Version 3.16.6
Made the Isolate parameter mandatory in Locker and Unlocker classes. (issue 2487)
Avoid pointer underflow in CopyCharsUnsigned. (issue 2493)
Generate shim headers when using system v8. (Chromium issue 165264)
Fixed arguments materialization for inlined apply(). (issue 2489)
Sync'ed laziness between BuildFunctionInfo and MakeFunctionInfo. (Chromium issue 147497)
Added sanity check to CodeFlusher::AddCandidate. (Chromium issue 169209)
Performance and stability improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@13439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/test/mjsunit/allocation-site-info.js b/test/mjsunit/allocation-site-info.js
new file mode 100644
index 0000000..f4263af
--- /dev/null
+++ b/test/mjsunit/allocation-site-info.js
@@ -0,0 +1,114 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax --smi-only-arrays --expose-gc
+// Flags: --track-allocation-sites
+
+// Test element kind of objects.
+// Since --smi-only-arrays affects builtins, its default setting at compile
+// time sticks if built with snapshot. If --smi-only-arrays is deactivated
+// by default, only a no-snapshot build actually has smi-only arrays enabled
+// in this test case. Depending on whether smi-only arrays are actually
+// enabled, this test takes the appropriate code path to check smi-only arrays.
+
+support_smi_only_arrays = %HasFastSmiElements(new Array(1,2,3,4,5,6,7,8));
+
+if (support_smi_only_arrays) {
+ print("Tests include smi-only arrays.");
+} else {
+ print("Tests do NOT include smi-only arrays.");
+}
+
+var elements_kind = {
+ fast_smi_only : 'fast smi only elements',
+ fast : 'fast elements',
+ fast_double : 'fast double elements',
+ dictionary : 'dictionary elements',
+ external_byte : 'external byte elements',
+ external_unsigned_byte : 'external unsigned byte elements',
+ external_short : 'external short elements',
+ external_unsigned_short : 'external unsigned short elements',
+ external_int : 'external int elements',
+ external_unsigned_int : 'external unsigned int elements',
+ external_float : 'external float elements',
+ external_double : 'external double elements',
+ external_pixel : 'external pixel elements'
+}
+
+function getKind(obj) {
+ if (%HasFastSmiElements(obj)) return elements_kind.fast_smi_only;
+ if (%HasFastObjectElements(obj)) return elements_kind.fast;
+ if (%HasFastDoubleElements(obj)) return elements_kind.fast_double;
+ if (%HasDictionaryElements(obj)) return elements_kind.dictionary;
+}
+
+function assertKind(expected, obj, name_opt) {
+ if (!support_smi_only_arrays &&
+ expected == elements_kind.fast_smi_only) {
+ expected = elements_kind.fast;
+ }
+ assertEquals(expected, getKind(obj), name_opt);
+}
+
+if (support_smi_only_arrays) {
+ function fastliteralcase(value) {
+ var literal = [1, 2, 3];
+ literal[0] = value;
+ return literal;
+ }
+
+ // Case: [1,2,3] as allocation site
+ obj = fastliteralcase(1);
+ assertKind(elements_kind.fast_smi_only, obj);
+ obj = fastliteralcase(1.5);
+ assertKind(elements_kind.fast_double, obj);
+ obj = fastliteralcase(2);
+ assertKind(elements_kind.fast_double, obj);
+
+ // Verify that we will not pretransition the double->fast path.
+ obj = fastliteralcase("elliot");
+ assertKind(elements_kind.fast, obj);
+
+ // This fails until we turn off optimistic transitions to the
+ // most general elements kind seen on keyed stores. It's a goal
+ // to turn it off, but for now we need it.
+ // obj = fastliteralcase(3);
+ // assertKind(elements_kind.fast_double, obj);
+
+ function fastliteralcase_smifast(value) {
+ var literal = [1, 2, 3, 4];
+ literal[0] = value;
+ return literal;
+ }
+
+ obj = fastliteralcase_smifast(1);
+ assertKind(elements_kind.fast_smi_only, obj);
+ obj = fastliteralcase_smifast("carter");
+ assertKind(elements_kind.fast, obj);
+ obj = fastliteralcase_smifast(2);
+ assertKind(elements_kind.fast, obj);
+}
\ No newline at end of file
diff --git a/test/mjsunit/eval-stack-trace.js b/test/mjsunit/eval-stack-trace.js
index 723d522..d83b84c 100644
--- a/test/mjsunit/eval-stack-trace.js
+++ b/test/mjsunit/eval-stack-trace.js
@@ -26,12 +26,13 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Return the stack frames of an Error object.
+
+Error.prepareStackTrace = function(error, frames) {
+ return frames;
+}
+
Error.prototype.getFrames = function() {
- Error.prepareStackTrace = function(error, frames) {
- return frames;
- }
var frames = this.stack;
- Error.prepareStackTrace = undefined;
return frames;
}
diff --git a/test/mjsunit/mjsunit.status b/test/mjsunit/mjsunit.status
index da961ca..c9770dc 100644
--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@@ -40,6 +40,9 @@
# Skip long running test in debug and allow it to timeout in release mode.
# regress/regress-524: (PASS || TIMEOUT), SKIP if $mode == debug
+# Deferred stack trace formatting is temporarily disabled.
