/macros.py
  64. +7 −9 src/mark-compact.cc
  65. +2 −4 src/mips/builtins-mips.cc
  66. +1 −1 src/mips/full-codegen-mips.cc
  67. +1 −1 src/natives.h
  68. +29 −15 src/objects-inl.h
  69. +142 −44 src/objects.cc
  70. +153 −93 src/objects.h
  71. +97 −0 src/profile-generator.cc
  72. +4 −0 src/profile-generator.h
  73. +52 −3 src/proxy.js
  74. +6 −5 src/runtime.cc
  75. +2 −2 src/runtime.h
  76. +1 −6 src/stub-cache.cc
  77. +19 −14 src/stub-cache.h
  78. +28 −15 src/v8natives.js
  79. +2 −2 src/version.cc
  80. +21 −19 src/x64/builtins-x64.cc
  81. +17 −13 src/x64/code-stubs-x64.cc
  82. +30 −26 src/x64/full-codegen-x64.cc
  83. +10 −5 src/x64/ic-x64.cc
  84. +50 −23 src/x64/lithium-codegen-x64.cc
  85. +10 −0 src/x64/lithium-x64.cc
  86. +6 −0 src/x64/lithium-x64.h
  87. +6 −4 src/x64/macro-assembler-x64.cc
  88. +8 −7 src/x64/macro-assembler-x64.h
  89. +42 −18 src/x64/stub-cache-x64.cc
  90. +3 −0 test/cctest/cctest.status
  91. +1 −1 test/cctest/test-api.cc
  92. +52 −2 test/cctest/test-heap-profiler.cc
  93. +3 −3 test/cctest/test-liveedit.cc
  94. +18 −9 test/mjsunit/array-reduce.js
  95. +68 −0 test/mjsunit/compiler/regress-const.js
  96. +49 −16 test/mjsunit/function-call.js
  97. +116 −0 test/mjsunit/harmony/proxies.js
  98. +21 −7 test/mjsunit/object-define-property.js
  99. +6 −2 test/mjsunit/object-freeze.js
  100. +6 −3 test/mjsunit/object-literal.js
  101. +6 −2 test/mjsunit/object-seal.js
  102. +12 −8 test/mjsunit/property-load-across-eval.js
  103. +0 −1 test/mjsunit/regress/regress-1119.js
  104. +3 −1 test/mjsunit/regress/regress-1130.js
  105. +3 −1 test/mjsunit/regress/regress-1132.js
  106. +7 −12 test/mjsunit/regress/regress-1160.js
  107. +15 −9 test/mjsunit/regress/regress-1170.js
  108. +3 −1 test/mjsunit/regress/regress-1172-bis.js
  109. +7 −7 test/mjsunit/regress/regress-124.js
  110. +3 −1 test/mjsunit/regress/regress-1327557.js
  111. +82 −0 test/mjsunit/regress/regress-1365.js
  112. +59 −0 test/mjsunit/regress/regress-1412.js
  113. +3 −2 test/mjsunit/regress/regress-244.js
  114. +0 −5 test/mjsunit/regress/regress-485.js
  115. +12 −4 test/mjsunit/strict-mode-eval.js
  116. +16 −0 test/mjsunit/strict-mode-implicit-receiver.js
  117. +3 −1 test/mjsunit/strict-mode.js
  118. +3 −1 test/mjsunit/testcfg.py
  119. +1 −2 test/mjsunit/typeof.js
  120. +4 −0 test/mozilla/mozilla.status
  121. +17 −0 test/sputnik/sputnik.status
  122. +35 −33 tools/grokdump.py
View
@@ -1,3 +1,14 @@
+2011-06-01: Version 3.4.1
+
+ Fixed JSON stringify issue with arrays.
+
+ Changed calls to JS builtins to be passed undefined when called with
+ implicit receiver.
+
+ Implemented the set trap for Harmony proxies. Proxies still need to
+ be enabled with the --harmony-proxies flag.
+
+
2011-05-30: Version 3.4.0
Changed calls to undefined property setters to not throw (issue 1355).
