Version 3.12.8
Implemented TypedArray.set and ArrayBuffer.slice in d8.
Performance and stability improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@11988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/ChangeLog b/ChangeLog
index adabfc8..2100cbc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-07-05: Version 3.12.8
+
+ Implemented TypedArray.set and ArrayBuffer.slice in d8.
+
+ Performance and stability improvements on all platforms.
+
+
2012-07-03: Version 3.12.7
Fixed lazy compilation for strict eval scopes.
diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index 54114db..14d0bfd 100644
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -2671,9 +2671,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- r0 : value
// -- r1 : receiver
@@ -2682,9 +2683,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(r1, r3, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(r1, &miss);
+ CheckPrototypes(receiver, r1, holder, r3, r4, r5, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2692,7 +2693,7 @@
// Save value register, so we can restore it later.
__ push(r0);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ Push(r1, r0);
ParameterCount actual(1);
__ InvokeFunction(setter, actual, CALL_FUNCTION, NullCallWrapper(),
diff --git a/src/contexts.cc b/src/contexts.cc
index 76784bd..7e67125 100644
--- a/src/contexts.cc
+++ b/src/contexts.cc
@@ -243,10 +243,12 @@
void Context::AddOptimizedFunction(JSFunction* function) {
ASSERT(IsGlobalContext());
#ifdef DEBUG
- Object* element = get(OPTIMIZED_FUNCTIONS_LIST);
- while (!element->IsUndefined()) {
- CHECK(element != function);
- element = JSFunction::cast(element)->next_function_link();
+ if (FLAG_enable_slow_asserts) {
+ Object* element = get(OPTIMIZED_FUNCTIONS_LIST);
+ while (!element->IsUndefined()) {
+ CHECK(element != function);
+ element = JSFunction::cast(element)->next_function_link();
+ }
}
CHECK(function->next_function_link()->IsUndefined());
diff --git a/src/d8.cc b/src/d8.cc
index 976510c..fb90c94 100644
--- a/src/d8.cc
+++ b/src/d8.cc
@@ -324,6 +324,8 @@
}
+// TODO(rossberg): should replace these by proper uses of HasInstance,
+// once we figure out a good way to make the templates global.
const char kArrayBufferMarkerPropName[] = "d8::_is_array_buffer_";
const char kArrayMarkerPropName[] = "d8::_is_typed_array_";
@@ -337,7 +339,7 @@
}
uint8_t* data = new uint8_t[length];
if (data == NULL) {
- return ThrowException(String::New("Memory allocation failed."));
+ return ThrowException(String::New("Memory allocation failed"));
}
memset(data, 0, length);
@@ -366,11 +368,11 @@
if (args.Length() == 0) {
return ThrowException(
- String::New("ArrayBuffer constructor must have one parameter."));
+ String::New("ArrayBuffer constructor must have one argument"));
}
TryCatch try_catch;
int32_t length = convertToUint(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
return CreateExternalArrayBuffer(args.This(), length);
}
@@ -432,7 +434,7 @@
bool init_from_array = false;
if (args.Length() == 0) {
return ThrowException(
- String::New("Array constructor must have at least one parameter."));
+ String::New("Array constructor must have at least one argument"));
}
if (args[0]->IsObject() &&
!args[0]->ToObject()->GetHiddenValue(
@@ -441,19 +443,19 @@
buffer = args[0]->ToObject();
int32_t bufferLength =
convertToUint(buffer->Get(String::New("byteLength")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (args.Length() < 2 || args[1]->IsUndefined()) {
byteOffset = 0;
} else {
byteOffset = convertToUint(args[1], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (byteOffset > bufferLength) {
return ThrowException(String::New("byteOffset out of bounds"));
}
if (byteOffset % element_size != 0) {
return ThrowException(
- String::New("byteOffset must be multiple of element_size"));
+ String::New("byteOffset must be multiple of element size"));
}
}
@@ -462,11 +464,11 @@
length = byteLength / element_size;
if (byteLength % element_size != 0) {
return ThrowException(
- String::New("buffer size must be multiple of element_size"));
+ String::New("buffer size must be multiple of element size"));
}
} else {
length = convertToUint(args[2], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
byteLength = length * element_size;
if (byteOffset + byteLength > bufferLength) {
return ThrowException(String::New("length out of bounds"));
@@ -478,12 +480,12 @@
// Construct from array.
length = convertToUint(
args[0]->ToObject()->Get(String::New("length")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
init_from_array = true;
} else {
// Construct from size.
