RubyGems - libv8 - Versions diffs - 3.10.8.0 → 3.11.8.0 - Mend

libv8 3.10.8.0 → 3.11.8.0

Files changed (215) hide show

data/Rakefile +10 -3
data/ext/libv8/compiler.rb +46 -0
data/ext/libv8/extconf.rb +5 -1
data/ext/libv8/make.rb +13 -0
data/lib/libv8/version.rb +1 -1
data/patches/add-freebsd9-and-freebsd10-to-gyp-GetFlavor.patch +11 -0
data/patches/src_platform-freebsd.cc.patch +10 -0
data/vendor/v8/ChangeLog +124 -0
data/vendor/v8/DEPS +27 -0
data/vendor/v8/Makefile +7 -0
data/vendor/v8/SConstruct +15 -2
data/vendor/v8/build/common.gypi +129 -157
data/vendor/v8/build/gyp_v8 +11 -25
data/vendor/v8/build/standalone.gypi +9 -3
data/vendor/v8/include/v8.h +5 -3
data/vendor/v8/src/SConscript +1 -0
data/vendor/v8/src/api.cc +4 -33
data/vendor/v8/src/api.h +2 -2
data/vendor/v8/src/arm/builtins-arm.cc +5 -4
data/vendor/v8/src/arm/code-stubs-arm.cc +21 -14
data/vendor/v8/src/arm/codegen-arm.cc +2 -2
data/vendor/v8/src/arm/debug-arm.cc +3 -1
data/vendor/v8/src/arm/full-codegen-arm.cc +3 -102
data/vendor/v8/src/arm/ic-arm.cc +30 -33
data/vendor/v8/src/arm/lithium-arm.cc +20 -7
data/vendor/v8/src/arm/lithium-arm.h +10 -4
data/vendor/v8/src/arm/lithium-codegen-arm.cc +106 -60
data/vendor/v8/src/arm/macro-assembler-arm.cc +49 -39
data/vendor/v8/src/arm/macro-assembler-arm.h +5 -4
data/vendor/v8/src/arm/regexp-macro-assembler-arm.cc +115 -55
data/vendor/v8/src/arm/regexp-macro-assembler-arm.h +7 -6
data/vendor/v8/src/arm/simulator-arm.h +6 -6
data/vendor/v8/src/arm/stub-cache-arm.cc +64 -19
data/vendor/v8/src/array.js +7 -3
data/vendor/v8/src/ast.cc +11 -6
data/vendor/v8/src/bootstrapper.cc +9 -11
data/vendor/v8/src/builtins.cc +61 -31
data/vendor/v8/src/code-stubs.cc +23 -9
data/vendor/v8/src/code-stubs.h +1 -0
data/vendor/v8/src/codegen.h +3 -3
data/vendor/v8/src/compiler.cc +1 -1
data/vendor/v8/src/contexts.h +2 -18
data/vendor/v8/src/d8.cc +94 -93
data/vendor/v8/src/d8.h +1 -1
data/vendor/v8/src/debug-agent.cc +3 -3
data/vendor/v8/src/debug.cc +41 -1
data/vendor/v8/src/debug.h +50 -0
data/vendor/v8/src/elements-kind.cc +134 -0
data/vendor/v8/src/elements-kind.h +210 -0
data/vendor/v8/src/elements.cc +356 -190
data/vendor/v8/src/elements.h +36 -28
data/vendor/v8/src/factory.cc +44 -4
data/vendor/v8/src/factory.h +11 -7
data/vendor/v8/src/flag-definitions.h +3 -0
data/vendor/v8/src/frames.h +3 -0
data/vendor/v8/src/full-codegen.cc +2 -1
data/vendor/v8/src/func-name-inferrer.h +2 -0
data/vendor/v8/src/globals.h +3 -0
data/vendor/v8/src/heap-inl.h +16 -4
data/vendor/v8/src/heap.cc +38 -32
data/vendor/v8/src/heap.h +3 -17
data/vendor/v8/src/hydrogen-instructions.cc +28 -5
data/vendor/v8/src/hydrogen-instructions.h +142 -44
data/vendor/v8/src/hydrogen.cc +160 -55
data/vendor/v8/src/hydrogen.h +2 -0
data/vendor/v8/src/ia32/assembler-ia32.h +3 -0
data/vendor/v8/src/ia32/builtins-ia32.cc +5 -4
data/vendor/v8/src/ia32/code-stubs-ia32.cc +22 -16
data/vendor/v8/src/ia32/codegen-ia32.cc +2 -2
data/vendor/v8/src/ia32/debug-ia32.cc +29 -2
data/vendor/v8/src/ia32/full-codegen-ia32.cc +8 -101
data/vendor/v8/src/ia32/ic-ia32.cc +23 -19
data/vendor/v8/src/ia32/lithium-codegen-ia32.cc +126 -80
