From 4453c0c250e6bf0f6391491652515b14d945206b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Mon, 23 May 2016 16:27:30 +0200 Subject: [PATCH] deps: upgrade to V8 5.0.71.52 Pick up the latest set of patch level updates from the V8 5.0 branch. https://github.com/v8/v8/compare/5.0.71.47...5.0.71.52 Fixes: https://github.com/nodejs/node/issues/6158 PR-URL: https://github.com/nodejs/node/pull/6928 Reviewed-By: Ali Ijaz Sheikh Reviewed-By: Ben Noordhuis --- deps/v8/include/v8-version.h | 2 +- deps/v8/src/compiler/js-create-lowering.cc | 30 +++++++----------- deps/v8/src/compiler/js-create-lowering.h | 1 - .../src/crankshaft/arm/lithium-codegen-arm.cc | 7 +++-- .../crankshaft/arm64/lithium-codegen-arm64.cc | 7 +++-- .../crankshaft/ia32/lithium-codegen-ia32.cc | 7 +++-- .../crankshaft/mips/lithium-codegen-mips.cc | 5 +-- .../mips64/lithium-codegen-mips64.cc | 5 +-- .../src/crankshaft/ppc/lithium-codegen-ppc.cc | 7 +++-- .../src/crankshaft/x64/lithium-codegen-x64.cc | 7 +++-- .../src/crankshaft/x87/lithium-codegen-x87.cc | 7 +++-- .../src/full-codegen/arm/full-codegen-arm.cc | 7 +++-- .../full-codegen/arm64/full-codegen-arm64.cc | 5 +-- .../full-codegen/ia32/full-codegen-ia32.cc | 7 +++-- .../full-codegen/mips/full-codegen-mips.cc | 5 +-- .../mips64/full-codegen-mips64.cc | 5 +-- .../src/full-codegen/ppc/full-codegen-ppc.cc | 7 +++-- .../src/full-codegen/x64/full-codegen-x64.cc | 7 +++-- .../src/full-codegen/x87/full-codegen-x87.cc | 7 +++-- deps/v8/src/objects.cc | 31 ++++++++++++++++--- deps/v8/src/objects.h | 5 ++- deps/v8/src/parsing/parser.cc | 6 +++- deps/v8/src/runtime/runtime-function.cc | 15 +++++++-- deps/v8/test/cctest/test-api.cc | 13 ++++++++ .../mjsunit/es6/regress/regress-594084.js | 10 ++++++ deps/v8/test/mjsunit/mirror-function.js | 1 + deps/v8/test/mjsunit/regress/regress-5010.js | 9 ++++++ .../mjsunit/regress/regress-crbug-610228.js | 11 +++++++ 28 files changed, 162 insertions(+), 74 deletions(-) create mode 100644 deps/v8/test/mjsunit/es6/regress/regress-594084.js create mode 100644 deps/v8/test/mjsunit/regress/regress-5010.js create mode 100644 deps/v8/test/mjsunit/regress/regress-crbug-610228.js diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h index cde8bf192dd6fc..c24f07202b0847 100644 --- a/deps/v8/include/v8-version.h +++ b/deps/v8/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 5 #define V8_MINOR_VERSION 0 #define V8_BUILD_NUMBER 71 -#define V8_PATCH_LEVEL 47 +#define V8_PATCH_LEVEL 52 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/deps/v8/src/compiler/js-create-lowering.cc b/deps/v8/src/compiler/js-create-lowering.cc index df5c8d07df1fda..20033636edc186 100644 --- a/deps/v8/src/compiler/js-create-lowering.cc +++ b/deps/v8/src/compiler/js-create-lowering.cc @@ -905,8 +905,17 @@ Node* JSCreateLowering::AllocateFastLiteral( site_context->ExitScope(current_site, boilerplate_object); } else if (property_details.representation().IsDouble()) { // Allocate a mutable HeapNumber box and store the value into it. - value = effect = AllocateMutableHeapNumber( - Handle::cast(boilerplate_value)->value(), + Callable callable = CodeFactory::AllocateMutableHeapNumber(isolate()); + CallDescriptor* desc = Linkage::GetStubCallDescriptor( + isolate(), jsgraph()->zone(), callable.descriptor(), 0, + CallDescriptor::kNoFlags, Operator::kNoThrow); + value = effect = graph()->NewNode( + common()->Call(desc), jsgraph()->HeapConstant(callable.code()), + jsgraph()->NoContextConstant(), effect, control); + effect = graph()->NewNode( + simplified()->StoreField(AccessBuilder::ForHeapNumberValue()), + value, jsgraph()->Constant( + Handle::cast(boilerplate_value)->value()), effect, control); } else if (property_details.representation().IsSmi()) { // Ensure that value is stored as smi. @@ -1028,23 +1037,6 @@ Node* JSCreateLowering::AllocateFastLiteralElements( return builder.Finish(); } -Node* JSCreateLowering::AllocateMutableHeapNumber(double value, Node* effect, - Node* control) { - // TODO(turbofan): Support inline allocation of MutableHeapNumber - // (requires proper alignment on