length = convertToUint(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
}
byteLength = length * element_size;
byteOffset = 0;
@@ -510,39 +512,32 @@
}
-Handle<Value> Shell::SubArray(const Arguments& args) {
+Handle<Value> Shell::ArrayBufferSlice(const Arguments& args) {
TryCatch try_catch;
if (!args.This()->IsObject()) {
return ThrowException(
- String::New("subarray invoked on non-object receiver."));
+ String::New("'slice' invoked on non-object receiver"));
}
Local<Object> self = args.This();
- Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ Local<Value> marker =
+ self->GetHiddenValue(String::New(kArrayBufferMarkerPropName));
if (marker.IsEmpty()) {
return ThrowException(
- String::New("subarray invoked on wrong receiver type."));
+ String::New("'slice' invoked on wrong receiver type"));
}
- Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
- if (try_catch.HasCaught()) return try_catch.Exception();
int32_t length =
- convertToUint(self->Get(String::New("length")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
- int32_t byteOffset =
- convertToUint(self->Get(String::New("byteOffset")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
- int32_t element_size =
- convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ convertToUint(self->Get(String::New("byteLength")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (args.Length() == 0) {
return ThrowException(
- String::New("subarray must have at least one parameter."));
+ String::New("'slice' must have at least one argument"));
}
int32_t begin = convertToInt(args[0], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (begin < 0) begin += length;
if (begin < 0) begin = 0;
if (begin > length) begin = length;
@@ -552,7 +547,71 @@
end = length;
} else {
end = convertToInt(args[1], &try_catch);
- if (try_catch.HasCaught()) return try_catch.Exception();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ if (end < 0) end += length;
+ if (end < 0) end = 0;
+ if (end > length) end = length;
+ if (end < begin) end = begin;
+ }
+
+ Local<Function> constructor = Local<Function>::Cast(self->GetConstructor());
+ Handle<Value> new_args[] = { Uint32::New(end - begin) };
+ Handle<Value> result = constructor->NewInstance(1, new_args);
+ if (try_catch.HasCaught()) return result;
+ Handle<Object> buffer = result->ToObject();
+ uint8_t* dest =
+ static_cast<uint8_t*>(buffer->GetIndexedPropertiesExternalArrayData());
+ uint8_t* src = begin + static_cast<uint8_t*>(
+ self->GetIndexedPropertiesExternalArrayData());
+ memcpy(dest, src, end - begin);
+
+ return buffer;
+}
+
+
+Handle<Value> Shell::ArraySubArray(const Arguments& args) {
+ TryCatch try_catch;
+
+ if (!args.This()->IsObject()) {
+ return ThrowException(
+ String::New("'subarray' invoked on non-object receiver"));
+ }
+
+ Local<Object> self = args.This();
+ Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ if (marker.IsEmpty()) {
+ return ThrowException(
+ String::New("'subarray' invoked on wrong receiver type"));
+ }
+
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t length =
+ convertToUint(self->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t element_size =
+ convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (args.Length() == 0) {
+ return ThrowException(
+ String::New("'subarray' must have at least one argument"));
+ }
+ int32_t begin = convertToInt(args[0], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ if (begin < 0) begin += length;
+ if (begin < 0) begin = 0;
+ if (begin > length) begin = length;
+
+ int32_t end;
+ if (args.Length() < 2 || args[1]->IsUndefined()) {
+ end = length;
+ } else {
+ end = convertToInt(args[1], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
if (end < 0) end += length;
if (end < 0) end = 0;
if (end > length) end = length;
@@ -570,6 +629,147 @@
}
+Handle<Value> Shell::ArraySet(const Arguments& args) {
+ TryCatch try_catch;
+
+ if (!args.This()->IsObject()) {
+ return ThrowException(
+ String::New("'set' invoked on non-object receiver"));
+ }
+
+ Local<Object> self = args.This();
+ Local<Value> marker = self->GetHiddenValue(String::New(kArrayMarkerPropName));
+ if (marker.IsEmpty()) {
+ return ThrowException(
+ String::New("'set' invoked on wrong receiver type"));
+ }
+ int32_t length =
+ convertToUint(self->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t element_size =
+ convertToUint(self->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (args.Length() == 0) {
+ return ThrowException(
+ String::New("'set' must have at least one argument"));
+ }
+ if (!args[0]->IsObject() ||
+ !args[0]->ToObject()->Has(String::New("length"))) {
+ return ThrowException(
+ String::New("'set' invoked with non-array argument"));
+ }
+ Handle<Object> source = args[0]->ToObject();
+ int32_t source_length =
+ convertToUint(source->Get(String::New("length")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ int32_t offset;
+ if (args.Length() < 2 || args[1]->IsUndefined()) {
+ offset = 0;
+ } else {
+ offset = convertToUint(args[1], &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+ if (offset + source_length > length) {
+ return ThrowException(String::New("offset or source length out of bounds"));
+ }
+
+ int32_t source_element_size;
+ if (source->GetHiddenValue(String::New(kArrayMarkerPropName)).IsEmpty()) {
+ source_element_size = 0;
+ } else {
+ source_element_size =
+ convertToUint(source->Get(String::New("BYTES_PER_ELEMENT")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+
+ if (element_size == source_element_size &&
+ self->GetConstructor()->StrictEquals(source->GetConstructor())) {
+ // Use memmove on the array buffers.
