Version 3.5.2
Performance improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@8765 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/ChangeLog b/ChangeLog
index 70585e4..f4a3fc2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-08-01: Version 3.5.2
+
+ Performance improvements on all platforms.
+
+
2011-07-28: Version 3.5.1
Fixed setting the readonly flag on the prototype property using the
diff --git a/src/api.cc b/src/api.cc
index 6b50f99..fa2c88c 100644
--- a/src/api.cc
+++ b/src/api.cc
@@ -3192,39 +3192,7 @@
ENTER_V8(isolate);
i::HandleScope scope(isolate);
i::Handle<i::JSObject> self = Utils::OpenHandle(this);
- i::Handle<i::Object> hidden_props_obj(i::GetHiddenProperties(self, true));
- if (!hidden_props_obj->IsJSObject()) {
- // We failed to create hidden properties. That's a detached
- // global proxy.
- ASSERT(hidden_props_obj->IsUndefined());
- return 0;
- }
- i::Handle<i::JSObject> hidden_props =
- i::Handle<i::JSObject>::cast(hidden_props_obj);
- i::Handle<i::String> hash_symbol = isolate->factory()->identity_hash_symbol();
- if (hidden_props->HasLocalProperty(*hash_symbol)) {
- i::Handle<i::Object> hash = i::GetProperty(hidden_props, hash_symbol);
- CHECK(!hash.is_null());
- CHECK(hash->IsSmi());
- return i::Smi::cast(*hash)->value();
- }
-
- int hash_value;
- int attempts = 0;
- do {
- // Generate a random 32-bit hash value but limit range to fit
- // within a smi.
- hash_value = i::V8::Random(self->GetIsolate()) & i::Smi::kMaxValue;
- attempts++;
- } while (hash_value == 0 && attempts < 30);
- hash_value = hash_value != 0 ? hash_value : 1; // never return 0
- CHECK(!i::SetLocalPropertyIgnoreAttributes(
- hidden_props,
- hash_symbol,
- i::Handle<i::Object>(i::Smi::FromInt(hash_value)),
- static_cast<PropertyAttributes>(None)).is_null());
-
- return hash_value;
+ return i::GetIdentityHash(self);
}
@@ -3235,7 +3203,9 @@
ENTER_V8(isolate);
i::HandleScope scope(isolate);
i::Handle<i::JSObject> self = Utils::OpenHandle(this);
- i::Handle<i::Object> hidden_props(i::GetHiddenProperties(self, true));
+ i::Handle<i::Object> hidden_props(i::GetHiddenProperties(
+ self,
+ i::JSObject::ALLOW_CREATION));
i::Handle<i::Object> key_obj = Utils::OpenHandle(*key);
i::Handle<i::Object> value_obj = Utils::OpenHandle(*value);
EXCEPTION_PREAMBLE(isolate);
@@ -3257,7 +3227,9 @@
return Local<v8::Value>());
ENTER_V8(isolate);
i::Handle<i::JSObject> self = Utils::OpenHandle(this);
- i::Handle<i::Object> hidden_props(i::GetHiddenProperties(self, false));
+ i::Handle<i::Object> hidden_props(i::GetHiddenProperties(
+ self,
+ i::JSObject::OMIT_CREATION));
if (hidden_props->IsUndefined()) {
return v8::Local<v8::Value>();
}
@@ -3279,7 +3251,9 @@
ENTER_V8(isolate);
i::HandleScope scope(isolate);
i::Handle<i::JSObject> self = Utils::OpenHandle(this);
- i::Handle<i::Object> hidden_props(i::GetHiddenProperties(self, false));
+ i::Handle<i::Object> hidden_props(i::GetHiddenProperties(
+ self,
+ i::JSObject::OMIT_CREATION));
if (hidden_props->IsUndefined()) {
return true;
}
diff --git a/src/code-stubs.cc b/src/code-stubs.cc
index cc06115..0cba275 100644
--- a/src/code-stubs.cc
+++ b/src/code-stubs.cc
@@ -336,7 +336,7 @@
}
-void ToBooleanStub::Types::Print(StringStream* stream) {
+void ToBooleanStub::Types::Print(StringStream* stream) const {
if (IsEmpty()) stream->Add("None");
if (Contains(UNDEFINED)) stream->Add("Undefined");
if (Contains(BOOLEAN)) stream->Add("Bool");
@@ -349,7 +349,7 @@
}
-void ToBooleanStub::Types::TraceTransition(Types to) {
+void ToBooleanStub::Types::TraceTransition(Types to) const {
if (!FLAG_trace_ic) return;
char buffer[100];
NoAllocationStringAllocator allocator(buffer,
@@ -395,4 +395,12 @@
}
+bool ToBooleanStub::Types::NeedsMap() const {
+ return Contains(ToBooleanStub::SPEC_OBJECT)
+ || Contains(ToBooleanStub::STRING)
+ || Contains(ToBooleanStub::HEAP_NUMBER)
+ || Contains(ToBooleanStub::INTERNAL_OBJECT);
+}
+
+
} } // namespace v8::internal
diff --git a/src/code-stubs.h b/src/code-stubs.h
index 6527fde..b9e49c8 100644
--- a/src/code-stubs.h
+++ b/src/code-stubs.h
@@ -926,9 +926,10 @@
bool Contains(Type type) const { return set_.Contains(type); }
void Add(Type type) { set_.Add(type); }
byte ToByte() const { return set_.ToIntegral(); }
- void Print(StringStream* stream);
- void TraceTransition(Types to);
+ void Print(StringStream* stream) const;
+ void TraceTransition(Types to) const;
bool Record(Handle<Object> object);
+ bool NeedsMap() const;
private:
EnumSet<Type, byte> set_;
diff --git a/src/factory.cc b/src/factory.cc
index ac96668..05dd5c9 100644
--- a/src/factory.cc
+++ b/src/factory.cc
@@ -84,6 +84,14 @@
}
+Handle<ObjectHashTable> Factory::NewObjectHashTable(int at_least_space_for) {
+ ASSERT(0 <= at_least_space_for);
+ CALL_HEAP_FUNCTION(isolate(),
+ ObjectHashTable::Allocate(at_least_space_for),
+ ObjectHashTable);
+}
+
+
Handle<DescriptorArray> Factory::NewDescriptorArray(int number_of_descriptors) {
ASSERT(0 <= number_of_descriptors);
CALL_HEAP_FUNCTION(isolate(),
diff --git a/src/factory.h b/src/factory.h
index 19f3827..3217ca9 100644
--- a/src/factory.h
+++ b/src/factory.h
@@ -58,6 +58,8 @@
Handle<StringDictionary> NewStringDictionary(int at_least_space_for);
+ Handle<ObjectHashTable> NewObjectHashTable(int at_least_space_for);
+
Handle<DescriptorArray> NewDescriptorArray(int number_of_descriptors);
Handle<DeoptimizationInputData> NewDeoptimizationInputData(
int deopt_entry_count,
diff --git a/src/flag-definitions.h b/src/flag-definitions.h
index 005c137..6900a9e 100644
--- a/src/flag-definitions.h
+++ b/src/flag-definitions.h
@@ -400,6 +400,7 @@
DEFINE_bool(print_builtin_json_ast, false,
"print source AST for builtins as JSON")
DEFINE_string(stop_at, "", "function name where to insert a breakpoint")
+DEFINE_bool(verify_stack_height, false, "verify stack height tracing on ia32")
// compiler.cc
DEFINE_bool(print_builtin_scopes, false, "print scopes for builtins")
diff --git a/src/full-codegen.cc b/src/full-codegen.cc
index 8c2f0d1..e5375fc 100644
--- a/src/full-codegen.cc
+++ b/src/full-codegen.cc
@@ -437,6 +437,7 @@
void FullCodeGenerator::StackValueContext::Plug(Register reg) const {
__ push(reg);
+ codegen()->increment_stack_height();
}
@@ -450,11 +451,13 @@
void FullCodeGenerator::EffectContext::PlugTOS() const {
__ Drop(1);
+ codegen()->decrement_stack_height();
}
void FullCodeGenerator::AccumulatorValueContext::PlugTOS() const {
__ pop(result_register());
+ codegen()->decrement_stack_height();
}
@@ -465,6 +468,7 @@
void FullCodeGenerator::TestContext::PlugTOS() const {
// For simplicity we always test the accumulator register.
__ pop(result_register());
+ codegen()->decrement_stack_height();
codegen()->PrepareForBailoutBeforeSplit(TOS_REG, false, NULL, NULL);
codegen()->DoTest(this);
}
@@ -960,6 +964,7 @@
VisitForStackValue(stmt->expression());
PushFunctionArgumentForContextAllocation();
__ CallRuntime(Runtime::kPushWithContext, 2);
+ decrement_stack_height();
StoreToFrameField(StandardFrameConstants::kContextOffset, context_register());
}
@@ -1128,8 +1133,10 @@
{
TryCatch try_block(this, &catch_entry);
__ PushTryHandler(IN_JAVASCRIPT, TRY_CATCH_HANDLER);
+ increment_stack_height(StackHandlerConstants::kSize / kPointerSize);
Visit(stmt->try_block());
__ PopTryHandler();
+ decrement_stack_height(StackHandlerConstants::kSize / kPointerSize);
}
__ bind(&done);
}
@@ -1161,6 +1168,10 @@
// cooked before GC.