data/vendor/v8/src/ia32/lithium-codegen-ia32.h +2 -1
data/vendor/v8/src/ia32/lithium-ia32.cc +15 -9
data/vendor/v8/src/ia32/lithium-ia32.h +14 -6
data/vendor/v8/src/ia32/macro-assembler-ia32.cc +50 -40
data/vendor/v8/src/ia32/macro-assembler-ia32.h +5 -4
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.cc +113 -43
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.h +9 -4
data/vendor/v8/src/ia32/simulator-ia32.h +4 -4
data/vendor/v8/src/ia32/stub-cache-ia32.cc +52 -14
data/vendor/v8/src/ic.cc +77 -20
data/vendor/v8/src/ic.h +18 -2
data/vendor/v8/src/incremental-marking-inl.h +21 -5
data/vendor/v8/src/incremental-marking.cc +35 -8
data/vendor/v8/src/incremental-marking.h +12 -3
data/vendor/v8/src/isolate.cc +12 -2
data/vendor/v8/src/isolate.h +1 -1
data/vendor/v8/src/jsregexp.cc +66 -26
data/vendor/v8/src/jsregexp.h +60 -31
data/vendor/v8/src/list-inl.h +8 -0
data/vendor/v8/src/list.h +3 -0
data/vendor/v8/src/lithium.cc +5 -2
data/vendor/v8/src/liveedit.cc +57 -5
data/vendor/v8/src/mark-compact-inl.h +17 -11
data/vendor/v8/src/mark-compact.cc +100 -143
data/vendor/v8/src/mark-compact.h +44 -20
data/vendor/v8/src/messages.js +131 -99
data/vendor/v8/src/mips/builtins-mips.cc +5 -4
data/vendor/v8/src/mips/code-stubs-mips.cc +23 -15
data/vendor/v8/src/mips/codegen-mips.cc +2 -2
data/vendor/v8/src/mips/debug-mips.cc +3 -1
data/vendor/v8/src/mips/full-codegen-mips.cc +4 -102
data/vendor/v8/src/mips/ic-mips.cc +34 -36
data/vendor/v8/src/mips/lithium-codegen-mips.cc +116 -68
data/vendor/v8/src/mips/lithium-mips.cc +20 -7
data/vendor/v8/src/mips/lithium-mips.h +11 -4
data/vendor/v8/src/mips/macro-assembler-mips.cc +50 -39
data/vendor/v8/src/mips/macro-assembler-mips.h +5 -4
data/vendor/v8/src/mips/regexp-macro-assembler-mips.cc +110 -50
data/vendor/v8/src/mips/regexp-macro-assembler-mips.h +6 -5
data/vendor/v8/src/mips/simulator-mips.h +5 -5
data/vendor/v8/src/mips/stub-cache-mips.cc +66 -20
data/vendor/v8/src/mksnapshot.cc +5 -1
data/vendor/v8/src/objects-debug.cc +103 -6
data/vendor/v8/src/objects-inl.h +215 -116
data/vendor/v8/src/objects-printer.cc +13 -8
data/vendor/v8/src/objects.cc +608 -331
data/vendor/v8/src/objects.h +129 -94
data/vendor/v8/src/parser.cc +16 -4
data/vendor/v8/src/platform-freebsd.cc +1 -0
data/vendor/v8/src/platform-linux.cc +9 -30
data/vendor/v8/src/platform-posix.cc +28 -7
data/vendor/v8/src/platform-win32.cc +15 -3
data/vendor/v8/src/platform.h +2 -1
data/vendor/v8/src/profile-generator-inl.h +25 -2
data/vendor/v8/src/profile-generator.cc +300 -822
data/vendor/v8/src/profile-generator.h +97 -214
data/vendor/v8/src/regexp-macro-assembler-irregexp.cc +2 -1
data/vendor/v8/src/regexp-macro-assembler-irregexp.h +2 -2
data/vendor/v8/src/regexp-macro-assembler-tracer.cc +6 -5
data/vendor/v8/src/regexp-macro-assembler-tracer.h +1 -1
data/vendor/v8/src/regexp-macro-assembler.cc +7 -3
data/vendor/v8/src/regexp-macro-assembler.h +10 -2
data/vendor/v8/src/regexp.js +6 -0
data/vendor/v8/src/runtime.cc +265 -212
data/vendor/v8/src/runtime.h +6 -5
data/vendor/v8/src/scopes.cc +20 -0
data/vendor/v8/src/scopes.h +6 -3
data/vendor/v8/src/spaces.cc +0 -2