View
@@ -3703,7 +3703,7 @@ class Internals {
static const int kFullStringRepresentationMask = 0x07;
static const int kExternalTwoByteRepresentationTag = 0x02;
- static const int kJSObjectType = 0xa2;
+ static const int kJSObjectType = 0xa1;
static const int kFirstNonstringType = 0x80;
static const int kForeignType = 0x85;
View
@@ -311,7 +311,10 @@ def ConfigureObjectFiles():
env.Replace(**context.flags['v8'])
context.ApplyEnvOverrides(env)
env['BUILDERS']['JS2C'] = Builder(action=js2c.JS2C)
- env['BUILDERS']['Snapshot'] = Builder(action='$SOURCE $TARGET --logfile "$LOGFILE" --log-snapshot-positions')
+ if 'ENABLE_LOGGING_AND_PROFILING' in env['CPPDEFINES']:
+ env['BUILDERS']['Snapshot'] = Builder(action='$SOURCE $TARGET --logfile "$LOGFILE" --log-snapshot-positions')
+ else:
+ env['BUILDERS']['Snapshot'] = Builder(action='$SOURCE $TARGET')
# Build the standard platform-independent source files.
source_files = context.GetRelevantSources(SOURCES)
View
@@ -925,6 +925,7 @@ Local<TypeSwitch> TypeSwitch::New(int argc, Handle<FunctionTemplate> types[]) {
int TypeSwitch::match(v8::Handle<Value> value) {
i::Isolate* isolate = i::Isolate::Current();
LOG_API(isolate, "TypeSwitch::match");
+ USE(isolate);
i::Handle<i::Object> obj = Utils::OpenHandle(*value);
i::Handle<i::TypeSwitchInfo> info = Utils::OpenHandle(this);
i::FixedArray* types = i::FixedArray::cast(info->types());
@@ -3392,6 +3393,7 @@ Local<v8::Value> Function::Call(v8::Handle<v8::Object> recv, int argc,
void Function::SetName(v8::Handle<v8::String> name) {
i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
ENTER_V8(isolate);
+ USE(isolate);
i::Handle<i::JSFunction> func = Utils::OpenHandle(this);
func->shared()->set_name(*Utils::OpenHandle(*name));
}
View
@@ -915,10 +915,11 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
masm->isolate()->builtins()->HandleApiCallConstruct();
ParameterCount expected(0);
__ InvokeCode(code, expected, expected,
- RelocInfo::CODE_TARGET, CALL_FUNCTION);
+ RelocInfo::CODE_TARGET, CALL_FUNCTION, CALL_AS_METHOD);
} else {
ParameterCount actual(r0);
- __ InvokeFunction(r1, actual, CALL_FUNCTION);
+ __ InvokeFunction(r1, actual, CALL_FUNCTION,
+ NullCallWrapper(), CALL_AS_METHOD);
}
// Pop the function from the stack.
@@ -949,8 +950,8 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
__ b(eq, &use_receiver);
// If the type of the result (stored in its map) is less than
- // FIRST_JS_OBJECT_TYPE, it is not an object in the ECMA sense.
- __ CompareObjectType(r0, r3, r3, FIRST_JS_OBJECT_TYPE);
+ // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
+ __ CompareObjectType(r0, r3, r3, FIRST_SPEC_OBJECT_TYPE);
__ b(ge, &exit);
// Throw away the result of the constructor invocation and use the
@@ -1050,7 +1051,8 @@ static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
RelocInfo::CODE_TARGET);
} else {
ParameterCount actual(r0);
- __ InvokeFunction(r1, actual, CALL_FUNCTION);
+ __ InvokeFunction(r1, actual, CALL_FUNCTION,
+ NullCallWrapper(), CALL_AS_METHOD);
}
// Exit the JS frame and remove the parameters (except function), and return.
@@ -1255,8 +1257,7 @@ void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
__ b(ne, &shift_arguments);
// Do not transform the receiver for native (Compilerhints already in r3).
- __ tst(r3, Operand(1 << (SharedFunctionInfo::kES5Native +
- kSmiTagSize)));
+ __ tst(r3, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
__ b(ne, &shift_arguments);
// Compute the receiver in non-strict mode.
@@ -1275,9 +1276,8 @@ void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
__ cmp(r2, r3);
__ b(eq, &use_global_receiver);
- STATIC_ASSERT(LAST_JS_OBJECT_TYPE + 1 == LAST_TYPE);
- STATIC_ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
- __ CompareObjectType(r2, r3, r3, FIRST_JS_OBJECT_TYPE);
+ STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
+ __ CompareObjectType(r2, r3, r3, FIRST_SPEC_OBJECT_TYPE);
__ b(ge, &shift_arguments);
__ bind(&convert_to_object);
@@ -1379,7 +1379,8 @@ void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
ne);
ParameterCount expected(0);
- __ InvokeCode(r3, expected, expected, JUMP_FUNCTION);
+ __ InvokeCode(r3, expected, expected, JUMP_FUNCTION,
+ NullCallWrapper(), CALL_AS_METHOD);
}
@@ -1440,8 +1441,7 @@ void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
__ b(ne, &push_receiver);
// Do not transform the receiver for strict mode functions.