Label finally_entry;
Label try_handler_setup;
+ const int original_stack_height = stack_height();
+ const int finally_block_stack_height = original_stack_height + 2;
+ const int try_block_stack_height = original_stack_height + 4;
+ STATIC_ASSERT(StackHandlerConstants::kSize / kPointerSize == 4);
// Setup the try-handler chain. Use a call to
// Jump to try-handler setup and try-block code. Use call to put try-handler
@@ -1182,6 +1193,7 @@
// Finally block implementation.
Finally finally_block(this);
EnterFinallyBlock();
+ set_stack_height(finally_block_stack_height);
Visit(stmt->finally_block());
ExitFinallyBlock(); // Return to the calling code.
}
@@ -1191,8 +1203,10 @@
// Setup try handler (stack pointer registers).
TryFinally try_block(this, &finally_entry);
__ PushTryHandler(IN_JAVASCRIPT, TRY_FINALLY_HANDLER);
+ set_stack_height(try_block_stack_height);
Visit(stmt->try_block());
__ PopTryHandler();
+ set_stack_height(original_stack_height);
}
// Execute the finally block on the way out. Clobber the unpredictable
// value in the accumulator with one that's safe for GC. The finally
@@ -1222,6 +1236,7 @@
__ bind(&true_case);
SetExpressionPosition(expr->then_expression(),
expr->then_expression_position());
+ int start_stack_height = stack_height();
if (context()->IsTest()) {
const TestContext* for_test = TestContext::cast(context());
VisitForControl(expr->then_expression(),
@@ -1235,6 +1250,7 @@
PrepareForBailoutForId(expr->ElseId(), NO_REGISTERS);
__ bind(&false_case);
+ set_stack_height(start_stack_height);
if (context()->IsTest()) ForwardBailoutToChild(expr);
SetExpressionPosition(expr->else_expression(),
expr->else_expression_position());
@@ -1275,8 +1291,11 @@
void FullCodeGenerator::VisitThrow(Throw* expr) {
Comment cmnt(masm_, "[ Throw");
+ // Throw has no effect on the stack height or the current expression context.
+ // Usually the expression context is null, because throw is a statement.
VisitForStackValue(expr->exception());
__ CallRuntime(Runtime::kThrow, 1);
+ decrement_stack_height();
// Never returns here.
}
diff --git a/src/full-codegen.h b/src/full-codegen.h
index 6b174f7..9bd6e5e 100644
--- a/src/full-codegen.h
+++ b/src/full-codegen.h
@@ -83,6 +83,7 @@
scope_(NULL),
nesting_stack_(NULL),
loop_depth_(0),
+ stack_height_(0),
context_(NULL),
bailout_entries_(0),
stack_checks_(2), // There's always at least one.
@@ -519,6 +520,35 @@
loop_depth_--;
}
+#if defined(V8_TARGET_ARCH_IA32)
+ int stack_height() { return stack_height_; }
+ void set_stack_height(int depth) { stack_height_ = depth; }
+ void increment_stack_height() { stack_height_++; }
+ void increment_stack_height(int delta) { stack_height_ += delta; }
+ void decrement_stack_height() {
+ if (FLAG_verify_stack_height) {
+ ASSERT(stack_height_ > 0);
+ }
+ stack_height_--;
+ }
+ void decrement_stack_height(int delta) {
+ stack_height_-= delta;
+ if (FLAG_verify_stack_height) {
+ ASSERT(stack_height_ >= 0);
+ }
+ }
+ // Call this function only if FLAG_verify_stack_height is true.
+ void verify_stack_height(); // Generates a runtime check of esp - ebp.
+#else
+ int stack_height() { return 0; }
+ void set_stack_height(int depth) {}
+ void increment_stack_height() {}
+ void increment_stack_height(int delta) {}
+ void decrement_stack_height() {}
+ void decrement_stack_height(int delta) {}
+ void verify_stack_height() {}
+#endif // V8_TARGET_ARCH_IA32
+
MacroAssembler* masm() { return masm_; }
class ExpressionContext;
@@ -578,6 +608,10 @@
virtual ~ExpressionContext() {
codegen_->set_new_context(old_);
+ if (FLAG_verify_stack_height) {
+ ASSERT_EQ(expected_stack_height_, codegen()->stack_height());
+ codegen()->verify_stack_height();
+ }
}
Isolate* isolate() const { return codegen_->isolate(); }
@@ -631,6 +665,7 @@
FullCodeGenerator* codegen() const { return codegen_; }
MacroAssembler* masm() const { return masm_; }
MacroAssembler* masm_;
+ int expected_stack_height_; // The expected stack height esp - ebp on exit.
private:
const ExpressionContext* old_;
@@ -640,7 +675,9 @@
class AccumulatorValueContext : public ExpressionContext {
public:
explicit AccumulatorValueContext(FullCodeGenerator* codegen)
- : ExpressionContext(codegen) { }
+ : ExpressionContext(codegen) {
+ expected_stack_height_ = codegen->stack_height();
+ }
virtual void Plug(bool flag) const;
virtual void Plug(Register reg) const;
@@ -661,7 +698,9 @@
class StackValueContext : public ExpressionContext {
public:
explicit StackValueContext(FullCodeGenerator* codegen)
- : ExpressionContext(codegen) { }
+ : ExpressionContext(codegen) {
+ expected_stack_height_ = codegen->stack_height() + 1;
+ }
virtual void Plug(bool flag) const;
virtual void Plug(Register reg) const;
@@ -690,7 +729,9 @@
condition_(condition),
true_label_(true_label),
false_label_(false_label),
- fall_through_(fall_through) { }
+ fall_through_(fall_through) {
+ expected_stack_height_ = codegen->stack_height();
+ }
static const TestContext* cast(const ExpressionContext* context) {
ASSERT(context->IsTest());
@@ -727,7 +768,10 @@
class EffectContext : public ExpressionContext {
public:
explicit EffectContext(FullCodeGenerator* codegen)
- : ExpressionContext(codegen) { }
+ : ExpressionContext(codegen) {
+ expected_stack_height_ = codegen->stack_height();
+ }
+
virtual void Plug(bool flag) const;
virtual void Plug(Register reg) const;
@@ -751,6 +795,7 @@
Label return_label_;
NestedStatement* nesting_stack_;
int loop_depth_;
+ int stack_height_;
const ExpressionContext* context_;
ZoneList<BailoutEntry> bailout_entries_;
ZoneList<BailoutEntry> stack_checks_;
diff --git a/src/handles.cc b/src/handles.cc
index d73aaf0..c9984aa 100644
--- a/src/handles.cc
+++ b/src/handles.cc
@@ -422,43 +422,18 @@
Handle<Object> GetHiddenProperties(Handle<JSObject> obj,
- bool create_if_needed) {
- Isolate* isolate = obj->GetIsolate();
- Object* holder = obj->BypassGlobalProxy();
- if (holder->IsUndefined()) return isolate->factory()->undefined_value();
- obj = Handle<JSObject>(JSObject::cast(holder), isolate);
+ JSObject::HiddenPropertiesFlag flag) {
+ CALL_HEAP_FUNCTION(obj->GetIsolate(),
+ obj->GetHiddenProperties(flag),
+ Object);
+}
- if (obj->HasFastProperties()) {
- // If the object has fast properties, check whether the first slot
- // in the descriptor array matches the hidden symbol. Since the
- // hidden symbols hash code is zero (and no other string has hash
- // code zero) it will always occupy the first entry if present.
- DescriptorArray* descriptors = obj->map()->instance_descriptors();
- if ((descriptors->number_of_descriptors() > 0) &&
- (descriptors->GetKey(0) == isolate->heap()->hidden_symbol()) &&
- descriptors->IsProperty(0)) {
- ASSERT(descriptors->GetType(0) == FIELD);
- return Handle<Object>(obj->FastPropertyAt(descriptors->GetFieldIndex(0)),
- isolate);
- }
- }
- // Only attempt to find the hidden properties in the local object and not
- // in the prototype chain. Note that HasLocalProperty() can cause a GC in
- // the general case in the presence of interceptors.
- if (!obj->HasHiddenPropertiesObject()) {
- // Hidden properties object not found. Allocate a new hidden properties
- // object if requested. Otherwise return the undefined value.
