Update V8 to r5388 as required by WebKit r66666
Change-Id: Ib3c42e9b7226d22c65c7077c543fe31afe62a318
diff --git a/test/mjsunit/array-splice.js b/test/mjsunit/array-splice.js
index 88c4876..68dd9b2 100644
--- a/test/mjsunit/array-splice.js
+++ b/test/mjsunit/array-splice.js
@@ -67,13 +67,8 @@
(function() {
var array;
for (var i = 0; i < 7; i++) {
- // SpiderMonkey and JSC return undefined in the case where no
- // arguments are given instead of using the implicit undefined
- // arguments. This does not follow ECMA-262, but we do the same for
- // compatibility.
- // TraceMonkey follows ECMA-262 though.
array = [1, 2, 3]
- assertEquals(undefined, array.splice());
+ assertEquals([], array.splice());
assertEquals([1, 2, 3], array);
// SpiderMonkey, TraceMonkey and JSC treat the case where no delete count is
diff --git a/test/mjsunit/const-eval-init.js b/test/mjsunit/const-eval-init.js
index 5bcd917..3f380d9 100644
--- a/test/mjsunit/const-eval-init.js
+++ b/test/mjsunit/const-eval-init.js
@@ -67,7 +67,9 @@
assertEquals(7, x);
}
-testAssignmentArgument();
+for (var i = 0; i < 10000; i++) {
+ testAssignmentArgument();
+}
assertEquals(6, x);
__defineSetter__('x', function() { throw 42; });
diff --git a/test/mjsunit/fuzz-natives.js b/test/mjsunit/fuzz-natives.js
index 11ac2e0..901c190 100644
--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -176,7 +176,11 @@
"_GetFromCache": true,
// This function expects its first argument to be a non-smi.
- "_IsStringWrapperSafeForDefaultValueOf" : true
+ "_IsStringWrapperSafeForDefaultValueOf" : true,
+
+ // Only applicable to strings.
+ "_HasCachedArrayIndex": true,
+ "_GetCachedArrayIndex": true
};
var currentlyUncallable = {
diff --git a/test/mjsunit/regress/regress-842.js b/test/mjsunit/regress/regress-842.js
new file mode 100644
index 0000000..18ad6d3
--- /dev/null
+++ b/test/mjsunit/regress/regress-842.js
@@ -0,0 +1,42 @@
+// Copyright 2010 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// 842 describes a scenario where Object.prototype or Array.prototype is
+// changed (a property is added) after which freeze and seal would fail
+// since that property would be listed when doing a "for (var key in names)"
+
+Array.prototype.myfunc = function() {};
+Array.prototype[10] = 42;
+Array.prototype.length = 3000;
+
+var obj = { name: "n1" };
+
+try {
+ obj = Object.freeze(obj);
+} catch (e) {
+ assertUnreachable();
+}
diff --git a/test/mjsunit/regress/regress-851.js b/test/mjsunit/regress/regress-851.js
new file mode 100644
index 0000000..d8f693e
--- /dev/null
+++ b/test/mjsunit/regress/regress-851.js
@@ -0,0 +1,32 @@
+// Copyright 2010 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+var i = 0;
+for (var i = 0; i < 10000; i++) {
+ Object.freeze({});
+ assertNull(JSON.stringify({x: null}).match(/\0/));
+}
diff --git a/test/mjsunit/testcfg.py b/test/mjsunit/testcfg.py
index 49064b1..d8fe24d 100644
--- a/test/mjsunit/testcfg.py
+++ b/test/mjsunit/testcfg.py
@@ -31,7 +31,6 @@
import re
import tempfile
-MJSUNIT_DEBUG_FLAGS = ['--enable-slow-asserts', '--debug-code', '--verify-heap']
FLAGS_PATTERN = re.compile(r"//\s+Flags:(.*)")
FILES_PATTERN = re.compile(r"//\s+Files:(.*)")
SELF_SCRIPT_PATTERN = re.compile(r"//\s+Env: TEST_FILE_NAME")
@@ -40,10 +39,9 @@
class MjsunitTestCase(test.TestCase):
def __init__(self, path, file, mode, context, config):
- super(MjsunitTestCase, self).__init__(context, path)
+ super(MjsunitTestCase, self).__init__(context, path, mode)
self.file = file
self.config = config
- self.mode = mode
self.self_script = False
def GetLabel(self):
@@ -53,13 +51,11 @@
return self.path[-1]
def GetCommand(self):
- result = [self.config.context.GetVm(self.mode)]
+ result = self.config.context.GetVmCommand(self, self.mode)
source = open(self.file).read()
flags_match = FLAGS_PATTERN.search(source)
if flags_match:
result += flags_match.group(1).strip().split()
- if self.mode == 'debug':
- result += MJSUNIT_DEBUG_FLAGS
additional_files = []
files_match = FILES_PATTERN.search(source);
# Accept several lines of 'Files:'
@@ -94,8 +90,8 @@
self.self_script = self_script
return self_script
- def Cleanup(self):
- if self.self_script:
+ def AfterRun(self, result):
+ if self.self_script and (not result.HasPreciousOutput()):
test.CheckedUnlink(self.self_script)
class MjsunitTestConfiguration(test.TestConfiguration):
diff --git a/test/mjsunit/third_party/array-splice-webkit.js b/test/mjsunit/third_party/array-splice-webkit.js
index b676a7c..974ac55 100644
--- a/test/mjsunit/third_party/array-splice-webkit.js
+++ b/test/mjsunit/third_party/array-splice-webkit.js
@@ -38,7 +38,7 @@
assertArrayEquals([], arr)
arr = ['a','b','c','d'];
-assertEquals(undefined, arr.splice())
+assertEquals([], arr.splice())
assertArrayEquals(['a','b','c','d'], arr);
assertArrayEquals(['a','b','c','d'], arr.splice(undefined))
assertArrayEquals([], arr);