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ Handle<Object> source_buffer =
+ source->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t source_byteOffset =
+ convertToUint(source->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ uint8_t* dest = byteOffset + offset * element_size + static_cast<uint8_t*>(
+ buffer->GetIndexedPropertiesExternalArrayData());
+ uint8_t* src = source_byteOffset + static_cast<uint8_t*>(
+ source_buffer->GetIndexedPropertiesExternalArrayData());
+ memmove(dest, src, source_length * element_size);
+ } else if (source_element_size == 0) {
+ // Source is not a typed array, copy element-wise sequentially.
+ for (int i = 0; i < source_length; ++i) {
+ self->Set(offset + i, source->Get(i));
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ }
+ } else {
+ // Need to copy element-wise to make the right conversions.
+ Handle<Object> buffer = self->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ Handle<Object> source_buffer =
+ source->Get(String::New("buffer"))->ToObject();
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ if (buffer->StrictEquals(source_buffer)) {
+ // Same backing store, need to handle overlap correctly.
+ // This gets a bit tricky in the case of different element sizes
+ // (which, of course, is extremely unlikely to ever occur in practice).
+ int32_t byteOffset =
+ convertToUint(self->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+ int32_t source_byteOffset =
+ convertToUint(source->Get(String::New("byteOffset")), &try_catch);
+ if (try_catch.HasCaught()) return try_catch.ReThrow();
+
+ // Copy as much as we can from left to right.
+ int i = 0;
+ int32_t next_dest_offset = byteOffset + (offset + 1) * element_size;
+ int32_t next_src_offset = source_byteOffset + source_element_size;
+ while (i < length && next_dest_offset <= next_src_offset) {
+ self->Set(offset + i, source->Get(i));
+ ++i;
+ next_dest_offset += element_size;
+ next_src_offset += source_element_size;
+ }
+ // Of what's left, copy as much as we can from right to left.
+ int j = length - 1;
+ int32_t dest_offset = byteOffset + (offset + j) * element_size;
+ int32_t src_offset = source_byteOffset + j * source_element_size;
+ while (j >= i && dest_offset >= src_offset) {
+ self->Set(offset + j, source->Get(j));
+ --j;
+ dest_offset -= element_size;
+ src_offset -= source_element_size;
+ }
+ // There can be at most 8 entries left in the middle that need buffering
+ // (because the largest element_size is 8 times the smallest).
+ ASSERT(j+1 - i <= 8);
+ Handle<Value> temp[8];
+ for (int k = i; k <= j; ++k) {
+ temp[k - i] = source->Get(k);
+ }
+ for (int k = i; k <= j; ++k) {
+ self->Set(offset + k, temp[k - i]);
+ }
+ } else {
+ // Different backing stores, safe to copy element-wise sequentially.
+ for (int i = 0; i < source_length; ++i)
+ self->Set(offset + i, source->Get(i));
+ }
+ }
+
+ return Undefined();
+}
+
+
void Shell::ExternalArrayWeakCallback(Persistent<Value> object, void* data) {
HandleScope scope;
int32_t length =
@@ -919,10 +1119,22 @@
#endif
+Handle<FunctionTemplate> Shell::CreateArrayBufferTemplate(
+ InvocationCallback fun) {
+ Handle<FunctionTemplate> buffer_template = FunctionTemplate::New(fun);
+ Local<Template> proto_template = buffer_template->PrototypeTemplate();
+ proto_template->Set(String::New("slice"),
+ FunctionTemplate::New(ArrayBufferSlice));
+ return buffer_template;
+}
+
+
Handle<FunctionTemplate> Shell::CreateArrayTemplate(InvocationCallback fun) {
Handle<FunctionTemplate> array_template = FunctionTemplate::New(fun);
Local<Template> proto_template = array_template->PrototypeTemplate();
- proto_template->Set(String::New("subarray"), FunctionTemplate::New(SubArray));
+ proto_template->Set(String::New("set"), FunctionTemplate::New(ArraySet));
+ proto_template->Set(String::New("subarray"),
+ FunctionTemplate::New(ArraySubArray));
return array_template;
}
@@ -948,7 +1160,7 @@
PropertyAttribute attr =
static_cast<PropertyAttribute>(ReadOnly | DontDelete);
global_template->Set(String::New("ArrayBuffer"),
- CreateArrayTemplate(ArrayBuffer), attr);
+ CreateArrayBufferTemplate(ArrayBuffer), attr);
global_template->Set(String::New("Int8Array"),
CreateArrayTemplate(Int8Array), attr);
global_template->Set(String::New("Uint8Array"),
diff --git a/src/d8.h b/src/d8.h
index 3410f16..be53f99 100644
--- a/src/d8.h
+++ b/src/d8.h
@@ -323,7 +323,9 @@
static Handle<Value> Float32Array(const Arguments& args);
static Handle<Value> Float64Array(const Arguments& args);
static Handle<Value> Uint8ClampedArray(const Arguments& args);
- static Handle<Value> SubArray(const Arguments& args);
+ static Handle<Value> ArrayBufferSlice(const Arguments& args);
+ static Handle<Value> ArraySubArray(const Arguments& args);
+ static Handle<Value> ArraySet(const Arguments& args);
// The OS object on the global object contains methods for performing
// operating system calls:
//
@@ -384,6 +386,7 @@
static void RunShell();
static bool SetOptions(int argc, char* argv[]);
static Handle<ObjectTemplate> CreateGlobalTemplate();
+ static Handle<FunctionTemplate> CreateArrayBufferTemplate(InvocationCallback);
static Handle<FunctionTemplate> CreateArrayTemplate(InvocationCallback);
static Handle<Value> CreateExternalArrayBuffer(Handle<Object> buffer,
int32_t size);
diff --git a/src/debug.cc b/src/debug.cc
index 1f5164f..777e23d 100644
--- a/src/debug.cc
+++ b/src/debug.cc
@@ -1027,8 +1027,8 @@
} else if (it.frame()->fp() != thread_local_.last_fp_) {
// We crawled over last_fp_, without getting a match.
