update V8 to TOT snapshot branch
diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc
index 62edae5..6e565e0 100644
--- a/src/bootstrapper.cc
+++ b/src/bootstrapper.cc
@@ -177,116 +177,6 @@
}
-// Pending fixups are code positions that refer to builtin code
-// objects that were not available at the time the code was generated.
-// The pending list is processed whenever an environment has been
-// created.
-class PendingFixups : public AllStatic {
- public:
- static void Add(Code* code, MacroAssembler* masm);
- static bool Process(Handle<JSBuiltinsObject> builtins);
-
- static void Iterate(ObjectVisitor* v);
-
- private:
- static List<Object*> code_;
- static List<const char*> name_;
- static List<int> pc_;
- static List<uint32_t> flags_;
-
- static void Clear();
-};
-
-
-List<Object*> PendingFixups::code_(0);
-List<const char*> PendingFixups::name_(0);
-List<int> PendingFixups::pc_(0);
-List<uint32_t> PendingFixups::flags_(0);
-
-
-void PendingFixups::Add(Code* code, MacroAssembler* masm) {
- // Note this code is not only called during bootstrapping.
- List<MacroAssembler::Unresolved>* unresolved = masm->unresolved();
- int n = unresolved->length();
- for (int i = 0; i < n; i++) {
- const char* name = unresolved->at(i).name;
- code_.Add(code);
- name_.Add(name);
- pc_.Add(unresolved->at(i).pc);
- flags_.Add(unresolved->at(i).flags);
- LOG(StringEvent("unresolved", name));
- }
-}
-
-
-bool PendingFixups::Process(Handle<JSBuiltinsObject> builtins) {
- HandleScope scope;
- // NOTE: Extra fixups may be added to the list during the iteration
- // due to lazy compilation of functions during the processing. Do not
- // cache the result of getting the length of the code list.
- for (int i = 0; i < code_.length(); i++) {
- const char* name = name_[i];
- uint32_t flags = flags_[i];
- Handle<String> symbol = Factory::LookupAsciiSymbol(name);
- Object* o = builtins->GetProperty(*symbol);
-#ifdef DEBUG
- if (!o->IsJSFunction()) {
- V8_Fatal(__FILE__, __LINE__, "Cannot resolve call to builtin %s", name);
- }
-#endif
- Handle<SharedFunctionInfo> shared(JSFunction::cast(o)->shared());
- // Make sure the number of parameters match the formal parameter count.
- int argc = Bootstrapper::FixupFlagsArgumentsCount::decode(flags);
- USE(argc);
- ASSERT(shared->formal_parameter_count() == argc);
- // Do lazy compilation if necessary and check for stack overflows.
- if (!EnsureCompiled(shared, CLEAR_EXCEPTION)) {
- Clear();
- return false;
- }
- Code* code = Code::cast(code_[i]);
- Address pc = code->instruction_start() + pc_[i];
- RelocInfo target(pc, RelocInfo::CODE_TARGET, 0);
- bool use_code_object = Bootstrapper::FixupFlagsUseCodeObject::decode(flags);
- if (use_code_object) {
- target.set_target_object(shared->code());
- } else {
- target.set_target_address(shared->code()->instruction_start());
- }
- LOG(StringEvent("resolved", name));
- }
- Clear();
-
- // TODO(1240818): We should probably try to avoid doing this for all
- // the V8 builtin JS files. It should only happen after running
- // runtime.js - just like there shouldn't be any fixups left after
- // that.
- for (int i = 0; i < Builtins::NumberOfJavaScriptBuiltins(); i++) {
- Builtins::JavaScript id = static_cast<Builtins::JavaScript>(i);
- Handle<String> name = Factory::LookupAsciiSymbol(Builtins::GetName(id));
- JSFunction* function = JSFunction::cast(builtins->GetProperty(*name));
- builtins->set_javascript_builtin(id, function);
- }
-
- return true;
-}
-
-
-void PendingFixups::Clear() {
- code_.Clear();
- name_.Clear();
- pc_.Clear();
- flags_.Clear();
-}
-
-
-void PendingFixups::Iterate(ObjectVisitor* v) {
- if (!code_.is_empty()) {
- v->VisitPointers(&code_[0], &code_[0] + code_.length());
- }
-}
-
-
class Genesis BASE_EMBEDDED {
public:
Genesis(Handle<Object> global_object,
@@ -327,6 +217,10 @@
// deserialized, leaving the GC to pick it up.
void HookUpGlobalProxy(Handle<GlobalObject> inner_global,
Handle<JSGlobalProxy> global_proxy);
+ // Similarly, we want to use the inner global that has been created by the
+ // templates passed through the API. The inner global from the snapshot is
+ // detached from the other objects in the snapshot.
