Merge V8 at r10375: Roll to 3.6.6.17
Bug: 5688872
Change-Id: I558f9b89a15d2dcf1b62dcf9f297d4d42ca5830c
diff --git a/test/cctest/SConscript b/test/cctest/SConscript
index 621d8ec..5c92671 100644
--- a/test/cctest/SConscript
+++ b/test/cctest/SConscript
@@ -73,6 +73,7 @@
'test-fixed-dtoa.cc',
'test-flags.cc',
'test-func-name-inference.cc',
+ 'test-hashing.cc',
'test-hashmap.cc',
'test-heap-profiler.cc',
'test-heap.cc',
diff --git a/test/cctest/test-hashing.cc b/test/cctest/test-hashing.cc
new file mode 100644
index 0000000..9aa8461
--- /dev/null
+++ b/test/cctest/test-hashing.cc
@@ -0,0 +1,172 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <stdlib.h>
+
+#include "v8.h"
+
+#include "factory.h"
+#include "macro-assembler.h"
+#include "cctest.h"
+#include "code-stubs.h"
+#include "objects.h"
+
+#ifdef USE_SIMULATOR
+#include "simulator.h"
+#endif
+
+using namespace v8::internal;
+
+
+typedef uint32_t (*HASH_FUNCTION)();
+
+static v8::Persistent<v8::Context> env;
+
+#define __ masm->
+
+
+void generate(MacroAssembler* masm, i::Vector<const char> string) {
+ // GenerateHashInit takes the first character as an argument so it can't
+ // handle the zero length string.
+ ASSERT(string.length() > 0);
+#ifdef V8_TARGET_ARCH_IA32
+ __ push(ebx);
+ __ push(ecx);
+ __ mov(eax, Immediate(0));
+ __ mov(ebx, Immediate(string.at(0)));
+ StringHelper::GenerateHashInit(masm, eax, ebx, ecx);
+ for (int i = 1; i < string.length(); i++) {
+ __ mov(ebx, Immediate(string.at(i)));
+ StringHelper::GenerateHashAddCharacter(masm, eax, ebx, ecx);
+ }
+ StringHelper::GenerateHashGetHash(masm, eax, ecx);
+ __ pop(ecx);
+ __ pop(ebx);
+ __ Ret();
+#elif V8_TARGET_ARCH_X64
+ __ push(kRootRegister);
+ __ InitializeRootRegister();
+ __ push(rbx);
+ __ push(rcx);
+ __ movq(rax, Immediate(0));
+ __ movq(rbx, Immediate(string.at(0)));
+ StringHelper::GenerateHashInit(masm, rax, rbx, rcx);
+ for (int i = 1; i < string.length(); i++) {
+ __ movq(rbx, Immediate(string.at(i)));
+ StringHelper::GenerateHashAddCharacter(masm, rax, rbx, rcx);
+ }
+ StringHelper::GenerateHashGetHash(masm, rax, rcx);
+ __ pop(rcx);
+ __ pop(rbx);
+ __ pop(kRootRegister);
+ __ Ret();
+#elif V8_TARGET_ARCH_ARM
+ __ push(kRootRegister);
+ __ InitializeRootRegister();
+
+ __ mov(r0, Operand(0));
+ __ mov(ip, Operand(string.at(0)));
+ StringHelper::GenerateHashInit(masm, r0, ip);
+ for (int i = 1; i < string.length(); i++) {
+ __ mov(ip, Operand(string.at(i)));
+ StringHelper::GenerateHashAddCharacter(masm, r0, ip);
+ }
+ StringHelper::GenerateHashGetHash(masm, r0);
+ __ pop(kRootRegister);
+ __ mov(pc, Operand(lr));
+#elif V8_TARGET_ARCH_MIPS
+ __ push(kRootRegister);
+ __ InitializeRootRegister();
+
+ __ li(v0, Operand(0));
+ __ li(t1, Operand(string.at(0)));
+ StringHelper::GenerateHashInit(masm, v0, t1);
+ for (int i = 1; i < string.length(); i++) {
+ __ li(t1, Operand(string.at(i)));
+ StringHelper::GenerateHashAddCharacter(masm, v0, t1);
+ }
+ StringHelper::GenerateHashGetHash(masm, v0);
+ __ pop(kRootRegister);
+ __ jr(ra);
+ __ nop();
+#endif
+}
+
+
+void check(i::Vector<const char> string) {
+ v8::HandleScope scope;
+ v8::internal::byte buffer[2048];