- if (create_if_needed) {
- Handle<Object> hidden_obj =
- isolate->factory()->NewJSObject(isolate->object_function());
- CALL_HEAP_FUNCTION(isolate,
- obj->SetHiddenPropertiesObject(*hidden_obj), Object);
- } else {
- return isolate->factory()->undefined_value();
- }
- }
- return Handle<Object>(obj->GetHiddenPropertiesObject(), isolate);
+int GetIdentityHash(Handle<JSObject> obj) {
+ CALL_AND_RETRY(obj->GetIsolate(),
+ obj->GetIdentityHash(JSObject::ALLOW_CREATION),
+ return Smi::cast(__object__)->value(),
+ return 0);
}
@@ -908,6 +883,15 @@
}
+Handle<ObjectHashTable> PutIntoObjectHashTable(Handle<ObjectHashTable> table,
+ Handle<JSObject> key,
+ Handle<Object> value) {
+ CALL_HEAP_FUNCTION(table->GetIsolate(),
+ table->Put(*key, *value),
+ ObjectHashTable);
+}
+
+
bool EnsureCompiled(Handle<SharedFunctionInfo> shared,
ClearExceptionFlag flag) {
return shared->is_compiled() || CompileLazyShared(shared, flag);
diff --git a/src/handles.h b/src/handles.h
index 13c6dd6..9bb3b1f 100644
--- a/src/handles.h
+++ b/src/handles.h
@@ -264,9 +264,13 @@
Handle<Object> SetPrototype(Handle<JSObject> obj, Handle<Object> value);
// Return the object's hidden properties object. If the object has no hidden
-// properties and create_if_needed is true, then a new hidden property object
-// will be allocated. Otherwise the Heap::undefined_value is returned.
-Handle<Object> GetHiddenProperties(Handle<JSObject> obj, bool create_if_needed);
+// properties and HiddenPropertiesFlag::ALLOW_CREATION is passed, then a new
+// hidden property object will be allocated. Otherwise Heap::undefined_value
+// is returned.
+Handle<Object> GetHiddenProperties(Handle<JSObject> obj,
+ JSObject::HiddenPropertiesFlag flag);
+
+int GetIdentityHash(Handle<JSObject> obj);
Handle<Object> DeleteElement(Handle<JSObject> obj, uint32_t index);
Handle<Object> DeleteProperty(Handle<JSObject> obj, Handle<String> prop);
@@ -343,6 +347,10 @@
Handle<Object> PreventExtensions(Handle<JSObject> object);
+Handle<ObjectHashTable> PutIntoObjectHashTable(Handle<ObjectHashTable> table,
+ Handle<JSObject> key,
+ Handle<Object> value);
+
// Does lazy compilation of the given function. Returns true on success and
// false if the compilation resulted in a stack overflow.
enum ClearExceptionFlag { KEEP_EXCEPTION, CLEAR_EXCEPTION };
diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index cd2601e..598596b 100644
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -258,12 +258,6 @@
// 'null' -> false.
CheckOddball(masm, NULL_TYPE, factory->null_value(), false, &patch);
- bool need_map =
- types_.Contains(SPEC_OBJECT) |
- types_.Contains(STRING) |
- types_.Contains(HEAP_NUMBER) |
- types_.Contains(INTERNAL_OBJECT);
-
if (types_.Contains(SMI)) {
// Smis: 0 -> false, all other -> true
Label not_smi;
@@ -274,12 +268,12 @@
}
__ ret(1 * kPointerSize);
__ bind(¬_smi);
- } else if (need_map) {
+ } else if (types_.NeedsMap()) {
// If we need a map later and have a Smi -> patch.
__ JumpIfSmi(argument, &patch, Label::kNear);
}
- if (need_map) {
+ if (types_.NeedsMap()) {
__ mov(map, FieldOperand(argument, HeapObject::kMapOffset));
// Everything with a map could be undetectable, so check this now.
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 7d41d95..994c9ff 100644
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -166,6 +166,11 @@
}
}
+ set_stack_height(2 + scope()->num_stack_slots());
+ if (FLAG_verify_stack_height) {
+ verify_stack_height();
+ }
+
bool function_in_register = true;
// Possibly allocate a local context.
@@ -358,6 +363,15 @@
}
+void FullCodeGenerator::verify_stack_height() {
+ ASSERT(FLAG_verify_stack_height);
+ __ sub(Operand(ebp), Immediate(kPointerSize * stack_height()));
+ __ cmp(ebp, Operand(esp));
+ __ Assert(equal, "Full codegen stack height not as expected.");
+ __ add(Operand(ebp), Immediate(kPointerSize * stack_height()));
+}
+
+
void FullCodeGenerator::EffectContext::Plug(Slot* slot) const {
}
@@ -372,6 +386,7 @@
MemOperand slot_operand = codegen()->EmitSlotSearch(slot, result_register());
// Memory operands can be pushed directly.
__ push(slot_operand);
+ codegen()->increment_stack_height();
}
@@ -425,6 +440,7 @@
} else {
__ push(Immediate(lit));
}
+ codegen()->increment_stack_height();
}
@@ -462,6 +478,7 @@
Register reg) const {
ASSERT(count > 0);
__ Drop(count);
+ codegen()->decrement_stack_height(count);
}
@@ -471,6 +488,7 @@
ASSERT(count > 0);
__ Drop(count);
__ Move(result_register(), reg);
+ codegen()->decrement_stack_height(count);
}
@@ -479,6 +497,7 @@
ASSERT(count > 0);
if (count > 1) __ Drop(count - 1);
__ mov(Operand(esp, 0), reg);
+ codegen()->decrement_stack_height(count - 1);
}
@@ -490,6 +509,7 @@
__ Move(result_register(), reg);
codegen()->PrepareForBailoutBeforeSplit(TOS_REG, false, NULL, NULL);
codegen()->DoTest(this);
+ codegen()->decrement_stack_height(count);
}
@@ -523,6 +543,7 @@
__ bind(materialize_false);
__ push(Immediate(isolate()->factory()->false_value()));
__ bind(&done);
+ codegen()->increment_stack_height();
}
@@ -550,6 +571,7 @@
? isolate()->factory()->true_value()
: isolate()->factory()->false_value();
__ push(Immediate(value));
+ codegen()->increment_stack_height();
}
@@ -722,14 +744,18 @@
// Note: For variables we must not push an initial value (such as
// 'undefined') because we may have a (legal) redeclaration and we
// must not destroy the current value.
+ increment_stack_height(3);
if (mode == Variable::CONST) {
__ push(Immediate(isolate()->factory()->the_hole_value()));
+ increment_stack_height();
} else if (function != NULL) {
VisitForStackValue(function);
} else {
__ push(Immediate(Smi::FromInt(0))); // No initial value!
+ increment_stack_height();
}
__ CallRuntime(Runtime::kDeclareContextSlot, 4);
+ decrement_stack_height(4);
break;
}
}
@@ -748,8 +774,10 @@
}
__ push(eax);
+ increment_stack_height();
VisitForAccumulatorValue(function);
__ pop(edx);
+ decrement_stack_height();
ASSERT(prop->key()->AsLiteral() != NULL &&
prop->key()->AsLiteral()->handle()->IsSmi());
@@ -785,6 +813,7 @@
Breakable nested_statement(this, stmt);
SetStatementPosition(stmt);
+ int switch_clause_stack_height = stack_height();
// Keep the switch value on the stack until a case matches.
VisitForStackValue(stmt->tag());
PrepareForBailoutForId(stmt->EntryId(), NO_REGISTERS);
@@ -849,6 +878,7 @@
__ jmp(default_clause->body_target());
}
+ set_stack_height(switch_clause_stack_height);
// Compile all the case bodies.
for (int i = 0; i < clauses->length(); i++) {
Comment cmnt(masm_, "[ Case body");
@@ -890,6 +920,7 @@
__ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
__ bind(&done_convert);
__ push(eax);
+ increment_stack_height();
// Check cache validity in generated code. This is a fast case for
// the JSObject::IsSimpleEnum cache validity checks. If we cannot
@@ -973,6 +1004,7 @@
__ push(eax); // Fixed array length (as smi).
__ push(Immediate(Smi::FromInt(0))); // Initial index.
+ increment_stack_height(4);
// Generate code for doing the condition check.
__ bind(&loop);
__ mov(eax, Operand(esp, 0 * kPointerSize)); // Get the current index.
@@ -1028,6 +1060,7 @@
__ bind(loop_statement.break_target());
__ add(Operand(esp), Immediate(5 * kPointerSize));
+ decrement_stack_height(5);
// Exit and decrement the loop depth.
__ bind(&exit);
decrement_loop_depth();
@@ -1363,6 +1396,7 @@
if (!result_saved) {
__ push(eax); // Save result on the stack
result_saved = true;
+ increment_stack_height();
}
switch (property->kind()) {
case ObjectLiteral::Property::MATERIALIZED_LITERAL:
@@ -1387,6 +1421,7 @@
// Fall through.
case ObjectLiteral::Property::PROTOTYPE:
__ push(Operand(esp, 0)); // Duplicate receiver.
+ increment_stack_height();
VisitForStackValue(key);
VisitForStackValue(value);
if (property->emit_store()) {
@@ -1395,16 +1430,20 @@
} else {
__ Drop(3);
}
+ decrement_stack_height(3);
break;
case ObjectLiteral::Property::SETTER:
case ObjectLiteral::Property::GETTER:
__ push(Operand(esp, 0)); // Duplicate receiver.
+ increment_stack_height();
VisitForStackValue(key);
__ push(Immediate(property->kind() == ObjectLiteral::Property::SETTER ?
Smi::FromInt(1) :
Smi::FromInt(0)));
+ increment_stack_height();
VisitForStackValue(value);
__ CallRuntime(Runtime::kDefineAccessor, 4);
+ decrement_stack_height(4);
break;
default: UNREACHABLE();
}
@@ -1467,6 +1506,7 @@
if (!result_saved) {
__ push(eax);
result_saved = true;
+ increment_stack_height();
}
VisitForAccumulatorValue(subexpr);
@@ -1495,7 +1535,9 @@
// Invalid left-hand sides are rewritten to have a 'throw ReferenceError'
// on the left-hand side.
if (!expr->target()->IsValidLeftHandSide()) {
- VisitForEffect(expr->target());
+ ASSERT(expr->target()->AsThrow() != NULL);
+ VisitInCurrentContext(expr->target()); // Throw does not plug the context
+ context()->Plug(eax);
return;
}
@@ -1520,6 +1562,7 @@
// We need the receiver both on the stack and in the accumulator.