Handle<String> stack = isolate_->StackTraceString();
- char buffer[2048];
- String::WriteToFlat(*stack, buffer, 0, 2047);
+ char buffer[8192];
+ String::WriteToFlat(*stack, buffer, 0, 8191);
PutValuesOnStackAndDie(0xDEEEEEEE,
frame->fp(),
thread_local_.last_fp_,
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index ee3d6b5..2d67183 100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -568,9 +568,9 @@
HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
- Object* value) {
+ Handle<Object> value) {
if (!pointer->is_set()) {
- HConstant* constant = new(zone()) HConstant(Handle<Object>(value),
+ HConstant* constant = new(zone()) HConstant(value,
Representation::Tagged());
constant->InsertAfter(GetConstantUndefined());
pointer->set(constant);
@@ -580,27 +580,27 @@
HConstant* HGraph::GetConstant1() {
- return GetConstant(&constant_1_, Smi::FromInt(1));
+ return GetConstant(&constant_1_, Handle<Smi>(Smi::FromInt(1)));
}
HConstant* HGraph::GetConstantMinus1() {
- return GetConstant(&constant_minus1_, Smi::FromInt(-1));
+ return GetConstant(&constant_minus1_, Handle<Smi>(Smi::FromInt(-1)));
}
HConstant* HGraph::GetConstantTrue() {
- return GetConstant(&constant_true_, isolate()->heap()->true_value());
+ return GetConstant(&constant_true_, isolate()->factory()->true_value());
}
HConstant* HGraph::GetConstantFalse() {
- return GetConstant(&constant_false_, isolate()->heap()->false_value());
+ return GetConstant(&constant_false_, isolate()->factory()->false_value());
}
HConstant* HGraph::GetConstantHole() {
- return GetConstant(&constant_hole_, isolate()->heap()->the_hole_value());
+ return GetConstant(&constant_hole_, isolate()->factory()->the_hole_value());
}
diff --git a/src/hydrogen.h b/src/hydrogen.h
index b9f2300..907279a 100644
--- a/src/hydrogen.h
+++ b/src/hydrogen.h
@@ -347,7 +347,7 @@
private:
HConstant* GetConstant(SetOncePointer<HConstant>* pointer,
- Object* value);
+ Handle<Object> value);
void MarkAsDeoptimizingRecursively(HBasicBlock* block);
void InsertTypeConversions(HInstruction* instr);
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc
index 78a5b68..c1a5c39 100644
--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc
@@ -2590,9 +2590,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- eax : value
// -- ecx : name
@@ -2601,9 +2602,11 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(edx, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed, preserving the name register.
+ __ push(ecx);
+ __ JumpIfSmi(edx, &miss);
+ CheckPrototypes(receiver, edx, holder, ebx, ecx, edi, name, &miss);
+ __ pop(ecx);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2611,7 +2614,7 @@
// Save value register, so we can restore it later.
__ push(eax);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(edx);
__ push(eax);
ParameterCount actual(1);
@@ -2627,6 +2630,7 @@
__ ret(0);
__ bind(&miss);
+ __ pop(ecx);
Handle<Code> ic = isolate()->builtins()->StoreIC_Miss();
__ jmp(ic, RelocInfo::CODE_TARGET);
diff --git a/src/ic.cc b/src/ic.cc
index 1f0070b..e3663c0 100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -1315,7 +1315,15 @@
LookupResult* lookup) {
receiver->LocalLookup(*name, lookup);
if (!StoreICableLookup(lookup)) {
- return false;
+ // 2nd chance: There can be accessors somewhere in the prototype chain, but
+ // for compatibility reasons we have to hide this behind a flag. Note that
+ // we explicitly exclude native accessors for now, because the stubs are not
+ // yet prepared for this scenario.