+ MacroAssembler masm(Isolate::Current(), buffer, sizeof buffer);
+
+ generate(&masm, string);
+
+ CodeDesc desc;
+ masm.GetCode(&desc);
+ Code* code = Code::cast(HEAP->CreateCode(
+ desc,
+ Code::ComputeFlags(Code::STUB),
+ Handle<Object>(HEAP->undefined_value()))->ToObjectChecked());
+ CHECK(code->IsCode());
+
+ HASH_FUNCTION hash = FUNCTION_CAST<HASH_FUNCTION>(code->entry());
+ Handle<String> v8_string = FACTORY->NewStringFromAscii(string);
+ v8_string->set_hash_field(String::kEmptyHashField);
+#ifdef USE_SIMULATOR
+ uint32_t codegen_hash =
+ reinterpret_cast<uint32_t>(CALL_GENERATED_CODE(hash, 0, 0, 0, 0, 0));
+#else
+ uint32_t codegen_hash = hash();
+#endif
+ uint32_t runtime_hash = v8_string->Hash();
+ CHECK(runtime_hash == codegen_hash);
+}
+
+
+void check_twochars(char a, char b) {
+ char ab[2] = {a, b};
+ check(i::Vector<const char>(ab, 2));
+}
+
+
+TEST(StringHash) {
+ if (env.IsEmpty()) env = v8::Context::New();
+ for (int a = 0; a < String::kMaxAsciiCharCode; a++) {
+ // Numbers are hashed differently.
+ if (a >= '0' && a <= '9') continue;
+ for (int b = 0; b < String::kMaxAsciiCharCode; b++) {
+ if (b >= '0' && b <= '9') continue;
+ check_twochars(static_cast<char>(a), static_cast<char>(b));
+ }
+ }
+ check(i::Vector<const char>("*", 1));
+ check(i::Vector<const char>(".zZ", 3));
+ check(i::Vector<const char>("muc", 3));
+ check(i::Vector<const char>("(>'_')>", 7));
+ check(i::Vector<const char>("-=[ vee eight ftw ]=-", 21));
+}
+
+#undef __
diff --git a/test/cctest/test-parsing.cc b/test/cctest/test-parsing.cc
index f5aed96..d98b675 100755
--- a/test/cctest/test-parsing.cc
+++ b/test/cctest/test-parsing.cc
@@ -706,3 +706,179 @@
TestScanRegExp("/=/", "=");
TestScanRegExp("/=?/", "=?");
}
+
+
+void TestParserSync(i::Handle<i::String> source, bool allow_lazy) {
+ uintptr_t stack_limit = i::Isolate::Current()->stack_guard()->real_climit();
+
+ // Preparse the data.
+ i::CompleteParserRecorder log;
+ i::JavaScriptScanner scanner(i::Isolate::Current()->unicode_cache());
+ i::GenericStringUC16CharacterStream stream(source, 0, source->length());
+ scanner.Initialize(&stream);
+ v8::preparser::PreParser::PreParseResult result =
+ v8::preparser::PreParser::PreParseProgram(
+ &scanner, &log, allow_lazy, stack_limit);
+ CHECK_EQ(v8::preparser::PreParser::kPreParseSuccess, result);
+ i::ScriptDataImpl data(log.ExtractData());
+
+ // Parse the data
+ i::Handle<i::Script> script = FACTORY->NewScript(source);
+ i::Parser parser(script, false, NULL, NULL);
+ i::FunctionLiteral* function =
+ parser.ParseProgram(source, true, i::kNonStrictMode);
+
+ i::String* type_string = NULL;
+ if (function == NULL) {
+ // Extract exception from the parser.
+ i::Handle<i::String> type_symbol = FACTORY->LookupAsciiSymbol("type");
+ CHECK(i::Isolate::Current()->has_pending_exception());
+ i::MaybeObject* maybe_object = i::Isolate::Current()->pending_exception();
+ i::JSObject* exception = NULL;
+ CHECK(maybe_object->To(&exception));
+
+ // Get the type string.
+ maybe_object = exception->GetProperty(*type_symbol);
+ CHECK(maybe_object->To(&type_string));
+ }
+
+ // Check that preparsing fails iff parsing fails.