- __ tst(r2, Operand(1 << (SharedFunctionInfo::kES5Native +
- kSmiTagSize)));
+ __ tst(r2, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
__ b(ne, &push_receiver);
// Compute the receiver in non-strict mode.
@@ -1456,9 +1456,8 @@ void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
// Check if the receiver is already a JavaScript object.
// r0: receiver
- STATIC_ASSERT(LAST_JS_OBJECT_TYPE + 1 == LAST_TYPE);
- STATIC_ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
- __ CompareObjectType(r0, r1, r1, FIRST_JS_OBJECT_TYPE);
+ STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
+ __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE);
__ b(ge, &push_receiver);
// Convert the receiver to a regular object.
@@ -1515,7 +1514,8 @@ void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
ParameterCount actual(r0);
__ mov(r0, Operand(r0, ASR, kSmiTagSize));
__ ldr(r1, MemOperand(fp, kFunctionOffset));
- __ InvokeFunction(r1, actual, CALL_FUNCTION);
+ __ InvokeFunction(r1, actual, CALL_FUNCTION,
+ NullCallWrapper(), CALL_AS_METHOD);
// Tear down the internal frame and remove function, receiver and args.
__ LeaveInternalFrame();
View
@@ -931,14 +931,14 @@ static void EmitIdenticalObjectComparison(MacroAssembler* masm,
// They are both equal and they are not both Smis so both of them are not
// Smis. If it's not a heap number, then return equal.
if (cond == lt || cond == gt) {
- __ CompareObjectType(r0, r4, r4, FIRST_JS_OBJECT_TYPE);
+ __ CompareObjectType(r0, r4, r4, FIRST_SPEC_OBJECT_TYPE);
__ b(ge, slow);
} else {
__ CompareObjectType(r0, r4, r4, HEAP_NUMBER_TYPE);
__ b(eq, &heap_number);
// Comparing JS objects with <=, >= is complicated.
if (cond != eq) {
- __ cmp(r4, Operand(FIRST_JS_OBJECT_TYPE));
+ __ cmp(r4, Operand(FIRST_SPEC_OBJECT_TYPE));
__ b(ge, slow);
// Normally here we fall through to return_equal, but undefined is
// special: (undefined == undefined) == true, but
@@ -1220,14 +1220,14 @@ static void EmitStrictTwoHeapObjectCompare(MacroAssembler* masm,
ASSERT((lhs.is(r0) && rhs.is(r1)) ||
(lhs.is(r1) && rhs.is(r0)));
- // If either operand is a JSObject or an oddball value, then they are
+ // If either operand is a JS object or an oddball value, then they are
// not equal since their pointers are different.
// There is no test for undetectability in strict equality.
- STATIC_ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
+ STATIC_ASSERT(LAST_TYPE == LAST_CALLABLE_SPEC_OBJECT_TYPE);
Label first_non_object;
// Get the type of the first operand into r2 and compare it with
- // FIRST_JS_OBJECT_TYPE.
- __ CompareObjectType(rhs, r2, r2, FIRST_JS_OBJECT_TYPE);
+ // FIRST_SPEC_OBJECT_TYPE.
+ __ CompareObjectType(rhs, r2, r2, FIRST_SPEC_OBJECT_TYPE);
__ b(lt, &first_non_object);
// Return non-zero (r0 is not zero)
@@ -1240,7 +1240,7 @@ static void EmitStrictTwoHeapObjectCompare(MacroAssembler* masm,
__ cmp(r2, Operand(ODDBALL_TYPE));
__ b(eq, &return_not_equal);
- __ CompareObjectType(lhs, r3, r3, FIRST_JS_OBJECT_TYPE);
+ __ CompareObjectType(lhs, r3, r3, FIRST_SPEC_OBJECT_TYPE);
__ b(ge, &return_not_equal);
// Check for oddballs: true, false, null, undefined.