+ if (!FLAG_es5_readonly) return false;
+ receiver->Lookup(*name, lookup);
+ if (!lookup->IsCallbacks()) return false;
+ Handle<Object> callback(lookup->GetCallbackObject());
+ return callback->IsAccessorPair() && StoreICableLookup(lookup);
}
if (lookup->IsInterceptor() &&
@@ -1494,7 +1502,8 @@
if (holder->IsGlobalObject()) return;
if (!receiver->HasFastProperties()) return;
code = isolate()->stub_cache()->ComputeStoreViaSetter(
- name, receiver, Handle<JSFunction>::cast(setter), strict_mode);
+ name, receiver, holder, Handle<JSFunction>::cast(setter),
+ strict_mode);
} else {
ASSERT(callback->IsForeign());
// No IC support for old-style native accessors.
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index d4d4de0..cf6ba81 100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -2675,9 +2675,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- a0 : value
// -- a1 : receiver
@@ -2686,9 +2687,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(a1, a3, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(a1, &miss);
+ CheckPrototypes(receiver, a1, holder, a3, t0, t1, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2696,7 +2697,7 @@
// Save value register, so we can restore it later.
__ push(a0);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(a1);
__ push(a0);
ParameterCount actual(1);
diff --git a/src/stub-cache.cc b/src/stub-cache.cc
index c5ae175..9adf3cb 100644
--- a/src/stub-cache.cc
+++ b/src/stub-cache.cc
@@ -523,6 +523,7 @@
Handle<Code> StubCache::ComputeStoreViaSetter(Handle<String> name,
Handle<JSObject> receiver,
+ Handle<JSObject> holder,
Handle<JSFunction> setter,
StrictModeFlag strict_mode) {
Code::Flags flags = Code::ComputeMonomorphicFlags(
@@ -531,7 +532,8 @@
if (probe->IsCode()) return Handle<Code>::cast(probe);
StoreStubCompiler compiler(isolate_, strict_mode);
- Handle<Code> code = compiler.CompileStoreViaSetter(receiver, setter, name);
+ Handle<Code> code =
+ compiler.CompileStoreViaSetter(name, receiver, holder, setter);
PROFILE(isolate_, CodeCreateEvent(Logger::STORE_IC_TAG, *code, *name));
GDBJIT(AddCode(GDBJITInterface::STORE_IC, *name, *code));
JSObject::UpdateMapCodeCache(receiver, name, code);
diff --git a/src/stub-cache.h b/src/stub-cache.h
index e274c82..be13fdd 100644
--- a/src/stub-cache.h
+++ b/src/stub-cache.h
@@ -164,6 +164,7 @@
Handle<Code> ComputeStoreViaSetter(Handle<String> name,
Handle<JSObject> receiver,
+ Handle<JSObject> holder,
Handle<JSFunction> setter,
StrictModeFlag strict_mode);
@@ -697,9 +698,10 @@
Handle<AccessorInfo> callback,
Handle<String> name);
- Handle<Code> CompileStoreViaSetter(Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name);
+ Handle<Code> CompileStoreViaSetter(Handle<String> name,
+ Handle<JSObject> receiver,
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter);
Handle<Code> CompileStoreInterceptor(Handle<JSObject> object,
Handle<String> name);
diff --git a/src/version.cc b/src/version.cc
index 4f42c99..fa7a163 100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -34,7 +34,7 @@
// cannot be changed without changing the SCons build script.
#define MAJOR_VERSION 3
#define MINOR_VERSION 12
-#define BUILD_NUMBER 7
+#define BUILD_NUMBER 8
#define PATCH_LEVEL 0
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc
index a2adf06..df6b5d5 100644
--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc
@@ -2427,9 +2427,10 @@
Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+ Handle<String> name,
Handle<JSObject> receiver,
- Handle<JSFunction> setter,
- Handle<String> name) {
+ Handle<JSObject> holder,
+ Handle<JSFunction> setter) {
// ----------- S t a t e -------------
// -- rax : value
// -- rcx : name
@@ -2438,9 +2439,9 @@
// -----------------------------------
Label miss;
- // Check that the map of the object hasn't changed.
- __ CheckMap(rdx, Handle<Map>(receiver->map()), &miss, DO_SMI_CHECK,
- ALLOW_ELEMENT_TRANSITION_MAPS);
+ // Check that the maps haven't changed.
+ __ JumpIfSmi(rdx, &miss);
+ CheckPrototypes(receiver, rdx, holder, rbx, r8, rdi, name, &miss);
{
FrameScope scope(masm(), StackFrame::INTERNAL);
@@ -2448,7 +2449,7 @@
// Save value register, so we can restore it later.
__ push(rax);
- // Call the JavaScript getter with the receiver and the value on the stack.
+ // Call the JavaScript setter with the receiver and the value on the stack.