data/vendor/v8/src/string-stream.cc +2 -2
data/vendor/v8/src/v8-counters.h +0 -2
data/vendor/v8/src/v8natives.js +2 -2
data/vendor/v8/src/v8utils.h +6 -3
data/vendor/v8/src/version.cc +1 -1
data/vendor/v8/src/x64/assembler-x64.h +2 -1
data/vendor/v8/src/x64/builtins-x64.cc +5 -4
data/vendor/v8/src/x64/code-stubs-x64.cc +25 -16
data/vendor/v8/src/x64/codegen-x64.cc +2 -2
data/vendor/v8/src/x64/debug-x64.cc +14 -1
data/vendor/v8/src/x64/disasm-x64.cc +1 -1
data/vendor/v8/src/x64/full-codegen-x64.cc +10 -106
data/vendor/v8/src/x64/ic-x64.cc +20 -16
data/vendor/v8/src/x64/lithium-codegen-x64.cc +156 -79
data/vendor/v8/src/x64/lithium-codegen-x64.h +2 -1
data/vendor/v8/src/x64/lithium-x64.cc +18 -8
data/vendor/v8/src/x64/lithium-x64.h +7 -2
data/vendor/v8/src/x64/macro-assembler-x64.cc +50 -40
data/vendor/v8/src/x64/macro-assembler-x64.h +5 -4
data/vendor/v8/src/x64/regexp-macro-assembler-x64.cc +122 -51
data/vendor/v8/src/x64/regexp-macro-assembler-x64.h +17 -8
data/vendor/v8/src/x64/simulator-x64.h +4 -4
data/vendor/v8/src/x64/stub-cache-x64.cc +55 -17
data/vendor/v8/test/cctest/cctest.status +1 -0
data/vendor/v8/test/cctest/test-api.cc +24 -0
data/vendor/v8/test/cctest/test-func-name-inference.cc +38 -0
data/vendor/v8/test/cctest/test-heap-profiler.cc +21 -77
data/vendor/v8/test/cctest/test-heap.cc +164 -3
data/vendor/v8/test/cctest/test-list.cc +12 -0
data/vendor/v8/test/cctest/test-mark-compact.cc +5 -5
data/vendor/v8/test/cctest/test-regexp.cc +14 -8
data/vendor/v8/test/cctest/testcfg.py +2 -0
data/vendor/v8/test/mjsunit/accessor-map-sharing.js +176 -0
data/vendor/v8/test/mjsunit/array-construct-transition.js +3 -3
data/vendor/v8/test/mjsunit/array-literal-transitions.js +10 -10
data/vendor/v8/test/mjsunit/big-array-literal.js +3 -0
data/vendor/v8/test/mjsunit/compiler/inline-construct.js +4 -2
data/vendor/v8/test/mjsunit/debug-liveedit-stack-padding.js +88 -0
data/vendor/v8/test/mjsunit/elements-kind.js +4 -4
data/vendor/v8/test/mjsunit/elements-transition-hoisting.js +2 -2
data/vendor/v8/test/mjsunit/elements-transition.js +5 -5
data/vendor/v8/test/mjsunit/error-constructors.js +68 -33
data/vendor/v8/test/mjsunit/harmony/proxies.js +14 -6
data/vendor/v8/test/mjsunit/mjsunit.status +1 -0
data/vendor/v8/test/mjsunit/packed-elements.js +112 -0
data/vendor/v8/test/mjsunit/regexp-capture-3.js +6 -0
data/vendor/v8/test/mjsunit/regexp-global.js +132 -0
data/vendor/v8/test/mjsunit/regexp.js +11 -0
data/vendor/v8/test/mjsunit/regress/regress-117409.js +52 -0
data/vendor/v8/test/mjsunit/regress/regress-126412.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-128018.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-128146.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-1639-2.js +4 -1
data/vendor/v8/test/mjsunit/regress/regress-1639.js +14 -8
data/vendor/v8/test/mjsunit/regress/regress-1849.js +3 -3
data/vendor/v8/test/mjsunit/regress/regress-1878.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-2071.js +79 -0
data/vendor/v8/test/mjsunit/regress/regress-2153.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-122271.js +4 -4