+ void HookUpInnerGlobal(Handle<GlobalObject> inner_global);
// New context initialization. Used for creating a context from scratch.
void InitializeGlobal(Handle<GlobalObject> inner_global,
Handle<JSFunction> empty_function);
@@ -341,12 +235,10 @@
static bool InstallExtension(const char* name);
static bool InstallExtension(v8::RegisteredExtension* current);
static void InstallSpecialObjects(Handle<Context> global_context);
+ bool InstallJSBuiltins(Handle<JSBuiltinsObject> builtins);
bool ConfigureApiObject(Handle<JSObject> object,
Handle<ObjectTemplateInfo> object_template);
bool ConfigureGlobalObjects(v8::Handle<v8::ObjectTemplate> global_template);
- void TransferMapsToDeserializedGlobals(
- Handle<GlobalObject> inner_global_outside_snapshot,
- Handle<GlobalObject> inner_global_from_snapshot);
// Migrates all properties from the 'from' object to the 'to'
// object and overrides the prototype in 'to' with the one from
@@ -385,15 +277,6 @@
void Bootstrapper::Iterate(ObjectVisitor* v) {
extensions_cache.Iterate(v);
v->Synchronize("Extensions");
- PendingFixups::Iterate(v);
- v->Synchronize("PendingFixups");
-}
-
-
-// While setting up the environment, we collect code positions that
-// need to be patched before we can run any code in the environment.
-void Bootstrapper::AddFixup(Code* code, MacroAssembler* masm) {
- PendingFixups::Add(code, masm);
}
@@ -634,7 +517,7 @@
Handle<Code> code = Handle<Code>(Builtins::builtin(Builtins::Illegal));
js_global_function =
Factory::NewFunction(name, JS_GLOBAL_OBJECT_TYPE,
- JSGlobalObject::kSize + 17 * kPointerSize, code, true);
+ JSGlobalObject::kSize, code, true);
// Change the constructor property of the prototype of the
// hidden global function to refer to the Object function.
Handle<JSObject> prototype =
@@ -704,6 +587,28 @@
}
+void Genesis::HookUpInnerGlobal(Handle<GlobalObject> inner_global) {
+ Handle<GlobalObject> inner_global_from_snapshot(
+ GlobalObject::cast(global_context_->extension()));
+ Handle<JSBuiltinsObject> builtins_global(global_context_->builtins());
+ global_context_->set_extension(*inner_global);
+ global_context_->set_global(*inner_global);
+ global_context_->set_security_token(*inner_global);
+ static const PropertyAttributes attributes =
+ static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE);
+ ForceSetProperty(builtins_global,
+ Factory::LookupAsciiSymbol("global"),
+ inner_global,
+ attributes);
+ // Setup the reference from the global object to the builtins object.
+ JSGlobalObject::cast(*inner_global)->set_builtins(*builtins_global);
+ TransferNamedProperties(inner_global_from_snapshot, inner_global);
+ TransferIndexedProperties(inner_global_from_snapshot, inner_global);
+}
+
+
+// This is only called if we are not using snapshots. The equivalent
+// work in the snapshot case is done in HookUpInnerGlobal.