Allocate, and Begin/FinishRegion). - Callable callable = CodeFactory::AllocateMutableHeapNumber(isolate()); - CallDescriptor* desc = Linkage::GetStubCallDescriptor( - isolate(), jsgraph()->zone(), callable.descriptor(), 0, - CallDescriptor::kNoFlags, Operator::kNoThrow); - Node* result = effect = graph()->NewNode( - common()->Call(desc), jsgraph()->HeapConstant(callable.code()), - jsgraph()->NoContextConstant(), effect, control); - effect = graph()->NewNode( - simplified()->StoreField(AccessBuilder::ForHeapNumberValue()), result, - jsgraph()->Constant(value), effect, control); - return result; -} - MaybeHandle JSCreateLowering::GetSpecializationLiterals( Node* node) { Node* const closure = NodeProperties::GetValueInput(node, 0); diff --git a/deps/v8/src/compiler/js-create-lowering.h b/deps/v8/src/compiler/js-create-lowering.h index d9d184b8e2981a..52e7ec254ad230 100644 --- a/deps/v8/src/compiler/js-create-lowering.h +++ b/deps/v8/src/compiler/js-create-lowering.h @@ -70,7 +70,6 @@ class JSCreateLowering final : public AdvancedReducer { Handle boilerplate, PretenureFlag pretenure, AllocationSiteUsageContext* site_context); - Node* AllocateMutableHeapNumber(double value, Node* effect, Node* control); // Infers the LiteralsArray to use for a given {node}. MaybeHandle GetSpecializationLiterals(Node* node); diff --git a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc index 7b2ebadf1f693d..8b4e6c99049912 100644 --- a/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc +++ b/deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc @@ -2443,11 +2443,12 @@ void LCodeGen::EmitClassOfTest(Label* is_true, __ JumpIfSmi(input, is_false); - __ CompareObjectType(input, temp, temp2, JS_FUNCTION_TYPE); + __ CompareObjectType(input, temp, temp2, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ b(eq, is_true); + __ b(hs, is_true); } else { - __ b(eq, is_false); + __ b(hs, is_false); } // Check if the constructor in the map is a function. diff --git a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc index 6399a8bb09abb7..855cac14c044bb 100644 --- a/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc +++ b/deps/v8/src/crankshaft/arm64/lithium-codegen-arm64.cc @@ -2225,11 +2225,12 @@ void LCodeGen::DoClassOfTestAndBranch(LClassOfTestAndBranch* instr) { __ JumpIfSmi(input, false_label); Register map = scratch2; - __ CompareObjectType(input, map, scratch1, JS_FUNCTION_TYPE); + __ CompareObjectType(input, map, scratch1, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ B(eq, true_label); + __ B(hs, true_label); } else { - __ B(eq, false_label); + __ B(hs, false_label); } // Check if the constructor in the map is a function. diff --git a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc index a535153e18df6d..239db8ba13e2e5 100644 --- a/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc +++ b/deps/v8/src/crankshaft/ia32/lithium-codegen-ia32.cc @@ -2342,11 +2342,12 @@ void LCodeGen::EmitClassOfTest(Label* is_true, DCHECK(!temp.is(temp2)); __ JumpIfSmi(input, is_false); - __ CmpObjectType(input, JS_FUNCTION_TYPE, temp); + __ CmpObjectType(input, FIRST_FUNCTION_TYPE, temp); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ j(equal, is_true); + __ j(above_equal, is_true); } else { - __ j(equal, is_false); + __ j(above_equal, is_false); } // Now we are in the FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range. diff --git a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc index 8febb573b179cc..66fcf75ec0e300 100644 --- a/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc +++ b/deps/v8/src/crankshaft/mips/lithium-codegen-mips.cc @@ -2355,10 +2355,11 @@ void LCodeGen::EmitClassOfTest(Label* is_true, __ JumpIfSmi(input, is_false); __ GetObjectType(input, temp, temp2); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ Branch(is_true, eq, temp2, Operand(JS_FUNCTION_TYPE)); + __ Branch(is_true, hs, temp2, Operand(FIRST_FUNCTION_TYPE)); } else { - __ Branch(is_false, eq, temp2, Operand(JS_FUNCTION_TYPE)); + __ Branch(is_false, hs, temp2, Operand(FIRST_FUNCTION_TYPE)); } // Check if the