data/vendor/v8/test/mjsunit/regress/regress-crbug-126414.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-smi-only-concat.js +2 -2
data/vendor/v8/test/mjsunit/regress/regress-transcendental.js +49 -0
data/vendor/v8/test/mjsunit/stack-traces.js +14 -0
data/vendor/v8/test/mjsunit/unbox-double-arrays.js +4 -3
data/vendor/v8/test/test262/testcfg.py +6 -1
data/vendor/v8/tools/check-static-initializers.sh +11 -3
data/vendor/v8/tools/fuzz-harness.sh +92 -0
data/vendor/v8/tools/grokdump.py +658 -67
data/vendor/v8/tools/gyp/v8.gyp +21 -39
data/vendor/v8/tools/js2c.py +3 -3
data/vendor/v8/tools/jsmin.py +2 -2
data/vendor/v8/tools/presubmit.py +2 -1
data/vendor/v8/tools/test-wrapper-gypbuild.py +25 -11
metadata +624 -612

data/vendor/v8/src/mark-compact.h CHANGED

@@ -42,6 +42,7 @@ typedef bool (*IsAliveFunction)(HeapObject* obj, int* size, int* offset);
 // Forward declarations.
 class CodeFlusher;
 class GCTracer;
+class MarkCompactCollector;
 class MarkingVisitor;
 class RootMarkingVisitor;
@@ -166,7 +167,6 @@ class Marking {
 // ----------------------------------------------------------------------------
 // Marking deque for tracing live objects.
 class MarkingDeque {
  public:
   MarkingDeque()
@@ -383,6 +383,34 @@ class SlotsBuffer {
 };
+// -------------------------------------------------------------------------
+// Marker shared between incremental and non-incremental marking
+template<class BaseMarker> class Marker {
+ public:
+  Marker(BaseMarker* base_marker, MarkCompactCollector* mark_compact_collector)
+      : base_marker_(base_marker),
+        mark_compact_collector_(mark_compact_collector) {}
+  // Mark pointers in a Map and its DescriptorArray together, possibly
+  // treating transitions or back pointers weak.
+  void MarkMapContents(Map* map);
+  void MarkDescriptorArray(DescriptorArray* descriptors);
+  void MarkAccessorPairSlot(AccessorPair* accessors, int offset);
+ private:
+  BaseMarker* base_marker() {
+    return base_marker_;
+  }
+  MarkCompactCollector* mark_compact_collector() {
+    return mark_compact_collector_;
+  }
+  BaseMarker* base_marker_;
+  MarkCompactCollector* mark_compact_collector_;
+};
 // Defined in isolate.h.
 class ThreadLocalTop;
@@ -584,8 +612,6 @@ class MarkCompactCollector {
   bool was_marked_incrementally_;
-  bool collect_maps_;
   bool flush_monomorphic_ics_;
   // A pointer to the current stack-allocated GC tracer object during a full
@@ -608,12 +634,13 @@ class MarkCompactCollector {
   //
   //   After: Live objects are marked and non-live objects are unmarked.
   friend class RootMarkingVisitor;
   friend class MarkingVisitor;
   friend class StaticMarkingVisitor;
   friend class CodeMarkingVisitor;
   friend class SharedFunctionInfoMarkingVisitor;
+  friend class Marker<IncrementalMarking>;
+  friend class Marker<MarkCompactCollector>;
   // Mark non-optimize code for functions inlined into the given optimized
   // code. This will prevent it from being flushed.
@@ -631,29 +658,25 @@ class MarkCompactCollector {
   void AfterMarking();
   // Marks the object black and pushes it on the marking stack.
-  // This is for non-incremental marking.