__ push(rdx);
__ push(rax);
ParameterCount actual(1);
diff --git a/test/mjsunit/accessor-map-sharing.js b/test/mjsunit/accessor-map-sharing.js
index ab45afa..3afce37 100644
--- a/test/mjsunit/accessor-map-sharing.js
+++ b/test/mjsunit/accessor-map-sharing.js
@@ -35,7 +35,7 @@
function setter(x) { print(222); }
function anotherGetter() { return 333; }
function anotherSetter(x) { print(444); }
-var obj1, obj2;
+var obj1, obj2, obj3, obj4;
// Two objects with the same getter.
obj1 = {};
@@ -174,3 +174,19 @@
assertEquals(setter, gop(obj1, "papa").set);
assertTrue(gop(obj1, "papa").configurable);
assertFalse(gop(obj1, "papa").enumerable);
+
+// Two objects with the same getter on the prototype chain.
+obj1 = {};
+dp(obj1, "quebec", { get: getter });
+obj2 = Object.create(obj1);
+obj3 = Object.create(obj2);
+obj4 = Object.create(obj2);
+assertTrue(%HaveSameMap(obj3, obj4));
+
+// Two objects with the same setter on the prototype chain.
+obj1 = {};
+dp(obj1, "romeo", { set: setter });
+obj2 = Object.create(obj1);
+obj3 = Object.create(obj2);
+obj4 = Object.create(obj2);
+assertTrue(%HaveSameMap(obj3, obj4));
diff --git a/test/mjsunit/external-array.js b/test/mjsunit/external-array.js
index 3d5ffdb..09d36df 100644
--- a/test/mjsunit/external-array.js
+++ b/test/mjsunit/external-array.js
@@ -565,3 +565,101 @@
assertSame(b, a.buffer)
assertEquals(128, a.byteOffset)
assertEquals(4, a.byteLength)
+
+
+// Test array.set in different combinations.
+
+function assertArrayPrefix(expected, array) {
+ for (var i = 0; i < expected.length; ++i) {
+ assertEquals(expected[i], array[i]);
+ }
+}
+
+var a11 = new Int16Array([1, 2, 3, 4, 0, -1])
+var a12 = new Uint16Array(15)
+a12.set(a11, 3)
+assertArrayPrefix([0, 0, 0, 1, 2, 3, 4, 0, 0xffff, 0, 0], a12)
+assertThrows(function(){ a11.set(a12) })
+
+var a21 = [1, undefined, 10, NaN, 0, -1, {valueOf: function() {return 3}}]
+var a22 = new Int32Array(12)
+a22.set(a21, 2)
+assertArrayPrefix([0, 0, 1, 0, 10, 0, 0, -1, 3, 0], a22)
+
+var a31 = new Float32Array([2, 4, 6, 8, 11, NaN, 1/0, -3])
+var a32 = a31.subarray(2, 6)
+a31.set(a32, 4)
+assertArrayPrefix([2, 4, 6, 8, 6, 8, 11, NaN], a31)
+assertArrayPrefix([6, 8, 6, 8], a32)
+
+var a4 = new Uint8ClampedArray([3,2,5,6])
+a4.set(a4)
+assertArrayPrefix([3, 2, 5, 6], a4)
+
+// Cases with overlapping backing store but different element sizes.
+var b = new ArrayBuffer(4)
+var a5 = new Int16Array(b)
+var a50 = new Int8Array(b)
+var a51 = new Int8Array(b, 0, 2)
+var a52 = new Int8Array(b, 1, 2)
+var a53 = new Int8Array(b, 2, 2)
+
+a5.set([0x5050, 0x0a0a])
+assertArrayPrefix([0x50, 0x50, 0x0a, 0x0a], a50)
+assertArrayPrefix([0x50, 0x50], a51)
+assertArrayPrefix([0x50, 0x0a], a52)
+assertArrayPrefix([0x0a, 0x0a], a53)
+
+a50.set([0x50, 0x50, 0x0a, 0x0a])
+a51.set(a5)
+assertArrayPrefix([0x50, 0x0a, 0x0a, 0x0a], a50)
+
+a50.set([0x50, 0x50, 0x0a, 0x0a])
+a52.set(a5)
+assertArrayPrefix([0x50, 0x50, 0x0a, 0x0a], a50)
+
+a50.set([0x50, 0x50, 0x0a, 0x0a])
+a53.set(a5)
+assertArrayPrefix([0x50, 0x50, 0x50, 0x0a], a50)
+
+a50.set([0x50, 0x51, 0x0a, 0x0b])
+a5.set(a51)
+assertArrayPrefix([0x0050, 0x0051], a5)
+
+a50.set([0x50, 0x51, 0x0a, 0x0b])
+a5.set(a52)
+assertArrayPrefix([0x0051, 0x000a], a5)
+
+a50.set([0x50, 0x51, 0x0a, 0x0b])
+a5.set(a53)
+assertArrayPrefix([0x000a, 0x000b], a5)
+
+// Mixed types of same size.