VisitForAccumulatorValue(property->obj());
__ push(result_register());
+ increment_stack_height();
} else {
VisitForStackValue(property->obj());
}
@@ -1530,6 +1573,7 @@
VisitForAccumulatorValue(property->key());
__ mov(edx, Operand(esp, 0));
__ push(eax);
+ increment_stack_height();
} else {
VisitForStackValue(property->obj());
VisitForStackValue(property->key());
@@ -1541,7 +1585,8 @@
// For compound assignments we need another deoptimization point after the
// variable/property load.
if (expr->is_compound()) {
- { AccumulatorValueContext context(this);
+ AccumulatorValueContext result_context(this);
+ { AccumulatorValueContext left_operand_context(this);
switch (assign_type) {
case VARIABLE:
EmitVariableLoad(expr->target()->AsVariableProxy());
@@ -1560,13 +1605,13 @@
Token::Value op = expr->binary_op();
__ push(eax); // Left operand goes on the stack.
+ increment_stack_height();
VisitForAccumulatorValue(expr->value());
OverwriteMode mode = expr->value()->ResultOverwriteAllowed()
? OVERWRITE_RIGHT
: NO_OVERWRITE;
SetSourcePosition(expr->position() + 1);
- AccumulatorValueContext context(this);
if (ShouldInlineSmiCase(op)) {
EmitInlineSmiBinaryOp(expr->binary_operation(),
op,
@@ -1630,6 +1675,7 @@
// stack. Right operand is in eax.
Label smi_case, done, stub_call;
__ pop(edx);
+ decrement_stack_height();
__ mov(ecx, eax);
__ or_(eax, Operand(edx));
JumpPatchSite patch_site(masm_);
@@ -1721,6 +1767,7 @@
Token::Value op,
OverwriteMode mode) {
__ pop(edx);
+ decrement_stack_height();
BinaryOpStub stub(op, mode);
JumpPatchSite patch_site(masm_); // unbound, signals no inlined smi code.
__ call(stub.GetCode(), RelocInfo::CODE_TARGET, expr->id());
@@ -1733,7 +1780,9 @@
// Invalid left-hand sides are rewritten to have a 'throw
// ReferenceError' on the left-hand side.
if (!expr->IsValidLeftHandSide()) {
- VisitForEffect(expr);
+ ASSERT(expr->AsThrow() != NULL);
+ VisitInCurrentContext(expr); // Throw does not plug the context
+ context()->Plug(eax);
return;
}
@@ -1757,9 +1806,11 @@
}
case NAMED_PROPERTY: {
__ push(eax); // Preserve value.
+ increment_stack_height();
VisitForAccumulatorValue(prop->obj());
__ mov(edx, eax);
__ pop(eax); // Restore value.
+ decrement_stack_height();
__ mov(ecx, prop->key()->AsLiteral()->handle());
Handle<Code> ic = is_strict_mode()
? isolate()->builtins()->StoreIC_Initialize_Strict()
@@ -1769,6 +1820,7 @@
}
case KEYED_PROPERTY: {
__ push(eax); // Preserve value.
+ increment_stack_height();
if (prop->is_synthetic()) {
ASSERT(prop->obj()->AsVariableProxy() != NULL);
ASSERT(prop->key()->AsLiteral() != NULL);
@@ -1782,8 +1834,10 @@
VisitForAccumulatorValue(prop->key());
__ mov(ecx, eax);
__ pop(edx);
+ decrement_stack_height();
}
__ pop(eax); // Restore value.
+ decrement_stack_height();
Handle<Code> ic = is_strict_mode()
? isolate()->builtins()->KeyedStoreIC_Initialize_Strict()
: isolate()->builtins()->KeyedStoreIC_Initialize();
@@ -1900,6 +1954,7 @@
__ mov(edx, Operand(esp, 0));
} else {
__ pop(edx);
+ decrement_stack_height();
}
Handle<Code> ic = is_strict_mode()
? isolate()->builtins()->StoreIC_Initialize_Strict()
@@ -1913,6 +1968,7 @@
__ CallRuntime(Runtime::kToFastProperties, 1);
__ pop(eax);
__ Drop(1);
+ decrement_stack_height();
}
PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
context()->Plug(eax);
@@ -1934,10 +1990,12 @@
}
__ pop(ecx);
+ decrement_stack_height();
if (expr->ends_initialization_block()) {
__ mov(edx, Operand(esp, 0)); // Leave receiver on the stack for later.
} else {
__ pop(edx);
+ decrement_stack_height();
}
// Record source code position before IC call.
SetSourcePosition(expr->position());
@@ -1953,6 +2011,7 @@
__ push(edx);
__ CallRuntime(Runtime::kToFastProperties, 1);
__ pop(eax);
+ decrement_stack_height();
}
PrepareForBailoutForId(expr->AssignmentId(), TOS_REG);
@@ -1972,6 +2031,7 @@
VisitForStackValue(expr->obj());
VisitForAccumulatorValue(expr->key());
__ pop(edx);
+ decrement_stack_height();
EmitKeyedPropertyLoad(expr);
context()->Plug(eax);
}
@@ -1999,6 +2059,7 @@
RecordJSReturnSite(expr);
// Restore context register.
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+ decrement_stack_height(arg_count + 1);
context()->Plug(eax);
}
@@ -2013,6 +2074,7 @@
__ pop(ecx);
__ push(eax);
__ push(ecx);
+ increment_stack_height();
// Load the arguments.
ZoneList<Expression*>* args = expr->arguments();
@@ -2032,6 +2094,7 @@
RecordJSReturnSite(expr);
// Restore context register.
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+ decrement_stack_height(arg_count + 1);
context()->DropAndPlug(1, eax); // Drop the key still on the stack.
}
@@ -2053,6 +2116,8 @@
RecordJSReturnSite(expr);
// Restore context register.
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+
+ decrement_stack_height(arg_count + 1);
context()->DropAndPlug(1, eax);
}
@@ -2100,7 +2165,7 @@
VisitForStackValue(fun);
// Reserved receiver slot.
__ push(Immediate(isolate()->factory()->undefined_value()));
-
+ increment_stack_height();
// Push the arguments.
for (int i = 0; i < arg_count; i++) {
VisitForStackValue(args->at(i));
@@ -2144,10 +2209,12 @@
RecordJSReturnSite(expr);
// Restore context register.
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+ decrement_stack_height(arg_count + 1); // Function is left on the stack.
context()->DropAndPlug(1, eax);
} else if (var != NULL && !var->is_this() && var->is_global()) {
// Push global object as receiver for the call IC.
__ push(GlobalObjectOperand());
+ increment_stack_height();
EmitCallWithIC(expr, var->name(), RelocInfo::CODE_TARGET_CONTEXT);
} else if (var != NULL && var->AsSlot() != NULL &&
var->AsSlot()->type() == Slot::LOOKUP) {
@@ -2170,7 +2237,9 @@
__ push(Immediate(var->name()));
__ CallRuntime(Runtime::kLoadContextSlot, 2);
__ push(eax); // Function.
+ increment_stack_height();
__ push(edx); // Receiver.
+ increment_stack_height();
// If fast case code has been generated, emit code to push the
// function and receiver and have the slow path jump around this
@@ -2179,7 +2248,7 @@
Label call;
__ jmp(&call);
__ bind(&done);
- // Push function.
+ // Push function. Stack height already incremented in slow case above.
__ push(eax);
// The receiver is implicitly the global receiver. Indicate this
// by passing the hole to the call function stub.
@@ -2225,9 +2294,11 @@
__ call(ic, RelocInfo::CODE_TARGET, GetPropertyId(prop));
// Push result (function).
__ push(eax);
+ increment_stack_height();
// Push Global receiver.
__ mov(ecx, GlobalObjectOperand());
__ push(FieldOperand(ecx, GlobalObject::kGlobalReceiverOffset));
+ increment_stack_height();
EmitCallWithStub(expr, NO_CALL_FUNCTION_FLAGS);
} else {
{ PreservePositionScope scope(masm()->positions_recorder());
@@ -2243,6 +2314,7 @@
// Load global receiver object.