+  // Returns true if object needed marking and false otherwise.
+  // This is for non-incremental marking only.
+  INLINE(bool MarkObjectAndPush(HeapObject* obj));
+  // Marks the object black and pushes it on the marking stack.
+  // This is for non-incremental marking only.
   INLINE(void MarkObject(HeapObject* obj, MarkBit mark_bit));
-  INLINE(bool MarkObjectWithoutPush(HeapObject* object));
-  INLINE(void MarkObjectAndPush(HeapObject* value));
+  // Marks the object black without pushing it on the marking stack.
+  // Returns true if object needed marking and false otherwise.
+  // This is for non-incremental marking only.
+  INLINE(bool MarkObjectWithoutPush(HeapObject* obj));
-  // Marks the object black.  This is for non-incremental marking.
+  // Marks the object black assuming that it is not yet marked.
+  // This is for non-incremental marking only.
   INLINE(void SetMark(HeapObject* obj, MarkBit mark_bit));
   void ProcessNewlyMarkedObject(HeapObject* obj);
-  // Creates back pointers for all map transitions, stores them in
-  // the prototype field.  The original prototype pointers are restored
-  // in ClearNonLiveTransitions().  All JSObject maps
-  // connected by map transitions have the same prototype object, which
-  // is why we can use this field temporarily for back pointers.
-  void CreateBackPointers();
-  // Mark a Map and its DescriptorArray together, skipping transitions.
-  void MarkMapContents(Map* map);
-  void MarkAccessorPairSlot(HeapObject* accessors, int offset);
-  void MarkDescriptorArray(DescriptorArray* descriptors);
   // Mark the heap roots and all objects reachable from them.
   void MarkRoots(RootMarkingVisitor* visitor);
@@ -756,6 +779,7 @@ class MarkCompactCollector {
   MarkingDeque marking_deque_;
   CodeFlusher* code_flusher_;
   Object* encountered_weak_maps_;
+  Marker<MarkCompactCollector> marker_;
   List<Page*> evacuation_candidates_;
   List<Code*> invalidated_code_;

data/vendor/v8/src/messages.js CHANGED

@@ -61,18 +61,21 @@ function FormatString(format, message) {
 // To check if something is a native error we need to check the
-// concrete native error types. It is not enough to check "obj
-// instanceof $Error" because user code can replace
-// NativeError.prototype.__proto__. User code cannot replace
-// NativeError.prototype though and therefore this is a safe test.
+// concrete native error types. It is not sufficient to use instanceof
+// since it possible to create an object that has Error.prototype on
+// its prototype chain. This is the case for DOMException for example.
 function IsNativeErrorObject(obj) {
-  return (obj instanceof $Error) ||
-      (obj instanceof $EvalError) ||
-      (obj instanceof $RangeError) ||
-      (obj instanceof $ReferenceError) ||
-      (obj instanceof $SyntaxError) ||
-      (obj instanceof $TypeError) ||
-      (obj instanceof $URIError);
+  switch (%_ClassOf(obj)) {
+    case 'Error':
+    case 'EvalError':
+    case 'RangeError':
+    case 'ReferenceError':
+    case 'SyntaxError':
+    case 'TypeError':
+    case 'URIError':
+      return true;
+  }
+  return false;
 }
@@ -745,7 +748,7 @@ function GetPositionInLine(message) {
 function GetStackTraceLine(recv, fun, pos, isGlobal) {
-  return FormatSourcePosition(new CallSite(recv, fun, pos));
+  return new CallSite(recv, fun, pos).toString();
 }
 // ----------------------------------------------------------------------------
@@ -785,15 +788,7 @@ function CallSiteGetThis() {
 }
 function CallSiteGetTypeName() {
-  var constructor = this.receiver.constructor;
-  if (!constructor) {
-    return %_CallFunction(this.receiver, ObjectToString);
-  }
-  var constructorName = constructor.name;
-  if (!constructorName) {
-    return %_CallFunction(this.receiver, ObjectToString);
-  }
-  return constructorName;
+  return GetTypeName(this, false);
 }
 function CallSiteIsToplevel() {
@@ -827,8 +822,10 @@ function CallSiteGetFunctionName() {
   var name = this.fun.name;
   if (name) {
     return name;
-  } else {
-    return %FunctionGetInferredName(this.fun);
+  }
+  name = %FunctionGetInferredName(this.fun);
+  if (name) {
+    return name;
   }
   // Maybe this is an evaluation?