+stack-traces-gc: PASS || FAIL
+
##############################################################################
# Too slow in debug mode with --stress-opt
compiler/regress-stacktrace-methods: PASS, SKIP if $mode == debug
diff --git a/test/mjsunit/regress/regress-147497.js b/test/mjsunit/regress/regress-147497.js
new file mode 100644
index 0000000..92e29d1
--- /dev/null
+++ b/test/mjsunit/regress/regress-147497.js
@@ -0,0 +1,45 @@
+// Copyright 2013 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --expose-debug-as debug
+
+Debug = debug.Debug;
+
+function listener(event, exec_state, event_data, data) {
+ if (event == Debug.DebugEvent.Break) {
+ exec_state.prepareStep(Debug.StepAction.StepNext, 10);
+ }
+};
+
+Debug.setListener(listener);
+
+var statement = "";
+for (var i = 0; i < 1024; i++) statement += "z";
+statement = 'with(0)' + statement + '=function foo(){}';
+
+debugger;
+eval(statement);
diff --git a/test/mjsunit/stack-traces-gc.js b/test/mjsunit/stack-traces-gc.js
new file mode 100644
index 0000000..dd878f2
--- /dev/null
+++ b/test/mjsunit/stack-traces-gc.js
@@ -0,0 +1,119 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --expose-gc --allow-natives-syntax
+
+var fired = [];
+for (var i = 0; i < 100; i++) fired[i] = false;
+
+function getter_function(i) {
+ return %MarkOneShotGetter( function() { fired[i] = true; } );
+}
+
+// Error objects that die young.
+for (var i = 0; i < 100; i++) {
+ var error = new Error();
+ // Replace the getter to observe whether it has been fired,
+ // and disguise it as original getter.
+ var getter = getter_function(i);
+ error.__defineGetter__("stack", getter);
+
+ error = undefined;
+}
+
+gc();
+for (var i = 0; i < 100; i++) {
+ assertFalse(fired[i]);
+}
+
+// Error objects that are kept alive.
+var array = [];
+for (var i = 0; i < 100; i++) {
+ var error = new Error();
+ var getter = getter_function(i);
+ // Replace the getter to observe whether it has been fired,
+ // and disguise it as original getter.
+ error.__defineGetter__("stack", getter);
+
+ array.push(error);
+ error = undefined;
+}
+
+gc();
+// We don't expect all stack traces to be formatted after only one GC.
+assertTrue(fired[0]);
+
+for (var i = 0; i < 10; i++) gc();
+for (var i = 0; i < 100; i++) assertTrue(fired[i]);
+
+// Error objects with custom stack getter.
+var custom_error = new Error();
+var custom_getter_fired = false;
+custom_error.__defineGetter__("stack",
+ function() { custom_getter_fired = true; });
+gc();
+assertFalse(custom_getter_fired);
+
+// Check that formatting caused by GC is not somehow observable.
+var error;
+
+var obj = { foo: function foo() { throw new Error(); } };
+
+try {
+ obj.foo();
+} catch (e) {
+ delete obj.foo;
+ Object.defineProperty(obj, 'foo', {
+ get: function() { assertUnreachable(); }
+ });
+ error = e;
+}
+
+gc();
+
+Object.defineProperty(Array.prototype, '0', {
+ get: function() { assertUnreachable(); }
+});
+
+try {
+ throw new Error();
+} catch (e) {
+ error = e;
+}
+
+gc();
+
+String.prototype.indexOf = function() { assertUnreachable(); };
+String.prototype.lastIndexOf = function() { assertUnreachable(); };
+var obj = { method: function() { throw Error(); } };
+try {
+ obj.method();
+} catch (e) {
+ error = e;
+}
+
+gc();
diff --git a/test/mjsunit/stack-traces.js b/test/mjsunit/stack-traces.js
index 438eec9..b5d58fa 100644
--- a/test/mjsunit/stack-traces.js
+++ b/test/mjsunit/stack-traces.js
@@ -288,4 +288,42 @@
}, "QuickSort");
// Omitted because ADD from runtime.js is non-native builtin.
-testOmittedBuiltin(function(){ thrower + 2; }, "ADD");
\ No newline at end of file
+testOmittedBuiltin(function(){ thrower + 2; }, "ADD");
+
+var error = new Error();
+error.toString = function() { assertUnreachable(); };
+error.stack;
+
+error = new Error();
+error.name = { toString: function() { assertUnreachable(); }};
+error.message = { toString: function() { assertUnreachable(); }};
+error.stack;
+
+error = new Error();
+Array.prototype.push = function(x) { assertUnreachable(); };
+Array.prototype.join = function(x) { assertUnreachable(); };
+error.stack;
+
+var fired = false;
+error = new Error({ toString: function() { fired = true; } });
+assertTrue(fired);
+error.stack;
+assertTrue(fired);
+
+// Check that throwing exception in a custom stack trace formatting function
+// does not lead to recursion.
+Error.prepareStackTrace = function() { throw new Error("abc"); };
+var message;
+try {
+ throw new Error();
+} catch (e) {
+ message = e.message;
+}
+
+assertEquals("abc", message);
+
+// Test that modifying Error.prepareStackTrace by itself works.
+Error.prepareStackTrace = function() { Error.prepareStackTrace = "custom"; };
+new Error();
+
+assertEquals("custom", Error.prepareStackTrace);
diff --git a/test/mjsunit/testcfg.py b/test/mjsunit/testcfg.py
index c8b972c..00d4500 100644
--- a/test/mjsunit/testcfg.py
+++ b/test/mjsunit/testcfg.py
@@ -75,7 +75,7 @@
for f in files_list ]
testfilename = os.path.join(self.root, testcase.path + self.suffix())
if SELF_SCRIPT_PATTERN.search(source):
- env = ["-e", "TEST_FILE_NAME=\"%s\"" % testfilename]
+ env = ["-e", "TEST_FILE_NAME=\"%s\"" % testfilename.replace("\\", "\\\\")]
files = env + files
files.append(os.path.join(self.root, "mjsunit.js"))
files.append(testfilename)