constructor in the map is a function. diff --git a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc index ddf908d9edf58f..5937f973867280 100644 --- a/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc +++ b/deps/v8/src/crankshaft/mips64/lithium-codegen-mips64.cc @@ -2473,10 +2473,11 @@ void LCodeGen::EmitClassOfTest(Label* is_true, __ JumpIfSmi(input, is_false); __ GetObjectType(input, temp, temp2); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ Branch(is_true, eq, temp2, Operand(JS_FUNCTION_TYPE)); + __ Branch(is_true, hs, temp2, Operand(FIRST_FUNCTION_TYPE)); } else { - __ Branch(is_false, eq, temp2, Operand(JS_FUNCTION_TYPE)); + __ Branch(is_false, hs, temp2, Operand(FIRST_FUNCTION_TYPE)); } // Now we are in the FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range. diff --git a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc index 921d9b69eb3021..9cf1db64bcd10e 100644 --- a/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc +++ b/deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc @@ -2498,11 +2498,12 @@ void LCodeGen::EmitClassOfTest(Label* is_true, Label* is_false, __ JumpIfSmi(input, is_false); - __ CompareObjectType(input, temp, temp2, JS_FUNCTION_TYPE); + __ CompareObjectType(input, temp, temp2, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ beq(is_true); + __ bge(is_true); } else { - __ beq(is_false); + __ bge(is_false); } // Check if the constructor in the map is a function. diff --git a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc index 849b4b33c699d5..31ff12537e6bf9 100644 --- a/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc +++ b/deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc @@ -2393,11 +2393,12 @@ void LCodeGen::EmitClassOfTest(Label* is_true, __ JumpIfSmi(input, is_false); - __ CmpObjectType(input, JS_FUNCTION_TYPE, temp); + __ CmpObjectType(input, FIRST_FUNCTION_TYPE, temp); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ j(equal, is_true); + __ j(above_equal, is_true); } else { - __ j(equal, is_false); + __ j(above_equal, is_false); } // Check if the constructor in the map is a function. diff --git a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc index a8f22be732521e..f80e0768a68475 100644 --- a/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc +++ b/deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc @@ -2629,11 +2629,12 @@ void LCodeGen::EmitClassOfTest(Label* is_true, DCHECK(!temp.is(temp2)); __ JumpIfSmi(input, is_false); - __ CmpObjectType(input, JS_FUNCTION_TYPE, temp); + __ CmpObjectType(input, FIRST_FUNCTION_TYPE, temp); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); if (String::Equals(isolate()->factory()->Function_string(), class_name)) { - __ j(equal, is_true); + __ j(above_equal, is_true); } else { - __ j(equal, is_false); + __ j(above_equal, is_false); } // Now we are in the FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range. diff --git a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc index 6e6a65511a4e73..46e3e2cc7156ec 100644 --- a/deps/v8/src/full-codegen/arm/full-codegen-arm.cc +++ b/deps/v8/src/full-codegen/arm/full-codegen-arm.cc @@ -3075,9 +3075,10 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { // Map is now in r0. __ b(lt, &null); - // Return 'Function' for JSFunction objects. - __ cmp(r1, Operand(JS_FUNCTION_TYPE)); - __ b(eq, &function); + // Return 'Function' for JSFunction and JSBoundFunction objects. + __ cmp(r1, Operand(FIRST_FUNCTION_TYPE)); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ b(hs, &function); // Check if the constructor in the map is a JS function. Register instance_type = r2; diff --git a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc index d0278e74219951..d43ae754e98a75 100644 --- a/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc +++ b/deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc @@ -2863,8 +2863,9 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ B(lt, &null); // Return 'Function' for JSFunction objects. - __ Cmp(x11, JS_FUNCTION_TYPE); - __ B(eq, &function); + __ Cmp(x11, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ B(hs, &function); // Check if the constructor in the map is a JS function. Register instance_type = x14; diff --git a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc index fadcd7cb5dc919..3dc5da12c6b18e 100644 --- a/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc +++ b/deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc @@ -2953,9 +2953,10 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, eax); __ j(below, &null, Label::kNear); - // Return 'Function' for JSFunction objects. - __ CmpInstanceType(eax, JS_FUNCTION_TYPE); - __ j(equal, &function, Label::kNear); + // Return 'Function' for JSFunction and JSBoundFunction objects. + __ CmpInstanceType(eax, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ j(above_equal, &function, Label::kNear); // Check if the constructor in the map is a JS function. __ GetMapConstructor(eax, eax, ebx); diff --git a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc index c8ce2045906931..3b34cb3a98e9e5 100644 --- a/deps/v8/src/full-codegen/mips/full-codegen-mips.cc +++ b/deps/v8/src/full-codegen/mips/full-codegen-mips.cc @@ -3073,8 +3073,9 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ GetObjectType(v0, v0, a1); // Map is now in v0. __ Branch(&null, lt, a1, Operand(FIRST_JS_RECEIVER_TYPE)); - // Return 'Function' for JSFunction objects. - __ Branch(&function, eq, a1, Operand(JS_FUNCTION_TYPE)); + // Return 'Function' for JSFunction and JSBoundFunction objects. + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ Branch(&function, hs, a1, Operand(FIRST_FUNCTION_TYPE)); // Check if the constructor in the map is a JS function. Register instance_type = a2; diff --git a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc index c85dee464453c8..9573be297a83c1 100644 --- a/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc +++ b/deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc @@ -3077,8 +3077,9 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ GetObjectType(v0, v0, a1); // Map is now in v0. __ Branch(&null, lt, a1, Operand(FIRST_JS_RECEIVER_TYPE)); - // Return 'Function' for JSFunction objects. - __ Branch(&function, eq, a1, Operand(JS_FUNCTION_TYPE)); + // Return 'Function' for JSFunction and JSBoundFunction objects. + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ Branch(&function, hs, a1, Operand(FIRST_FUNCTION_TYPE)); // Check if the constructor in the map is a JS function. Register instance_type = a2; diff --git a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc index 24a2a387331f49..daf3dbc0999b8b 100644 --- a/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc +++ b/deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc @@ -3077,9 +3077,10 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { // Map is now in r3. __ blt(&null); - // Return 'Function' for JSFunction objects. - __ cmpi(r4, Operand(JS_FUNCTION_TYPE)); - __ beq(&function); + // Return 'Function' for JSFunction and JSBoundFunction objects. + __ cmpli(r4, Operand(FIRST_FUNCTION_TYPE)); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ bge(&function); // Check if the constructor in the map is a JS function. Register instance_type = r5; diff --git a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc index 910b2cf9f062b5..2f7788d0c74fc6 100644 --- a/deps/v8/src/full-codegen/x64/full-codegen-x64.cc +++ b/deps/v8/src/full-codegen/x64/full-codegen-x64.cc @@ -2944,9 +2944,10 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ CmpObjectType(rax, FIRST_JS_RECEIVER_TYPE, rax); __ j(below, &null, Label::kNear); - // Return 'Function' for JSFunction objects. - __ CmpInstanceType(rax, JS_FUNCTION_TYPE); - __ j(equal, &function, Label::kNear); + // Return 'Function' for JSFunction and JSBoundFunction objects. + __ CmpInstanceType(rax, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ j(above_equal, &function, Label::kNear); // Check if the constructor in the map is a JS function. __ GetMapConstructor(rax, rax, rbx); diff --git a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc index 