@@ -1317,9 +1317,9 @@ static void EmitCheckForSymbolsOrObjects(MacroAssembler* masm,
__ Ret();
__ bind(&object_test);
- __ cmp(r2, Operand(FIRST_JS_OBJECT_TYPE));
+ __ cmp(r2, Operand(FIRST_SPEC_OBJECT_TYPE));
__ b(lt, not_both_strings);
- __ CompareObjectType(lhs, r2, r3, FIRST_JS_OBJECT_TYPE);
+ __ CompareObjectType(lhs, r2, r3, FIRST_SPEC_OBJECT_TYPE);
__ b(lt, not_both_strings);
// If both objects are undetectable, they are equal. Otherwise, they
// are not equal, since they are different objects and an object is not
@@ -1679,7 +1679,7 @@ void ToBooleanStub::Generate(MacroAssembler* masm) {
// JavaScript object => true.
__ ldr(scratch, FieldMemOperand(tos_, HeapObject::kMapOffset));
__ ldrb(scratch, FieldMemOperand(scratch, Map::kInstanceTypeOffset));
- __ cmp(scratch, Operand(FIRST_JS_OBJECT_TYPE));
+ __ cmp(scratch, Operand(FIRST_SPEC_OBJECT_TYPE));
// "tos_" is a register and contains a non-zero value.
// Hence we implicitly return true if the greater than
// condition is satisfied.
@@ -4540,7 +4540,11 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
Label call_as_function;
__ CompareRoot(r4, Heap::kTheHoleValueRootIndex);
__ b(eq, &call_as_function);
- __ InvokeFunction(r1, actual, JUMP_FUNCTION);
+ __ InvokeFunction(r1,
+ actual,
+ JUMP_FUNCTION,
+ NullCallWrapper(),
+ CALL_AS_METHOD);
__ bind(&call_as_function);
}
__ InvokeFunction(r1,
@@ -139,11 +139,11 @@ void FullCodeGenerator::Generate(CompilationInfo* info) {
}
#endif
- // Strict mode functions need to replace the receiver with undefined
- // when called as functions (without an explicit receiver
- // object). r5 is zero for method calls and non-zero for function
- // calls.
- if (info->is_strict_mode()) {
+ // Strict mode functions and builtins need to replace the receiver
+ // with undefined when called as functions (without an explicit
+ // receiver object). r5 is zero for method calls and non-zero for
+ // function calls.
+ if (info->is_strict_mode() || info->is_native()) {
Label ok;
__ cmp(r5, Operand(0));
__ b(eq, &ok);
@@ -912,8 +912,8 @@ void FullCodeGenerator::VisitForInStatement(ForInStatement* stmt) {
// Convert the object to a JS object.
Label convert, done_convert;
__ JumpIfSmi(r0, &convert);
- __ CompareObjectType(r0, r1, r1, FIRST_JS_OBJECT_TYPE);
- __ b(hs, &done_convert);
+ __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE);
+ __ b(ge, &done_convert);
__ bind(&convert);
__ push(r0);
__ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
@@ -2300,9 +2300,9 @@ void FullCodeGenerator::VisitCall(Call* expr) {
__ bind(&done);
// Push function.
__ push(r0);
- // Push global receiver.
- __ ldr(r1, GlobalObjectOperand());
- __ ldr(r1, FieldMemOperand(r1, GlobalObject::kGlobalReceiverOffset));
+ // The receiver is implicitly the global receiver. Indicate this
+ // by passing the hole to the call function stub.
+ __ LoadRoot(r1, Heap::kTheHoleValueRootIndex);
__ push(r1);
__ bind(&call);
}
@@ -2468,9 +2468,9 @@ void FullCodeGenerator::EmitIsObject(ZoneList<Expression*>* args) {
__ tst(r1, Operand(1 << Map::kIsUndetectable));
__ b(ne, if_false);
__ ldrb(r1, FieldMemOperand(r2, Map::kInstanceTypeOffset));
- __ cmp(r1, Operand(FIRST_JS_OBJECT_TYPE));
+ __ cmp(r1, Operand(FIRST_NONCALLABLE_SPEC_OBJECT_TYPE));
__ b(lt, if_false);
- __ cmp(r1, Operand(LAST_JS_OBJECT_TYPE));
+ __ cmp(r1, Operand(LAST_NONCALLABLE_SPEC_OBJECT_TYPE));
PrepareForBailoutBeforeSplit(TOS_REG, true, if_true, if_false);
Split(le, if_true, if_false, fall_through);
@@ -2491,7 +2491,7 @@ void FullCodeGenerator::EmitIsSpecObject(ZoneList<Expression*>* args) {
&if_true, &if_false, &fall_through);
__ JumpIfSmi(r0, if_false);
- __ CompareObjectType(r0, r1, r1, FIRST_JS_OBJECT_TYPE);
+ __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE);
PrepareForBailoutBeforeSplit(TOS_REG, true, if_true, if_false);
Split(ge, if_true, if_false, fall_through);
@@ -2774,16 +2774,18 @@ void FullCodeGenerator::EmitClassOf(ZoneList<Expression*>* args) {
// Check that the object is a JS object but take special care of JS
// functions to make sure they have 'Function' as their class.