+ if (data.has_error() && function != NULL) {
+ i::OS::Print(
+ "Preparser failed on:\n"
+ "\t%s\n"
+ "with error:\n"
+ "\t%s\n"
+ "However, the parser succeeded",
+ *source->ToCString(), data.BuildMessage());
+ CHECK(false);
+ } else if (!data.has_error() && function == NULL) {
+ i::OS::Print(
+ "Parser failed on:\n"
+ "\t%s\n"
+ "with error:\n"
+ "\t%s\n"
+ "However, the preparser succeeded",
+ *source->ToCString(), *type_string->ToCString());
+ CHECK(false);
+ }
+
+ // Check that preparser and parser produce the same error.
+ if (function == NULL) {
+ if (!type_string->IsEqualTo(i::CStrVector(data.BuildMessage()))) {
+ i::OS::Print(
+ "Expected parser and preparser to produce the same error on:\n"
+ "\t%s\n"
+ "However, found the following error messages\n"
+ "\tparser: %s\n"
+ "\tpreparser: %s\n",
+ *source->ToCString(), *type_string->ToCString(), data.BuildMessage());
+ CHECK(false);
+ }
+ }
+}
+
+
+TEST(ParserSync) {
+ const char* context_data[][2] = {
+ { "", "" },
+ { "{", "}" },
+ { "if (true) ", " else {}" },
+ { "if (true) {} else ", "" },
+ { "if (true) ", "" },
+ { "do ", " while (false)" },
+ { "while (false) ", "" },
+ { "for (;;) ", "" },
+ { "with ({})", "" },
+ { "switch (12) { case 12: ", "}" },
+ { "switch (12) { default: ", "}" },
+ { "label2: ", "" },
+ { NULL, NULL }
+ };
+
+ const char* statement_data[] = {
+ "{}",
+ "var x",
+ "var x = 1",
+ "const x",
+ "const x = 1",
+ ";",
+ "12",
+ "if (false) {} else ;",
+ "if (false) {} else {}",
+ "if (false) {} else 12",
+ "if (false) ;"
+ "if (false) {}",
+ "if (false) 12",
+ "do {} while (false)",
+ "for (;;) ;",
+ "for (;;) {}",
+ "for (;;) 12",
+ "continue",
+ "continue label",
+ "continue\nlabel",
+ "break",
+ "break label",
+ "break\nlabel",
+ "return",
+ "return 12",
+ "return\n12",
+ "with ({}) ;",
+ "with ({}) {}",
+ "with ({}) 12",
+ "switch ({}) { default: }"
+ "label3: "
+ "throw",
+ "throw 12",
+ "throw\n12",
+ "try {} catch(e) {}",
+ "try {} finally {}",
+ "try {} catch(e) {} finally {}",
+ "debugger",
+ NULL
+ };
+
+ const char* termination_data[] = {
+ "",
+ ";",
+ "\n",
+ ";\n",
+ "\n;",
+ NULL
+ };
+
+ v8::HandleScope handles;
+ v8::Persistent<v8::Context> context = v8::Context::New();
+ v8::Context::Scope context_scope(context);
+
+ int marker;
+ i::Isolate::Current()->stack_guard()->SetStackLimit(
+ reinterpret_cast<uintptr_t>(&marker) - 128 * 1024);
+
+ for (int i = 0; context_data[i][0] != NULL; ++i) {
+ for (int j = 0; statement_data[j] != NULL; ++j) {
+ for (int k = 0; termination_data[k] != NULL; ++k) {
+ int kPrefixLen = i::StrLength(context_data[i][0]);
+ int kStatementLen = i::StrLength(statement_data[j]);
+ int kTerminationLen = i::StrLength(termination_data[k]);
+ int kSuffixLen = i::StrLength(context_data[i][1]);
+ int kProgramSize = kPrefixLen + kStatementLen + kTerminationLen
+ + kSuffixLen + i::StrLength("label: for (;;) { }");
+
+ // Plug the source code pieces together.