36b7c5d63687eb..1fecf499a661e1 100644 --- a/deps/v8/src/full-codegen/x87/full-codegen-x87.cc +++ b/deps/v8/src/full-codegen/x87/full-codegen-x87.cc @@ -2945,9 +2945,10 @@ void FullCodeGenerator::EmitClassOf(CallRuntime* expr) { __ CmpObjectType(eax, FIRST_JS_RECEIVER_TYPE, eax); __ j(below, &null, Label::kNear); - // Return 'Function' for JSFunction objects. - __ CmpInstanceType(eax, JS_FUNCTION_TYPE); - __ j(equal, &function, Label::kNear); + // Return 'Function' for JSFunction and JSBoundFunction objects. + __ CmpInstanceType(eax, FIRST_FUNCTION_TYPE); + STATIC_ASSERT(LAST_FUNCTION_TYPE == LAST_TYPE); + __ j(above_equal, &function, Label::kNear); // Check if the constructor in the map is a JS function. __ GetMapConstructor(eax, eax, ebx); diff --git a/deps/v8/src/objects.cc b/deps/v8/src/objects.cc index f577d5e4d3ec4d..cc0712a324804a 100644 --- a/deps/v8/src/objects.cc +++ b/deps/v8/src/objects.cc @@ -714,9 +714,14 @@ MaybeHandle Object::GetProperty(LookupIterator* it) { case LookupIterator::NOT_FOUND: case LookupIterator::TRANSITION: UNREACHABLE(); - case LookupIterator::JSPROXY: - return JSProxy::GetProperty(it->isolate(), it->GetHolder(), - it->GetName(), it->GetReceiver()); + case LookupIterator::JSPROXY: { + bool was_found; + MaybeHandle result = + JSProxy::GetProperty(it->isolate(), it->GetHolder(), + it->GetName(), it->GetReceiver(), &was_found); + if (!was_found) it->NotFound(); + return result; + } case LookupIterator::INTERCEPTOR: { bool done; Handle result; @@ -756,7 +761,9 @@ MaybeHandle Object::GetProperty(LookupIterator* it) { MaybeHandle JSProxy::GetProperty(Isolate* isolate, Handle proxy, Handle name, - Handle receiver) { + Handle receiver, + bool* was_found) { + *was_found = true; if (receiver->IsJSGlobalObject()) { THROW_NEW_ERROR( isolate, @@ -789,7 +796,9 @@ MaybeHandle JSProxy::GetProperty(Isolate* isolate, // 7.a Return target.[[Get]](P, Receiver). LookupIterator it = LookupIterator::PropertyOrElement(isolate, receiver, name, target); - return Object::GetProperty(&it); + MaybeHandle result = Object::GetProperty(&it); + *was_found = it.IsFound(); + return result; } // 8. Let trapResult be ? Call(trap, handler, «target, P, Receiver»). Handle trap_result; @@ -13345,6 +13354,18 @@ Handle JSBoundFunction::ToString(Handle function) { return isolate->factory()->NewStringFromAsciiChecked(kNativeCodeSource); } +// static +MaybeHandle JSBoundFunction::GetName(Isolate* isolate, + Handle function) { + Handle prefix = isolate->factory()->bound__string(); + if (!function->bound_target_function()->IsJSFunction()) return prefix; + Handle target(JSFunction::cast(function->bound_target_function()), + isolate); + Handle target_name = JSFunction::GetName(target); + if (!target_name->IsString()) return prefix; + Factory* factory = isolate->factory(); + return factory->NewConsString(prefix, Handle::cast(target_name)); +} // static Handle JSFunction::ToString(Handle function) { diff --git a/deps/v8/src/objects.h b/deps/v8/src/objects.h index 61c6e5ebe1fab6..f5e35c359674b0 100644 --- a/deps/v8/src/objects.h +++ b/deps/v8/src/objects.h @@ -7394,6 +7394,9 @@ class JSBoundFunction : public JSObject { // to ES6 section 19.2.3.5 Function.prototype.toString ( ). static Handle ToString(Handle function); + static MaybeHandle GetName(Isolate* isolate, + Handle function); + // Layout description. static const int kBoundTargetFunctionOffset = JSObject::kHeaderSize; static const int kBoundThisOffset = kBoundTargetFunctionOffset + kPointerSize; @@ -9731,7 +9734,7 @@ class JSProxy: public JSReceiver { // ES6 9.5.8 MUST_USE_RESULT static MaybeHandle GetProperty( Isolate* isolate, Handle proxy, Handle name, - Handle receiver); + Handle receiver, bool* was_found); // ES6 9.5.9 MUST_USE_RESULT static Maybe SetProperty(Handle proxy, diff --git a/deps/v8/src/parsing/parser.cc b/deps/v8/src/parsing/parser.cc index 8005479a32670b..968e8ed4ff5ef8 100644 --- a/deps/v8/src/parsing/parser.cc +++ b/deps/v8/src/parsing/parser.cc @@ -4536,7 +4536,7 @@ class InitializerRewriter : public AstExpressionVisitor { scope_(scope) {} private: - void VisitExpression(Expression* expr) { + void VisitExpression(Expression* expr) override { RewritableExpression* to_rewrite = expr->AsRewritableExpression(); if (to_rewrite == nullptr || to_rewrite->is_rewritten()) return; @@ -4544,6 +4544,10 @@ class InitializerRewriter : public AstExpressionVisitor { scope_); } + // Code in function literals does not need to be eagerly rewritten, it will be + // rewritten when scheduled. + void VisitFunctionLiteral(FunctionLiteral* expr) override {} + private: Parser* parser_; Scope* scope_; diff --git a/deps/v8/src/runtime/runtime-function.cc b/deps/v8/src/runtime/runtime-function.cc index d424a9ebfeb262..47a21f8f9bfbe8 100644 --- a/deps/v8/src/runtime/runtime-function.cc +++ b/deps/v8/src/runtime/runtime-function.cc @@ -16,11 +16,20 @@ namespace v8 { namespace internal { RUNTIME_FUNCTION(Runtime_FunctionGetName) { - SealHandleScope shs(isolate); + HandleScope scope(isolate); DCHECK(args.length() == 1); - CONVERT_ARG_CHECKED(JSFunction, f, 0); - return f->shared()->name(); + CONVERT_ARG_HANDLE_CHECKED(JSReceiver, function, 0); + if (function->IsJSBoundFunction()) { + Handle result; + ASSIGN_RETURN_FAILURE_ON_EXCEPTION( + isolate, result, JSBoundFunction::GetName( + isolate, Handle::cast(function))); + return *result; + } else { + RUNTIME_ASSERT(function->IsJSFunction()); + return Handle::cast(function)->shared()->name(); + } } diff --git a/deps/v8/test/cctest/test-api.cc b/deps/v8/test/cctest/test-api.cc index f4e8fe8e4bd36b..449d8dd66d0931 100644 --- a/deps/v8/test/cctest/test-api.cc +++ b/deps/v8/test/cctest/test-api.cc @@ -12898,6 +12898,19 @@ THREADED_TEST(VariousGetPropertiesAndThrowingCallbacks) { CHECK(try_catch.HasCaught()); try_catch.Reset(); CHECK(result.IsEmpty()); + + Local target = CompileRun("({})").As(); + Local handler = CompileRun("({})").As(); + Local proxy = + v8::Proxy::New(context.local(), target, handler).ToLocalChecked(); + + result = target->GetRealNamedProperty(context.local(), v8_str("f")); + CHECK(!try_catch.HasCaught()); + CHECK(result.IsEmpty()); + + result = proxy->GetRealNamedProperty(context.local(), v8_str("f")); + CHECK(!try_catch.HasCaught()); + CHECK(result.IsEmpty()); } diff --git a/deps/v8/test/mjsunit/es6/regress/regress-594084.js b/deps/v8/test/mjsunit/es6/regress/regress-594084.js new file mode 100644 index 00000000000000..4953cc9bb61cef --- /dev/null +++ b/deps/v8/test/mjsunit/es6/regress/regress-594084.js @@ -0,0 +1,10 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// Flags: --lazy --min-preparse-length=0 +(function() { + function CRASH(defaultParameter = + (function() { function functionDeclaration() { return 0; } }())) { + } +})(); diff --git a/deps/v8/test/mjsunit/mirror-function.js b/deps/v8/test/mjsunit/mirror-function.js index cda815df68d7d5..88106a2ed0fa68 100644 --- a/deps/v8/test/mjsunit/mirror-function.js +++ b/deps/v8/test/mjsunit/mirror-function.js @@ -88,3 +88,4 @@ function testFunctionMirror(f) { testFunctionMirror(function(){}); testFunctionMirror(function a(){return 1;}); testFunctionMirror(Math.sin); +testFunctionMirror((function(){}).bind({}), "Object"); diff --git a/deps/v8/test/mjsunit/regress/regress-5010.js b/deps/v8/test/mjsunit/regress/regress-5010.js new file mode 100644 index 00000000000000..ecd4026dd82665 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-5010.js @@ -0,0 +1,9 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +var bound = (function(){}).bind({}); +assertEquals("Function", %_ClassOf(bound)); +assertEquals("Function", %ClassOf(bound)); diff --git a/deps/v8/test/mjsunit/regress/regress-crbug-610228.js b/deps/v8/test/mjsunit/regress/regress-crbug-610228.js new file mode 100644 index 00000000000000..ca077d5631668b --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-crbug-610228.js @@ -0,0 +1,11 @@ +// Copyright 2016 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax + +function foo() { return JSON.stringify({a: 0.1}); } +assertEquals('{"a":0.1}', foo()); +assertEquals('{"a":0.1}', foo()); +%OptimizeFunctionOnNextCall(foo); +assertEquals('{"a":0.1}', foo());