__ mov(ebx, GlobalObjectOperand());
__ push(FieldOperand(ebx, GlobalObject::kGlobalReceiverOffset));
+ increment_stack_height();
// Emit function call.
EmitCallWithStub(expr, NO_CALL_FUNCTION_FLAGS);
}
@@ -2283,6 +2355,8 @@
Handle<Code> construct_builtin =
isolate()->builtins()->JSConstructCall();
__ call(construct_builtin, RelocInfo::CONSTRUCT_CALL);
+
+ decrement_stack_height(arg_count + 1);
context()->Plug(eax);
}
@@ -2595,6 +2669,7 @@
&if_true, &if_false, &fall_through);
__ pop(ebx);
+ decrement_stack_height();
__ cmp(eax, Operand(ebx));
PrepareForBailoutBeforeSplit(TOS_REG, true, if_true, if_false);
Split(equal, if_true, if_false, fall_through);
@@ -2709,6 +2784,7 @@
VisitForStackValue(args->at(1));
VisitForStackValue(args->at(2));
__ CallRuntime(Runtime::kLog, 2);
+ decrement_stack_height(2);
}
// Finally, we're expected to leave a value on the top of the stack.
__ mov(eax, isolate()->factory()->undefined_value());
@@ -2774,6 +2850,7 @@
VisitForStackValue(args->at(1));
VisitForStackValue(args->at(2));
__ CallStub(&stub);
+ decrement_stack_height(3);
context()->Plug(eax);
}
@@ -2787,6 +2864,7 @@
VisitForStackValue(args->at(2));
VisitForStackValue(args->at(3));
__ CallStub(&stub);
+ decrement_stack_height(4);
context()->Plug(eax);
}
@@ -2821,6 +2899,7 @@
} else {
__ CallRuntime(Runtime::kMath_pow, 2);
}
+ decrement_stack_height(2);
context()->Plug(eax);
}
@@ -2831,6 +2910,7 @@
VisitForStackValue(args->at(0)); // Load the object.
VisitForAccumulatorValue(args->at(1)); // Load the value.
__ pop(ebx); // eax = value. ebx = object.
+ decrement_stack_height();
Label done;
// If the object is a smi, return the value.
@@ -2860,6 +2940,7 @@
NumberToStringStub stub;
__ CallStub(&stub);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -2894,6 +2975,7 @@
Register result = edx;
__ pop(object);
+ decrement_stack_height();
Label need_conversion;
Label index_out_of_range;
@@ -2942,6 +3024,7 @@
Register result = eax;
__ pop(object);
+ decrement_stack_height();
Label need_conversion;
Label index_out_of_range;
@@ -2986,6 +3069,7 @@
StringAddStub stub(NO_STRING_ADD_FLAGS);
__ CallStub(&stub);
+ decrement_stack_height(2);
context()->Plug(eax);
}
@@ -2998,6 +3082,7 @@
StringCompareStub stub;
__ CallStub(&stub);
+ decrement_stack_height(2);
context()->Plug(eax);
}
@@ -3009,6 +3094,7 @@
ASSERT(args->length() == 1);
VisitForStackValue(args->at(0));
__ CallStub(&stub);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3020,6 +3106,7 @@
ASSERT(args->length() == 1);
VisitForStackValue(args->at(0));
__ CallStub(&stub);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3031,6 +3118,7 @@
ASSERT(args->length() == 1);
VisitForStackValue(args->at(0));
__ CallStub(&stub);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3040,6 +3128,7 @@
ASSERT(args->length() == 1);
VisitForStackValue(args->at(0));
__ CallRuntime(Runtime::kMath_sqrt, 1);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3059,6 +3148,7 @@
__ InvokeFunction(edi, count, CALL_FUNCTION,
NullCallWrapper(), CALL_AS_METHOD);
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+ decrement_stack_height(arg_count + 1);
context()->Plug(eax);
}
@@ -3071,6 +3161,7 @@
VisitForStackValue(args->at(1));
VisitForStackValue(args->at(2));
__ CallStub(&stub);
+ decrement_stack_height(3);
context()->Plug(eax);
}
@@ -3144,6 +3235,7 @@
__ CallRuntime(Runtime::kSwapElements, 3);
__ bind(&done);
+ decrement_stack_height(3);
context()->Plug(eax);
}
@@ -3229,6 +3321,7 @@
__ mov(eax, Immediate(isolate()->factory()->true_value()));
__ bind(&done);
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3532,6 +3625,7 @@
__ add(Operand(esp), Immediate(3 * kPointerSize));
__ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+ decrement_stack_height();
context()->Plug(eax);
}
@@ -3584,6 +3678,7 @@
// Prepare for calling JS runtime function.
__ mov(eax, GlobalObjectOperand());
__ push(FieldOperand(eax, GlobalObject::kBuiltinsOffset));
+ increment_stack_height();
}
// Push the arguments ("left-to-right").
@@ -3606,6 +3701,11 @@
// Call the C runtime function.
__ CallRuntime(expr->function(), arg_count);
}
+ decrement_stack_height(arg_count);
+ if (expr->is_jsruntime()) {
+ decrement_stack_height();
+ }
+
context()->Plug(eax);
}
@@ -3627,6 +3727,7 @@
VisitForStackValue(prop->key());
__ push(Immediate(Smi::FromInt(strict_mode_flag())));
__ InvokeBuiltin(Builtins::DELETE, CALL_FUNCTION);
+ decrement_stack_height(2);
context()->Plug(eax);
}
} else if (var != NULL) {
@@ -3696,6 +3797,7 @@
VisitForTypeofValue(expr->expression());
}
__ CallRuntime(Runtime::kTypeof, 1);
+ decrement_stack_height();
context()->Plug(eax);
break;
}
@@ -3750,7 +3852,10 @@
// Invalid left-hand sides are rewritten to have a 'throw ReferenceError'
// as the left-hand side.
if (!expr->expression()->IsValidLeftHandSide()) {
- VisitForEffect(expr->expression());
+ ASSERT(expr->expression()->AsThrow() != NULL);
+ VisitInCurrentContext(expr->expression());
+ // Visiting Throw does not plug the context.
+ context()->Plug(eax);
return;
}
@@ -3775,17 +3880,20 @@
// Reserve space for result of postfix operation.
if (expr->is_postfix() && !context()->IsEffect()) {
__ push(Immediate(Smi::FromInt(0)));
+ increment_stack_height();
}
if (assign_type == NAMED_PROPERTY) {
// Put the object both on the stack and in the accumulator.
VisitForAccumulatorValue(prop->obj());
__ push(eax);
+ increment_stack_height();
EmitNamedPropertyLoad(prop);
} else {
VisitForStackValue(prop->obj());
VisitForAccumulatorValue(prop->key());
__ mov(edx, Operand(esp, 0));
__ push(eax);
+ increment_stack_height();
EmitKeyedPropertyLoad(prop);
}
}
@@ -3816,6 +3924,7 @@
switch (assign_type) {
case VARIABLE:
__ push(eax);
+ increment_stack_height();
break;
case NAMED_PROPERTY:
__ mov(Operand(esp, kPointerSize), eax);
@@ -3889,6 +3998,7 @@
case NAMED_PROPERTY: {
__ mov(ecx, prop->key()->AsLiteral()->handle());
__ pop(edx);
+ decrement_stack_height();
Handle<Code> ic = is_strict_mode()
? isolate()->builtins()->StoreIC_Initialize_Strict()
: isolate()->builtins()->StoreIC_Initialize();
@@ -3906,6 +4016,8 @@
case KEYED_PROPERTY: {
__ pop(ecx);
__ pop(edx);
+ decrement_stack_height();
+ decrement_stack_height();
Handle<Code> ic = is_strict_mode()
? isolate()->builtins()->KeyedStoreIC_Initialize_Strict()
: isolate()->builtins()->KeyedStoreIC_Initialize();
@@ -4063,6 +4175,7 @@
case Token::IN:
VisitForStackValue(expr->right());
__ InvokeBuiltin(Builtins::IN, CALL_FUNCTION);
+ decrement_stack_height(2);
PrepareForBailoutBeforeSplit(TOS_REG, false, NULL, NULL);
__ cmp(eax, isolate()->factory()->true_value());
Split(equal, if_true, if_false, fall_through);
@@ -4072,6 +4185,7 @@
VisitForStackValue(expr->right());
InstanceofStub stub(InstanceofStub::kNoFlags);
__ CallStub(&stub);
+ decrement_stack_height(2);
PrepareForBailoutBeforeSplit(TOS_REG, true, if_true, if_false);
__ test(eax, Operand(eax));
// The stub returns 0 for true.