void Genesis::InitializeGlobal(Handle<GlobalObject> inner_global,
Handle<JSFunction> empty_function) {
// --- G l o b a l C o n t e x t ---
@@ -865,11 +770,11 @@
#ifdef DEBUG
LookupResult lookup;
result->LocalLookup(Heap::callee_symbol(), &lookup);
- ASSERT(lookup.IsValid() && (lookup.type() == FIELD));
+ ASSERT(lookup.IsProperty() && (lookup.type() == FIELD));
ASSERT(lookup.GetFieldIndex() == Heap::arguments_callee_index);
result->LocalLookup(Heap::length_symbol(), &lookup);
- ASSERT(lookup.IsValid() && (lookup.type() == FIELD));
+ ASSERT(lookup.IsProperty() && (lookup.type() == FIELD));
ASSERT(lookup.GetFieldIndex() == Heap::arguments_length_index);
ASSERT(result->map()->inobject_properties() > Heap::arguments_callee_index);
@@ -977,6 +882,7 @@
0,
extension,
NULL,
+ Handle<String>::null(),
use_runtime_context ? NATIVES_CODE : NOT_NATIVES_CODE);
if (boilerplate.is_null()) return false;
if (cache != NULL) cache->Add(name, boilerplate);
@@ -1003,8 +909,7 @@
Handle<Object> result =
Execution::Call(fun, receiver, 0, NULL, &has_pending_exception);
if (has_pending_exception) return false;
- return PendingFixups::Process(
- Handle<JSBuiltinsObject>(top_context->builtins()));
+ return true;
}
@@ -1024,7 +929,6 @@
INSTALL_NATIVE(JSFunction, "ToInteger", to_integer_fun);
INSTALL_NATIVE(JSFunction, "ToUint32", to_uint32_fun);
INSTALL_NATIVE(JSFunction, "ToInt32", to_int32_fun);
- INSTALL_NATIVE(JSFunction, "ToBoolean", to_boolean_fun);
INSTALL_NATIVE(JSFunction, "GlobalEval", global_eval_fun);
INSTALL_NATIVE(JSFunction, "Instantiate", instantiate_fun);
INSTALL_NATIVE(JSFunction, "ConfigureTemplateInstance",
@@ -1211,6 +1115,10 @@
i++) {
Vector<const char> name = Natives::GetScriptName(i);
if (!CompileBuiltin(i)) return false;
+ // TODO(ager): We really only need to install the JS builtin
+ // functions on the builtins object after compiling and running
+ // runtime.js.
+ if (!InstallJSBuiltins(builtins)) return false;
}
InstallNativeFunctions();
@@ -1397,17 +1305,19 @@
}
-void Genesis::TransferMapsToDeserializedGlobals(
- Handle<GlobalObject> inner_global_outside_snapshot,
- Handle<GlobalObject> inner_global_from_snapshot) {
- Handle<Map> from_map(inner_global_outside_snapshot->map());
-#ifdef DEBUG
- Handle<Map> to_map(inner_global_from_snapshot->map());
- ASSERT_EQ(to_map->instance_size(), from_map->instance_size());
- ASSERT_EQ(0, to_map->inobject_properties());
- ASSERT_EQ(0, from_map->inobject_properties());
-#endif
- inner_global_from_snapshot->set_map(*from_map);
+bool Genesis::InstallJSBuiltins(Handle<JSBuiltinsObject> builtins) {
+ HandleScope scope;
+ for (int i = 0; i < Builtins::NumberOfJavaScriptBuiltins(); i++) {
+ Builtins::JavaScript id = static_cast<Builtins::JavaScript>(i);
+ Handle<String> name = Factory::LookupAsciiSymbol(Builtins::GetName(id));
+ Handle<JSFunction> function
+ = Handle<JSFunction>(JSFunction::cast(builtins->GetProperty(*name)));
+ builtins->set_javascript_builtin(id, *function);
+ Handle<SharedFunctionInfo> shared
+ = Handle<SharedFunctionInfo>(function->shared());
+ if (!EnsureCompiled(shared, CLEAR_EXCEPTION)) return false;
+ }
+ return true;
}
@@ -1415,7 +1325,7 @@
v8::Handle<v8::ObjectTemplate> global_proxy_template) {
Handle<JSObject> global_proxy(
JSObject::cast(global_context()->global_proxy()));
- Handle<JSObject> js_global(JSObject::cast(global_context()->global()));
+ Handle<JSObject> inner_global(JSObject::cast(global_context()->global()));
if (!global_proxy_template.IsEmpty()) {
// Configure the global proxy object.