+ i::Vector<char> program = i::Vector<char>::New(kProgramSize + 1);
+ int length = i::OS::SNPrintF(program,
+ "label: for (;;) { %s%s%s%s }",
+ context_data[i][0],
+ statement_data[j],
+ termination_data[k],
+ context_data[i][1]);
+ CHECK(length == kProgramSize);
+ i::Handle<i::String> source =
+ FACTORY->NewStringFromAscii(i::CStrVector(program.start()));
+ TestParserSync(source, true);
+ TestParserSync(source, false);
+ }
+ }
+ }
+}
diff --git a/test/mjsunit/compiler/regress-106351.js b/test/mjsunit/compiler/regress-106351.js
new file mode 100644
index 0000000..2a67a05
--- /dev/null
+++ b/test/mjsunit/compiler/regress-106351.js
@@ -0,0 +1,38 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --allow-natives-syntax
+
+// Test Math.round with the input reused in the same expression.
+function test(x) {
+ var v = Math.round(x) - x;
+ assertEquals(0.5, v);
+}
+
+for (var i = 0; i < 5; ++i) test(0.5);
+%OptimizeFunctionOnNextCall(test);
+test(0.5);
diff --git a/test/mjsunit/debug-evaluate-locals-optimized-double.js b/test/mjsunit/debug-evaluate-locals-optimized-double.js
index 9ed1dbb..8447df5 100644
--- a/test/mjsunit/debug-evaluate-locals-optimized-double.js
+++ b/test/mjsunit/debug-evaluate-locals-optimized-double.js
@@ -50,10 +50,12 @@
var expected_y = (i + 1) * 2 + 2 + ((i + 1) * 2 + 2) / 100;
// All frames except the bottom one has normal variables a and b.
- assertEquals('a', frame.localName(0));
- assertEquals('b', frame.localName(1));
- assertEquals(expected_a, frame.localValue(0).value());
- assertEquals(expected_b, frame.localValue(1).value());
+ var a = ('a' === frame.localName(0)) ? 0 : 1;
+ var b = 1 - a;
+ assertEquals('a', frame.localName(a));
+ assertEquals('b', frame.localName(b));
+ assertEquals(expected_a, frame.localValue(a).value());
+ assertEquals(expected_b, frame.localValue(b).value());
// All frames except the bottom one has arguments variables x and y.
assertEquals('x', frame.argumentName(0));
diff --git a/test/mjsunit/debug-evaluate-locals-optimized.js b/test/mjsunit/debug-evaluate-locals-optimized.js
index 683c139..c3cd5eb 100644
--- a/test/mjsunit/debug-evaluate-locals-optimized.js
+++ b/test/mjsunit/debug-evaluate-locals-optimized.js
@@ -50,10 +50,12 @@
var expected_y = (i + 1) * 2 + 2;
// All frames except the bottom one has normal variables a and b.
- assertEquals('a', frame.localName(0));
- assertEquals('b', frame.localName(1));
- assertEquals(expected_a, frame.localValue(0).value());
- assertEquals(expected_b, frame.localValue(1).value());
+ var a = ('a' === frame.localName(0)) ? 0 : 1;
+ var b = 1 - a;
+ assertEquals('a', frame.localName(a));
+ assertEquals('b', frame.localName(b));
+ assertEquals(expected_a, frame.localValue(a).value());
+ assertEquals(expected_b, frame.localValue(b).value());
// All frames except the bottom one has arguments variables x and y.
assertEquals('x', frame.argumentName(0));
@@ -119,7 +121,7 @@
listenerComplete = true;
}
} catch (e) {
- exception = e
+ exception = e.stack;
};
};
diff --git a/test/mjsunit/regress/regress-97116.js b/test/mjsunit/regress/regress-97116.js
new file mode 100644
index 0000000..b858ca5
--- /dev/null
+++ b/test/mjsunit/regress/regress-97116.js
@@ -0,0 +1,50 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --expose-gc --allow-natives-syntax
+
+// Check that we are not flushing code for inlined functions that
+// have a pending lazy deoptimization on the stack.
+
+function deopt() {
+ try { } catch (e) { } // Avoid inlining.
+ %DeoptimizeFunction(outer);
+ for (var i = 0; i < 10; i++) gc(); // Force code flushing.
+}
+
+function outer(should_deopt) {
+ inner(should_deopt);
+}
+
+function inner(should_deopt) {
+ if (should_deopt) deopt();
+}
+
+outer(false);
+outer(false);
+%OptimizeFunctionOnNextCall(outer);
+outer(true);