+var a61 = new Float32Array([1.2, 12.3])
+var a62 = new Int32Array(2)
+a62.set(a61)
+assertArrayPrefix([1, 12], a62)
+a61.set(a62)
+assertArrayPrefix([1, 12], a61)
+
+// Invalid source
+assertThrows(function() { a.set(0) })
+assertThrows(function() { a.set({}) })
+
+
+// Test arraybuffer.slice
+
+var a0 = new Int8Array([1, 2, 3, 4, 5, 6])
+var b0 = a0.buffer
+
+var b1 = b0.slice(0)
+assertEquals(b0.byteLength, b1.byteLength)
+assertArrayPrefix([1, 2, 3, 4, 5, 6], Int8Array(b1))
+
+var b2 = b0.slice(3)
+assertEquals(b0.byteLength - 3, b2.byteLength)
+assertArrayPrefix([4, 5, 6], Int8Array(b2))
+
+var b3 = b0.slice(2, 4)
+assertEquals(2, b3.byteLength)
+assertArrayPrefix([3, 4], Int8Array(b3))
diff --git a/test/mjsunit/object-define-property.js b/test/mjsunit/object-define-property.js
index fdaf82d..56e67c3 100644
--- a/test/mjsunit/object-define-property.js
+++ b/test/mjsunit/object-define-property.js
@@ -27,7 +27,7 @@
// Tests the object.defineProperty method - ES 15.2.3.6
-// Flags: --allow-natives-syntax
+// Flags: --allow-natives-syntax --es5-readonly
// Check that an exception is thrown when null is passed as object.
var exception = false;
@@ -1085,3 +1085,90 @@
var objectWithSetter = {};
objectWithSetter.__defineSetter__('foo', function(x) {});
assertEquals(undefined, objectWithSetter.__lookupGetter__('foo'));
+
+// An object with a getter on the prototype chain.
+function getter() { return 111; }
+function anotherGetter() { return 222; }
+
+function testGetterOnProto(expected, o) {
+ assertEquals(expected, o.quebec);
+}
+
+obj1 = {};
+Object.defineProperty(obj1, "quebec", { get: getter, configurable: true });
+obj2 = Object.create(obj1);
+obj3 = Object.create(obj2);
+
+testGetterOnProto(111, obj3);
+testGetterOnProto(111, obj3);
+%OptimizeFunctionOnNextCall(testGetterOnProto);
+testGetterOnProto(111, obj3);
+testGetterOnProto(111, obj3);
+
+Object.defineProperty(obj1, "quebec", { get: anotherGetter });
+
+testGetterOnProto(222, obj3);
+testGetterOnProto(222, obj3);
+%OptimizeFunctionOnNextCall(testGetterOnProto);
+testGetterOnProto(222, obj3);
+testGetterOnProto(222, obj3);
+
+// An object with a setter on the prototype chain.
+var modifyMe;
+function setter(x) { modifyMe = x+1; }
+function anotherSetter(x) { modifyMe = x+2; }
+
+function testSetterOnProto(expected, o) {
+ modifyMe = 333;
+ o.romeo = 444;
+ assertEquals(expected, modifyMe);
+}
+
+obj1 = {};
+Object.defineProperty(obj1, "romeo", { set: setter, configurable: true });
+obj2 = Object.create(obj1);
+obj3 = Object.create(obj2);
+
+testSetterOnProto(445, obj3);
+testSetterOnProto(445, obj3);
+%OptimizeFunctionOnNextCall(testSetterOnProto);
+testSetterOnProto(445, obj3);
+testSetterOnProto(445, obj3);
+
+Object.defineProperty(obj1, "romeo", { set: anotherSetter });
+
+testSetterOnProto(446, obj3);
+testSetterOnProto(446, obj3);
+%OptimizeFunctionOnNextCall(testSetterOnProto);
+testSetterOnProto(446, obj3);
+testSetterOnProto(446, obj3);
+
+// Removing a setter on the prototype chain.
+function testSetterOnProtoStrict(o) {
+ "use strict";
+ o.sierra = 12345;
+}
+
+obj1 = {};
+Object.defineProperty(obj1, "sierra",
+ { get: getter, set: setter, configurable: true });
+obj2 = Object.create(obj1);
+obj3 = Object.create(obj2);
+
+testSetterOnProtoStrict(obj3);
+testSetterOnProtoStrict(obj3);
+%OptimizeFunctionOnNextCall(testSetterOnProtoStrict);
+testSetterOnProtoStrict(obj3);
+testSetterOnProtoStrict(obj3);
+
+Object.defineProperty(obj1, "sierra",
+ { get: getter, set: undefined, configurable: true });
+
+exception = false;
+try {
+ testSetterOnProtoStrict(obj3);
+} catch (e) {
+ exception = true;
+ assertTrue(/which has only a getter/.test(e));
+}
+assertTrue(exception);
diff --git a/test/mozilla/mozilla.status b/test/mozilla/mozilla.status
index 87d7bd2..89d1471 100644
--- a/test/mozilla/mozilla.status
+++ b/test/mozilla/mozilla.status
@@ -633,7 +633,7 @@
# Bug 762: http://code.google.com/p/v8/issues/detail?id=762
# We do not correctly handle assignments within "with"
-/ecma_3/Statements/12.10-01: FAIL
+ecma_3/Statements/12.10-01: FAIL
# We do not throw an exception when a const is redeclared.
# (We only fail section 1 of the test.)
@@ -818,12 +818,6 @@
js1_5/decompilation/regress-406555: PASS || FAIL
js1_5/decompilation/regress-460870: PASS || FAIL
-# These tests take an unreasonable amount of time so we skip them
-# in fast mode.