@@ -4116,6 +4230,7 @@
default:
UNREACHABLE();
}
+ decrement_stack_height();
bool inline_smi_code = ShouldInlineSmiCase(op);
JumpPatchSite patch_site(masm_);
diff --git a/src/ia32/lithium-codegen-ia32.cc b/src/ia32/lithium-codegen-ia32.cc
index 6f99781..4be78e6 100644
--- a/src/ia32/lithium-codegen-ia32.cc
+++ b/src/ia32/lithium-codegen-ia32.cc
@@ -1400,37 +1400,124 @@
Label* true_label = chunk_->GetAssemblyLabel(true_block);
Label* false_label = chunk_->GetAssemblyLabel(false_block);
- __ cmp(reg, factory()->undefined_value());
- __ j(equal, false_label);
- __ cmp(reg, factory()->true_value());
- __ j(equal, true_label);
- __ cmp(reg, factory()->false_value());
- __ j(equal, false_label);
- __ test(reg, Operand(reg));
- __ j(equal, false_label);
- __ JumpIfSmi(reg, true_label);
+ ToBooleanStub::Types expected = instr->hydrogen()->expected_input_types();
+ // Avoid deopts in the case where we've never executed this path before.
+ if (expected.IsEmpty()) expected = ToBooleanStub::all_types();
- // Test for double values. Zero is false.
- Label call_stub;
- __ cmp(FieldOperand(reg, HeapObject::kMapOffset),
- factory()->heap_number_map());
- __ j(not_equal, &call_stub, Label::kNear);
- __ fldz();
- __ fld_d(FieldOperand(reg, HeapNumber::kValueOffset));
- __ FCmp();
- __ j(zero, false_label);
- __ jmp(true_label);
+ if (expected.Contains(ToBooleanStub::UNDEFINED)) {
+ // undefined -> false.
+ __ cmp(reg, factory()->undefined_value());
+ __ j(equal, false_label);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen undefined for the first time -> deopt.
+ __ cmp(reg, factory()->undefined_value());
+ DeoptimizeIf(equal, instr->environment());
+ }
- // The conversion stub doesn't cause garbage collections so it's
- // safe to not record a safepoint after the call.
- __ bind(&call_stub);
- ToBooleanStub stub(eax, ToBooleanStub::all_types());
- __ pushad();
- __ push(reg);
- __ CallStub(&stub);
- __ test(eax, Operand(eax));
- __ popad();
- EmitBranch(true_block, false_block, not_zero);
+ if (expected.Contains(ToBooleanStub::BOOLEAN)) {
+ // true -> true.
+ __ cmp(reg, factory()->true_value());
+ __ j(equal, true_label);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen a boolean for the first time -> deopt.
+ __ cmp(reg, factory()->true_value());
+ DeoptimizeIf(equal, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::BOOLEAN)) {
+ // false -> false.
+ __ cmp(reg, factory()->false_value());
+ __ j(equal, false_label);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen a boolean for the first time -> deopt.
+ __ cmp(reg, factory()->false_value());
+ DeoptimizeIf(equal, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::NULL_TYPE)) {
+ // 'null' -> false.
+ __ cmp(reg, factory()->null_value());
+ __ j(equal, false_label);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen null for the first time -> deopt.
+ __ cmp(reg, factory()->null_value());
+ DeoptimizeIf(equal, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::SMI)) {
+ // Smis: 0 -> false, all other -> true.
+ __ test(reg, Operand(reg));
+ __ j(equal, false_label);
+ __ JumpIfSmi(reg, true_label);
+ } else if (expected.NeedsMap()) {
+ // If we need a map later and have a Smi -> deopt.
+ __ test(reg, Immediate(kSmiTagMask));
+ DeoptimizeIf(zero, instr->environment());
+ }
+
+ Register map;
+ if (expected.NeedsMap()) {
+ map = ToRegister(instr->TempAt(0));
+ ASSERT(!map.is(reg));
+ __ mov(map, FieldOperand(reg, HeapObject::kMapOffset));
+ // Everything with a map could be undetectable, so check this now.
+ __ test_b(FieldOperand(map, Map::kBitFieldOffset),
+ 1 << Map::kIsUndetectable);
+ // Undetectable -> false.
+ __ j(not_zero, false_label);
+ }
+
+ if (expected.Contains(ToBooleanStub::SPEC_OBJECT)) {
+ // spec object -> true.
+ __ CmpInstanceType(map, FIRST_SPEC_OBJECT_TYPE);
+ __ j(above_equal, true_label);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen a spec object for the first time -> deopt.
+ __ CmpInstanceType(map, FIRST_SPEC_OBJECT_TYPE);
+ DeoptimizeIf(above_equal, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::STRING)) {
+ // String value -> false iff empty.
+ Label not_string;
+ __ CmpInstanceType(map, FIRST_NONSTRING_TYPE);
+ __ j(above_equal, ¬_string, Label::kNear);
+ __ cmp(FieldOperand(reg, String::kLengthOffset), Immediate(0));
+ __ j(not_zero, true_label);
+ __ jmp(false_label);
+ __ bind(¬_string);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen a string for the first time -> deopt
+ __ CmpInstanceType(map, FIRST_NONSTRING_TYPE);
+ DeoptimizeIf(below, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::HEAP_NUMBER)) {
+ // heap number -> false iff +0, -0, or NaN.
+ Label not_heap_number;
+ __ cmp(FieldOperand(reg, HeapObject::kMapOffset),
+ factory()->heap_number_map());
+ __ j(not_equal, ¬_heap_number, Label::kNear);
+ __ fldz();
+ __ fld_d(FieldOperand(reg, HeapNumber::kValueOffset));
+ __ FCmp();
+ __ j(zero, false_label);
+ __ jmp(true_label);
+ __ bind(¬_heap_number);
+ } else if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // We've seen a heap number for the first time -> deopt.
+ __ cmp(FieldOperand(reg, HeapObject::kMapOffset),
+ factory()->heap_number_map());
+ DeoptimizeIf(equal, instr->environment());
+ }
+
+ if (expected.Contains(ToBooleanStub::INTERNAL_OBJECT)) {
+ // internal objects -> true
+ __ jmp(true_label);
+ } else {
+ // We've seen something for the first time -> deopt.
+ DeoptimizeIf(no_condition, instr->environment());
+ }
}
}
}
diff --git a/src/ia32/lithium-ia32.cc b/src/ia32/lithium-ia32.cc
index 9951d25..07867c7 100644
--- a/src/ia32/lithium-ia32.cc
+++ b/src/ia32/lithium-ia32.cc
@@ -1041,7 +1041,16 @@
: instr->SecondSuccessor();
return new LGoto(successor->block_id());
}
- return new LBranch(UseRegisterAtStart(v));
+ ToBooleanStub::Types expected = instr->expected_input_types();
+ // We need a temporary register when we have to access the map *or* we have
+ // no type info yet, in which case we handle all cases (including the ones
+ // involving maps).
+ bool needs_temp = expected.NeedsMap() || expected.IsEmpty();
+ LOperand* temp = needs_temp ? TempRegister() : NULL;
+ LInstruction* branch = new LBranch(UseRegister(v), temp);
+ // When we handle all cases, we never deopt, so we don't need to assign the
+ // environment then.
+ return expected.IsAll() ? branch : AssignEnvironment(branch);
}
diff --git a/src/ia32/lithium-ia32.h b/src/ia32/lithium-ia32.h
index 6b60a6e..efa048d 100644
--- a/src/ia32/lithium-ia32.h
+++ b/src/ia32/lithium-ia32.h
@@ -876,10 +876,11 @@
};
-class LBranch: public LControlInstruction<1, 0> {
+class LBranch: public LControlInstruction<1, 1> {
public:
- explicit LBranch(LOperand* value) {
+ explicit LBranch(LOperand* value, LOperand* temp) {
inputs_[0] = value;
+ temps_[0] = temp;
}
DECLARE_CONCRETE_INSTRUCTION(Branch, "branch")
diff --git a/src/ic.cc b/src/ic.cc
index c5a9f3d..0d0b935 100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -88,7 +88,8 @@
// function and the original code.
JSFunction* function = JSFunction::cast(frame->function());
function->PrintName();
- int code_offset = address() - js_code->instruction_start();
+ int code_offset =
+ static_cast<int>(address() - js_code->instruction_start());
PrintF("+%d", code_offset);
} else {
PrintF("<unknown>");
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 53a3183..34b7c2e 100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -4252,6 +4252,11 @@
}
+bool JSObject::HasHiddenProperties() {
+ return !GetHiddenProperties(OMIT_CREATION)->ToObjectChecked()->IsUndefined();
+}
+
+
bool JSObject::HasElement(uint32_t index) {
return HasElementWithReceiver(this, index);
}
@@ -4367,6 +4372,31 @@
}
+bool ObjectHashTableShape::IsMatch(JSObject* key, Object* other) {
+ return key == JSObject::cast(other);
+}
+
+
+uint32_t ObjectHashTableShape::Hash(JSObject* key) {
+ MaybeObject* maybe_hash = key->GetIdentityHash(JSObject::OMIT_CREATION);
+ ASSERT(!maybe_hash->IsFailure());
+ return Smi::cast(maybe_hash->ToObjectUnchecked())->value();
+}
+
+
+uint32_t ObjectHashTableShape::HashForObject(JSObject* key, Object* other) {
+ MaybeObject* maybe_hash = JSObject::cast(other)->GetIdentityHash(
+ JSObject::OMIT_CREATION);
+ ASSERT(!maybe_hash->IsFailure());
+ return Smi::cast(maybe_hash->ToObjectUnchecked())->value();
+}
+
+
+MaybeObject* ObjectHashTableShape::AsObject(JSObject* key) {
+ return key;
+}
+
+
void Map::ClearCodeCache(Heap* heap) {
// No write barrier is needed since empty_fixed_array is not in new space.