@@ -1429,11 +1339,11 @@
if (!proxy_constructor->prototype_template()->IsUndefined()) {
Handle<ObjectTemplateInfo> inner_data(
ObjectTemplateInfo::cast(proxy_constructor->prototype_template()));
- if (!ConfigureApiObject(js_global, inner_data)) return false;
+ if (!ConfigureApiObject(inner_global, inner_data)) return false;
}
}
- SetObjectPrototype(global_proxy, js_global);
+ SetObjectPrototype(global_proxy, inner_global);
return true;
}
@@ -1485,7 +1395,7 @@
LookupResult result;
to->LocalLookup(descs->GetKey(i), &result);
// If the property is already there we skip it
- if (result.IsValid()) continue;
+ if (result.IsProperty()) continue;
HandleScope inner;
ASSERT(!to->HasFastProperties());
// Add to dictionary.
@@ -1520,7 +1430,7 @@
// If the property is already there we skip it.
LookupResult result;
to->LocalLookup(String::cast(raw_key), &result);
- if (result.IsValid()) continue;
+ if (result.IsProperty()) continue;
// Set the property.
Handle<String> key = Handle<String>(String::cast(raw_key));
Handle<Object> value = Handle<Object>(properties->ValueAt(i));
@@ -1604,25 +1514,33 @@
void Genesis::BuildSpecialFunctionTable() {
HandleScope scope;
Handle<JSObject> global = Handle<JSObject>(global_context()->global());
- // Add special versions for Array.prototype.pop and push.
+ // Add special versions for some Array.prototype functions.
Handle<JSFunction> function =
Handle<JSFunction>(
JSFunction::cast(global->GetProperty(Heap::Array_symbol())));
Handle<JSObject> visible_prototype =
Handle<JSObject>(JSObject::cast(function->prototype()));
- // Remember to put push and pop on the hidden prototype if it's there.
- Handle<JSObject> push_and_pop_prototype;
+ // Remember to put those specializations on the hidden prototype if present.
+ Handle<JSObject> special_prototype;
Handle<Object> superproto(visible_prototype->GetPrototype());
if (superproto->IsJSObject() &&
JSObject::cast(*superproto)->map()->is_hidden_prototype()) {
- push_and_pop_prototype = Handle<JSObject>::cast(superproto);
+ special_prototype = Handle<JSObject>::cast(superproto);
} else {
- push_and_pop_prototype = visible_prototype;
+ special_prototype = visible_prototype;
}
- AddSpecialFunction(push_and_pop_prototype, "pop",
+ AddSpecialFunction(special_prototype, "pop",
Handle<Code>(Builtins::builtin(Builtins::ArrayPop)));
- AddSpecialFunction(push_and_pop_prototype, "push",
+ AddSpecialFunction(special_prototype, "push",
Handle<Code>(Builtins::builtin(Builtins::ArrayPush)));
+ AddSpecialFunction(special_prototype, "shift",
+ Handle<Code>(Builtins::builtin(Builtins::ArrayShift)));
+ AddSpecialFunction(special_prototype, "unshift",
+ Handle<Code>(Builtins::builtin(Builtins::ArrayUnshift)));
+ AddSpecialFunction(special_prototype, "slice",
+ Handle<Code>(Builtins::builtin(Builtins::ArraySlice)));
+ AddSpecialFunction(special_prototype, "splice",
+ Handle<Code>(Builtins::builtin(Builtins::ArraySplice)));
}
@@ -1648,19 +1566,15 @@
JSFunction* empty_function =
JSFunction::cast(result_->function_map()->prototype());
empty_function_ = Handle<JSFunction>(empty_function);
- Handle<GlobalObject> inner_global_outside_snapshot;
+ Handle<GlobalObject> inner_global;
Handle<JSGlobalProxy> global_proxy =
CreateNewGlobals(global_template,
global_object,
- &inner_global_outside_snapshot);
- // CreateNewGlobals returns an inner global that it just made, but
- // we won't give that to HookUpGlobalProxy because we want to hook
- // up the global proxy to the one from the snapshot.
- Handle<GlobalObject> inner_global(
- GlobalObject::cast(global_context_->extension()));
+ &inner_global);
+
HookUpGlobalProxy(inner_global, global_proxy);
- TransferMapsToDeserializedGlobals(inner_global_outside_snapshot,
- inner_global);
+ HookUpInnerGlobal(inner_global);
+
if (!ConfigureGlobalObjects(global_template)) return;
} else {
// We get here if there was no context snapshot.