-
-js1_5/Regress/regress-312588: TIMEOUT || SKIP if $FAST == yes
-js1_5/Regress/regress-271716-n: PASS || SKIP if $FAST == yes
-
[ $arch == arm ]
@@ -848,39 +842,6 @@
js1_5/GC/regress-203278-2: PASS || TIMEOUT
-[ $fast == yes && $arch == arm ]
-
-# In fast mode on arm we try to skip all tests that would time out,
-# since running the tests takes so long in the first place.
-
-js1_5/Regress/regress-280769-2: SKIP
-js1_5/Regress/regress-280769-3: SKIP
-js1_5/Regress/regress-244470: SKIP
-js1_5/Regress/regress-203278-1: SKIP
-js1_5/Regress/regress-290575: SKIP
-js1_5/Regress/regress-159334: SKIP
-js1_5/Regress/regress-321971: SKIP
-js1_5/Regress/regress-347306-01: SKIP
-js1_5/Regress/regress-280769-1: SKIP
-js1_5/Regress/regress-280769-5: SKIP
-js1_5/GC/regress-306788: SKIP
-js1_5/GC/regress-278725: SKIP
-js1_5/GC/regress-203278-3: SKIP
-js1_5/GC/regress-311497: SKIP
-js1_5/Array/regress-99120-02: SKIP
-ecma/Date/15.9.5.22-1: SKIP
-ecma/Date/15.9.5.20: SKIP
-ecma/Date/15.9.5.12-2: SKIP
-ecma/Date/15.9.5.8: SKIP
-ecma/Date/15.9.5.9: SKIP
-ecma/Date/15.9.5.11-2: SKIP
-ecma/Expressions/11.7.2: SKIP
-ecma/Expressions/11.10-2: SKIP
-ecma/Expressions/11.7.3: SKIP
-ecma/Expressions/11.10-3: SKIP
-ecma/Expressions/11.7.1: SKIP
-ecma_3/RegExp/regress-209067: SKIP
-
[ $arch == mips ]
# Times out and print so much output that we need to skip it to not
@@ -902,37 +863,3 @@
# BUG(1040): Allow this test to timeout.
js1_5/GC/regress-203278-2: PASS || TIMEOUT
-
-
-[ $fast == yes && $arch == mips ]
-
-# In fast mode on mips we try to skip all tests that would time out,
-# since running the tests takes so long in the first place.
-
-js1_5/Regress/regress-280769-2: SKIP
-js1_5/Regress/regress-280769-3: SKIP
-js1_5/Regress/regress-244470: SKIP
-js1_5/Regress/regress-203278-1: SKIP
-js1_5/Regress/regress-290575: SKIP
-js1_5/Regress/regress-159334: SKIP
-js1_5/Regress/regress-321971: SKIP
-js1_5/Regress/regress-347306-01: SKIP
-js1_5/Regress/regress-280769-1: SKIP
-js1_5/Regress/regress-280769-5: SKIP
-js1_5/GC/regress-306788: SKIP
-js1_5/GC/regress-278725: SKIP
-js1_5/GC/regress-203278-3: SKIP
-js1_5/GC/regress-311497: SKIP
-js1_5/Array/regress-99120-02: SKIP
-ecma/Date/15.9.5.22-1: SKIP
-ecma/Date/15.9.5.20: SKIP
-ecma/Date/15.9.5.12-2: SKIP
-ecma/Date/15.9.5.8: SKIP
-ecma/Date/15.9.5.9: SKIP
-ecma/Date/15.9.5.11-2: SKIP
-ecma/Expressions/11.7.2: SKIP
-ecma/Expressions/11.10-2: SKIP
-ecma/Expressions/11.7.3: SKIP
-ecma/Expressions/11.10-3: SKIP
-ecma/Expressions/11.7.1: SKIP
-ecma_3/RegExp/regress-209067: SKIP
diff --git a/tools/grokdump.py b/tools/grokdump.py
index 59a2a48..24c9c5a 100755
--- a/tools/grokdump.py
+++ b/tools/grokdump.py
@@ -1522,6 +1522,24 @@
else:
print "Page header is not available!"
+ def do_da(self, address):
+ """
+ Print ASCII string starting at specified address.
+ """
+ address = int(address, 16)
+ string = ""
+ while self.reader.IsValidAddress(address):
+ code = self.reader.ReadU8(address)
+ if code < 128:
+ string += chr(code)
+ else:
+ break
+ address += 1
+ if string == "":
+ print "Not an ASCII string at %s" % self.reader.FormatIntPtr(address)
+ else:
+ print "%s\n" % string
+
def do_k(self, arguments):
"""
Teach V8 heap layout information to the inspector. This increases