- __ CompareObjectType(r0, r0, r1, FIRST_JS_OBJECT_TYPE); // Map is now in r0.
+ __ CompareObjectType(r0, r0, r1, FIRST_SPEC_OBJECT_TYPE);
+ // Map is now in r0.
__ b(lt, &null);
- // As long as JS_FUNCTION_TYPE is the last instance type and it is
- // right after LAST_JS_OBJECT_TYPE, we can avoid checking for
- // LAST_JS_OBJECT_TYPE.
- ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
- ASSERT(JS_FUNCTION_TYPE == LAST_JS_OBJECT_TYPE + 1);
- __ cmp(r1, Operand(JS_FUNCTION_TYPE));
- __ b(eq, &function);
+ // As long as LAST_CALLABLE_SPEC_OBJECT_TYPE is the last instance type, and
+ // FIRST_CALLABLE_SPEC_OBJECT_TYPE comes right after
+ // LAST_NONCALLABLE_SPEC_OBJECT_TYPE, we can avoid checking for the latter.
+ STATIC_ASSERT(LAST_TYPE == LAST_CALLABLE_SPEC_OBJECT_TYPE);
+ STATIC_ASSERT(FIRST_CALLABLE_SPEC_OBJECT_TYPE ==
+ LAST_NONCALLABLE_SPEC_OBJECT_TYPE + 1);
+ __ cmp(r1, Operand(FIRST_CALLABLE_SPEC_OBJECT_TYPE));
+ __ b(ge, &function);
// Check if the constructor in the map is a function.
__ ldr(r0, FieldMemOperand(r0, Map::kConstructorOffset));
@@ -3175,7 +3177,8 @@ void FullCodeGenerator::EmitCallFunction(ZoneList<Expression*>* args) {
// InvokeFunction requires the function in r1. Move it in there.
__ mov(r1, result_register());
ParameterCount count(arg_count);
- __ InvokeFunction(r1, count, CALL_FUNCTION);
+ __ InvokeFunction(r1, count, CALL_FUNCTION,
+ NullCallWrapper(), CALL_AS_METHOD);
__ ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
context()->Plug(r0);
}
@@ -4023,7 +4026,7 @@ void FullCodeGenerator::VisitForTypeofValue(Expression* expr) {
context()->Plug(r0);
} else {
// This expression cannot throw a reference error at the top level.
- context()->HandleExpression(expr);
+ VisitInCurrentContext(expr);
}
}
@@ -4081,18 +4084,18 @@ bool FullCodeGenerator::TryLiteralCompare(Token::Value op,
} else if (check->Equals(isolate()->heap()->function_symbol())) {
__ JumpIfSmi(r0, if_false);
- __ CompareObjectType(r0, r1, r0, FIRST_FUNCTION_CLASS_TYPE);
+ __ CompareObjectType(r0, r1, r0, FIRST_CALLABLE_SPEC_OBJECT_TYPE);
Split(ge, if_true, if_false, fall_through);
} else if (check->Equals(isolate()->heap()->object_symbol())) {
__ JumpIfSmi(r0, if_false);
__ CompareRoot(r0, Heap::kNullValueRootIndex);
__ b(eq, if_true);
// Check for JS objects => true.
- __ CompareObjectType(r0, r0, r1, FIRST_JS_OBJECT_TYPE);
- __ b(lo, if_false);
- __ CompareInstanceType(r0, r1, FIRST_FUNCTION_CLASS_TYPE);
- __ b(hs, if_false);
+ __ CompareObjectType(r0, r0, r1, FIRST_NONCALLABLE_SPEC_OBJECT_TYPE);
+ __ b(lt, if_false);
+ __ CompareInstanceType(r0, r1, LAST_NONCALLABLE_SPEC_OBJECT_TYPE);
+ __ b(gt, if_false);
// Check for undetectable objects => false.
__ ldrb(r1, FieldMemOperand(r0, Map::kBitFieldOffset));
__ tst(r1, Operand(1 << Map::kIsUndetectable));
Oops, something went wrong.

0 comments on commit 064fc53

Please sign in to comment.