// Please note this function is used during marking:
diff --git a/src/objects-printer.cc b/src/objects-printer.cc
index fa03447..5cb5269 100644
--- a/src/objects-printer.cc
+++ b/src/objects-printer.cc
@@ -560,6 +560,21 @@
}
+// This method is only meant to be called from gdb for debugging purposes.
+// Since the string can also be in two-byte encoding, non-ascii characters
+// will be ignored in the output.
+char* String::ToAsciiArray() {
+ // Static so that subsequent calls frees previously allocated space.
+ // This also means that previous results will be overwritten.
+ static char* buffer = NULL;
+ if (buffer != NULL) free(buffer);
+ buffer = new char[length()+1];
+ WriteToFlat(this, buffer, 0, length());
+ buffer[length()] = 0;
+ return buffer;
+}
+
+
void JSProxy::JSProxyPrint(FILE* out) {
HeapObject::PrintHeader(out, "JSProxy");
PrintF(out, " - map = 0x%p\n", reinterpret_cast<void*>(map()));
diff --git a/src/objects.cc b/src/objects.cc
index a423ae4..ba5aa77 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -2967,6 +2967,91 @@
}
+MaybeObject* JSObject::GetHiddenProperties(HiddenPropertiesFlag flag) {
+ Isolate* isolate = GetIsolate();
+ Heap* heap = isolate->heap();
+ Object* holder = BypassGlobalProxy();
+ if (holder->IsUndefined()) return heap->undefined_value();
+ JSObject* obj = JSObject::cast(holder);
+ if (obj->HasFastProperties()) {
+ // If the object has fast properties, check whether the first slot
+ // in the descriptor array matches the hidden symbol. Since the
+ // hidden symbols hash code is zero (and no other string has hash
+ // code zero) it will always occupy the first entry if present.
+ DescriptorArray* descriptors = obj->map()->instance_descriptors();
+ if ((descriptors->number_of_descriptors() > 0) &&
+ (descriptors->GetKey(0) == heap->hidden_symbol()) &&
+ descriptors->IsProperty(0)) {
+ ASSERT(descriptors->GetType(0) == FIELD);
+ return obj->FastPropertyAt(descriptors->GetFieldIndex(0));
+ }
+ }
+
+ // Only attempt to find the hidden properties in the local object and not
+ // in the prototype chain.
+ if (!obj->HasHiddenPropertiesObject()) {
+ // Hidden properties object not found. Allocate a new hidden properties
+ // object if requested. Otherwise return the undefined value.
+ if (flag == ALLOW_CREATION) {
+ Object* hidden_obj;
+ { MaybeObject* maybe_obj = heap->AllocateJSObject(
+ isolate->context()->global_context()->object_function());
+ if (!maybe_obj->ToObject(&hidden_obj)) return maybe_obj;
+ }
+ return obj->SetHiddenPropertiesObject(hidden_obj);
+ } else {
+ return heap->undefined_value();
+ }
+ }
+ return obj->GetHiddenPropertiesObject();
+}
+
+
+MaybeObject* JSObject::GetIdentityHash(HiddenPropertiesFlag flag) {
+ Isolate* isolate = GetIsolate();
+ Object* hidden_props_obj;
+ { MaybeObject* maybe_obj = GetHiddenProperties(flag);
+ if (!maybe_obj->ToObject(&hidden_props_obj)) return maybe_obj;
+ }
+ if (!hidden_props_obj->IsJSObject()) {
+ // We failed to create hidden properties. That's a detached
+ // global proxy.
+ ASSERT(hidden_props_obj->IsUndefined());
+ return Smi::FromInt(0);
+ }
+ JSObject* hidden_props = JSObject::cast(hidden_props_obj);
+ String* hash_symbol = isolate->heap()->identity_hash_symbol();
+ {
+ // Note that HasLocalProperty() can cause a GC in the general case in the
+ // presence of interceptors.
+ AssertNoAllocation no_alloc;
+ if (hidden_props->HasLocalProperty(hash_symbol)) {
+ MaybeObject* hash = hidden_props->GetProperty(hash_symbol);
+ return Smi::cast(hash->ToObjectChecked());
+ }
+ }
+
+ int hash_value;
+ int attempts = 0;
+ do {
+ // Generate a random 32-bit hash value but limit range to fit
+ // within a smi.
+ hash_value = V8::Random(isolate) & Smi::kMaxValue;
+ attempts++;
+ } while (hash_value == 0 && attempts < 30);
+ hash_value = hash_value != 0 ? hash_value : 1; // never return 0
+
+ Smi* hash = Smi::FromInt(hash_value);
+ { MaybeObject* result = hidden_props->SetLocalPropertyIgnoreAttributes(
+ hash_symbol,
+ hash,
+ static_cast<PropertyAttributes>(None));
+ if (result->IsFailure()) return result;
+ }
+ return hash;
+}
+
+
MaybeObject* JSObject::DeletePropertyPostInterceptor(String* name,
DeleteMode mode) {
// Check local property, ignore interceptor.
@@ -10380,6 +10465,8 @@
template class HashTable<MapCacheShape, HashTableKey*>;
+template class HashTable<ObjectHashTableShape, JSObject*>;
+
template class Dictionary<StringDictionaryShape, String*>;
template class Dictionary<NumberDictionaryShape, uint32_t>;
@@ -11691,6 +11778,64 @@
}
+Object* ObjectHashTable::Lookup(JSObject* key) {
+ // If the object does not have an identity hash, it was never used as a key.
+ MaybeObject* maybe_hash = key->GetIdentityHash(JSObject::OMIT_CREATION);
+ if (maybe_hash->IsFailure()) return GetHeap()->undefined_value();
+ int entry = FindEntry(key);
+ if (entry == kNotFound) return GetHeap()->undefined_value();
+ return get(EntryToIndex(entry) + 1);
+}
+
+
+MaybeObject* ObjectHashTable::Put(JSObject* key, Object* value) {
+ // Make sure the key object has an identity hash code.
+ int hash;
+ { MaybeObject* maybe_hash = key->GetIdentityHash(JSObject::ALLOW_CREATION);
+ if (maybe_hash->IsFailure()) return maybe_hash;
+ hash = Smi::cast(maybe_hash->ToObjectUnchecked())->value();
+ }
+ int entry = FindEntry(key);
+
+ // Check whether to perform removal operation.
+ if (value->IsUndefined()) {
+ if (entry == kNotFound) return this;
+ RemoveEntry(entry);
+ return Shrink(key);
+ }
+
+ // Key is already in table, just overwrite value.
+ if (entry != kNotFound) {
+ set(EntryToIndex(entry) + 1, value);
+ return this;
+ }
+
+ // Check whether the hash table should be extended.
+ Object* obj;
+ { MaybeObject* maybe_obj = EnsureCapacity(1, key);
+ if (!maybe_obj->ToObject(&obj)) return maybe_obj;
+ }
+ ObjectHashTable* table = ObjectHashTable::cast(obj);
+ table->AddEntry(table->FindInsertionEntry(hash), key, value);
+ return table;
+}
+
+
+void ObjectHashTable::AddEntry(int entry, JSObject* key, Object* value) {
+ set(EntryToIndex(entry), key);
+ set(EntryToIndex(entry) + 1, value);
+ ElementAdded();
+}
+
+
+void ObjectHashTable::RemoveEntry(int entry) {
+ Object* null_value = GetHeap()->null_value();
+ set(EntryToIndex(entry), null_value);
+ set(EntryToIndex(entry) + 1, null_value);
+ ElementRemoved();
+}
+
+
#ifdef ENABLE_DEBUGGER_SUPPORT
// Check if there is a break point at this code position.
bool DebugInfo::HasBreakPoint(int code_position) {
diff --git a/src/objects.h b/src/objects.h
index 9ef14db..ba690ec 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -1638,6 +1638,23 @@
MUST_USE_RESULT inline MaybeObject* SetHiddenPropertiesObject(
Object* hidden_obj);
+ // Indicates whether the hidden properties object should be created.
+ enum HiddenPropertiesFlag { ALLOW_CREATION, OMIT_CREATION };
+
+ // Retrieves the hidden properties object.
+ //
+ // The undefined value might be returned in case no hidden properties object
+ // is present and creation was omitted.
+ inline bool HasHiddenProperties();
+ MUST_USE_RESULT MaybeObject* GetHiddenProperties(HiddenPropertiesFlag flag);
+
+ // Retrieves a permanent object identity hash code.
+ //
+ // The identity hash is stored as a hidden property. The undefined value might
+ // be returned in case no hidden properties object is present and creation was
+ // omitted.
+ MUST_USE_RESULT MaybeObject* GetIdentityHash(HiddenPropertiesFlag flag);
+
MUST_USE_RESULT MaybeObject* DeleteProperty(String* name, DeleteMode mode);
MUST_USE_RESULT MaybeObject* DeleteElement(uint32_t index, DeleteMode mode);
@@ -2933,6 +2950,40 @@
};
+class ObjectHashTableShape {
+ public:
+ static inline bool IsMatch(JSObject* key, Object* other);
+ static inline uint32_t Hash(JSObject* key);
+ static inline uint32_t HashForObject(JSObject* key, Object* object);
+ MUST_USE_RESULT static inline MaybeObject* AsObject(JSObject* key);
+ static const int kPrefixSize = 0;
+ static const int kEntrySize = 2;
+};
+
+
+// ObjectHashTable maps keys that are JavaScript objects to object values by
+// using the identity hash of the key for hashing purposes.
+class ObjectHashTable: public HashTable<ObjectHashTableShape, JSObject*> {
+ public:
+ static inline ObjectHashTable* cast(Object* obj) {
+ ASSERT(obj->IsHashTable());
+ return reinterpret_cast<ObjectHashTable*>(obj);
+ }
+
+ // Looks up the value associated with the given key. The undefined value is
+ // returned in case the key is not present.
+ Object* Lookup(JSObject* key);
+
+ // Adds (or overwrites) the value associated with the given key. Mapping a
+ // key to the undefined value causes removal of the whole entry.
+ MUST_USE_RESULT MaybeObject* Put(JSObject* key, Object* value);
+
+ private:
+ void AddEntry(int entry, JSObject* key, Object* value);
+ void RemoveEntry(int entry);
+};
+
+
// JSFunctionResultCache caches results of some JSFunction invocation.
// It is a fixed array with fixed structure:
// [0]: factory function
@@ -5876,6 +5927,8 @@
StringPrint(stdout);
}
void StringPrint(FILE* out);
+
+ char* ToAsciiArray();
#endif
#ifdef DEBUG
void StringVerify();
diff --git a/src/parser.cc b/src/parser.cc
index 5704cb8..3bfc94f 100644
--- a/src/parser.cc
+++ b/src/parser.cc
@@ -2755,7 +2755,7 @@
Handle<String> name = callee->name();
Variable* var = top_scope_->Lookup(name);
if (var == NULL) {
- top_scope_->RecordEvalCall();
+ top_scope_->DeclarationScope()->RecordEvalCall();
}
}
result = NewCall(result, args, pos);
diff --git a/src/runtime.cc b/src/runtime.cc
index df225b6..f965276 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -4532,7 +4532,7 @@
for (int i = 0; i < length; i++) {
jsproto->GetLocalPropertyNames(*names,
i == 0 ? 0 : local_property_count[i - 1]);
- if (!GetHiddenProperties(jsproto, false)->IsUndefined()) {
+ if (jsproto->HasHiddenProperties()) {
proto_with_hidden_properties++;
}
if (i < length - 1) {
diff --git a/src/scopes.h b/src/scopes.h
index e76fb50..d4eb17c 100644
--- a/src/scopes.h
+++ b/src/scopes.h
@@ -357,11 +357,17 @@
// Illegal redeclaration.
Expression* illegal_redecl_;
- // Scope-specific information.
- bool scope_inside_with_; // this scope is inside a 'with' of some outer scope
- bool scope_contains_with_; // this scope contains a 'with' statement
- bool scope_calls_eval_; // this scope contains an 'eval' call
- bool strict_mode_; // this scope is a strict mode scope
+ // Scope-specific information computed during parsing.
+ //
+ // This scope is inside a 'with' of some outer scope.
+ bool scope_inside_with_;
+ // This scope contains a 'with' statement.
+ bool scope_contains_with_;
+ // This scope or a nested catch scope or with scope contain an 'eval' call. At
+ // the 'eval' call site this scope is the declaration scope.
+ bool scope_calls_eval_;
+ // This scope is a strict mode scope.
+ bool strict_mode_;
// Computed via PropagateScopeInfo.
bool outer_scope_calls_eval_;
diff --git a/src/version.cc b/src/version.cc
index eac99e2..226d2e2 100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -34,7 +34,7 @@
// cannot be changed without changing the SCons build script.
#define MAJOR_VERSION 3
#define MINOR_VERSION 5
-#define BUILD_NUMBER 1
+#define BUILD_NUMBER 2
#define PATCH_LEVEL 0
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
diff --git a/test/cctest/SConscript b/test/cctest/SConscript
index b0a7166..a228ac1 100644
--- a/test/cctest/SConscript
+++ b/test/cctest/SConscript
@@ -65,6 +65,7 @@
'test-debug.cc',
'test-decls.cc',
'test-deoptimization.cc',
+ 'test-dictionary.cc',
'test-diy-fp.cc',
'test-double.cc',
'test-dtoa.cc',
diff --git a/test/cctest/cctest.gyp b/test/cctest/cctest.gyp
index 9cbcb9c..07d12c8 100644
--- a/test/cctest/cctest.gyp
+++ b/test/cctest/cctest.gyp
@@ -61,6 +61,7 @@
'test-debug.cc',
'test-decls.cc',
'test-deoptimization.cc',
+ 'test-dictionary.cc',
'test-diy-fp.cc',
'test-double.cc',
'test-dtoa.cc',
diff --git a/test/cctest/test-dictionary.cc b/test/cctest/test-dictionary.cc
new file mode 100644
index 0000000..15a854b
--- /dev/null
+++ b/test/cctest/test-dictionary.cc
@@ -0,0 +1,85 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "v8.h"
+
+#include "api.h"
+#include "debug.h"
+#include "execution.h"
+#include "factory.h"
+#include "macro-assembler.h"
+#include "objects.h"
+#include "global-handles.h"
+#include "cctest.h"
+
+using namespace v8::internal;
+
+TEST(ObjectHashTable) {
+ v8::HandleScope scope;
+ LocalContext context;
+ Handle<ObjectHashTable> table = FACTORY->NewObjectHashTable(23);
+ Handle<JSObject> a = FACTORY->NewJSArray(7);
+ Handle<JSObject> b = FACTORY->NewJSArray(11);
+ table = PutIntoObjectHashTable(table, a, b);
+ CHECK_EQ(table->NumberOfElements(), 1);
+ CHECK_EQ(table->Lookup(*a), *b);
+ CHECK_EQ(table->Lookup(*b), HEAP->undefined_value());
+
+ // Keys still have to be valid after objects were moved.
+ HEAP->CollectGarbage(NEW_SPACE);
+ CHECK_EQ(table->NumberOfElements(), 1);
+ CHECK_EQ(table->Lookup(*a), *b);
+ CHECK_EQ(table->Lookup(*b), HEAP->undefined_value());
+
+ // Keys that are overwritten should not change number of elements.
+ table = PutIntoObjectHashTable(table, a, FACTORY->NewJSArray(13));
+ CHECK_EQ(table->NumberOfElements(), 1);
+ CHECK_NE(table->Lookup(*a), *b);
+
+ // Keys mapped to undefined should be removed permanently.
+ table = PutIntoObjectHashTable(table, a, FACTORY->undefined_value());
+ CHECK_EQ(table->NumberOfElements(), 0);
+ CHECK_EQ(table->NumberOfDeletedElements(), 1);
+ CHECK_EQ(table->Lookup(*a), HEAP->undefined_value());
+
+ // Keys should map back to their respective values.
+ for (int i = 0; i < 100; i++) {
+ Handle<JSObject> key = FACTORY->NewJSArray(7);
+ Handle<JSObject> value = FACTORY->NewJSArray(11);
+ table = PutIntoObjectHashTable(table, key, value);
+ CHECK_EQ(table->NumberOfElements(), i + 1);
+ CHECK_NE(table->FindEntry(*key), ObjectHashTable::kNotFound);
+ CHECK_EQ(table->Lookup(*key), *value);
+ }
+
+ // Keys never added to the map should not be found.
+ for (int i = 0; i < 1000; i++) {
+ Handle<JSObject> o = FACTORY->NewJSArray(100);
+ CHECK_EQ(table->FindEntry(*o), ObjectHashTable::kNotFound);
+ CHECK_EQ(table->Lookup(*o), HEAP->undefined_value());
+ }
+}
diff --git a/test/mjsunit/scope-calls-eval.js b/test/mjsunit/scope-calls-eval.js
new file mode 100644
index 0000000..4a941aa
--- /dev/null
+++ b/test/mjsunit/scope-calls-eval.js
@@ -0,0 +1,65 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Tests if the information about eval calls in a function is
+// propagated correctly through catch and with blocks.
+
+
+function f1() {
+ var x = 5;
+ function g() {
+ try {
+ throw '';
+ } catch (e) {
+ eval('var x = 3;');
+ }
+ try {
+ throw '';
+ } catch (e) {
+ return x;
+ }
+ }
+ return g();
+}
+
+
+function f2() {
+ var x = 5;
+ function g() {
+ with ({e:42}) {
+ eval('var x = 3;');
+ }
+ with ({e:42}) {
+ return x;
+ }
+ }
+ return g();
+}
+
+
+assertEquals(3, f1());
+assertEquals(3, f2());