   var script = %FunctionGetScript(this.fun);
@@ -919,6 +916,69 @@ function CallSiteIsConstructor() {
   return this.fun === constructor;
 }
+function CallSiteToString() {
+  var fileName;
+  var fileLocation = "";
+  if (this.isNative()) {
+    fileLocation = "native";
+  } else if (this.isEval()) {
+    fileName = this.getScriptNameOrSourceURL();
+    if (!fileName) {
+      fileLocation = this.getEvalOrigin();
+    }
+  } else {
+    fileName = this.getFileName();
+  }
+  if (fileName) {
+    fileLocation += fileName;
+    var lineNumber = this.getLineNumber();
+    if (lineNumber != null) {
+      fileLocation += ":" + lineNumber;
+      var columnNumber = this.getColumnNumber();
+      if (columnNumber) {
+        fileLocation += ":" + columnNumber;
+      }
+    }
+  }
+  if (!fileLocation) {
+    fileLocation = "unknown source";
+  }
+  var line = "";
+  var functionName = this.getFunctionName();
+  var addSuffix = true;
+  var isConstructor = this.isConstructor();
+  var isMethodCall = !(this.isToplevel() || isConstructor);
+  if (isMethodCall) {
+    var typeName = GetTypeName(this, true);
+    var methodName = this.getMethodName();
+    if (functionName) {
+      if (typeName && functionName.indexOf(typeName) != 0) {
+        line += typeName + ".";
+      }
+      line += functionName;
+      if (methodName && functionName.lastIndexOf("." + methodName) !=
+          functionName.length - methodName.length - 1) {
+        line += " [as " + methodName + "]";
+      }
+    } else {
+      line += typeName + "." + (methodName || "<anonymous>");
+    }
+  } else if (isConstructor) {
+    line += "new " + (functionName || "<anonymous>");
+  } else if (functionName) {
+    line += functionName;
+  } else {
+    line += fileLocation;
+    addSuffix = false;
+  }
+  if (addSuffix) {
+    line += " (" + fileLocation + ")";
+  }
+  return line;
+}
 SetUpLockedPrototype(CallSite, $Array("receiver", "fun", "pos"), $Array(
   "getThis", CallSiteGetThis,
   "getTypeName", CallSiteGetTypeName,
@@ -934,7 +994,8 @@ SetUpLockedPrototype(CallSite, $Array("receiver", "fun", "pos"), $Array(
   "getColumnNumber", CallSiteGetColumnNumber,
   "isNative", CallSiteIsNative,
   "getPosition", CallSiteGetPosition,
-  "isConstructor", CallSiteIsConstructor
+  "isConstructor", CallSiteIsConstructor,
+  "toString", CallSiteToString
 ));
@@ -976,65 +1037,6 @@ function FormatEvalOrigin(script) {
   return eval_origin;
 }
-function FormatSourcePosition(frame) {
-  var fileName;
-  var fileLocation = "";
-  if (frame.isNative()) {
-    fileLocation = "native";
-  } else if (frame.isEval()) {
-    fileName = frame.getScriptNameOrSourceURL();
-    if (!fileName) {
-      fileLocation = frame.getEvalOrigin();
-    }
-  } else {
-    fileName = frame.getFileName();
-  }
-  if (fileName) {
-    fileLocation += fileName;
-    var lineNumber = frame.getLineNumber();
-    if (lineNumber != null) {
-      fileLocation += ":" + lineNumber;
-      var columnNumber = frame.getColumnNumber();
-      if (columnNumber) {
-        fileLocation += ":" + columnNumber;
-      }
-    }
-  }
-  if (!fileLocation) {
-    fileLocation = "unknown source";
-  }
-  var line = "";
-  var functionName = frame.getFunction().name;
-  var addPrefix = true;
-  var isConstructor = frame.isConstructor();
-  var isMethodCall = !(frame.isToplevel() || isConstructor);
-  if (isMethodCall) {
-    var methodName = frame.getMethodName();
-    line += frame.getTypeName() + ".";
-    if (functionName) {
-      line += functionName;
-      if (methodName && (methodName != functionName)) {
-        line += " [as " + methodName + "]";
-      }
-    } else {
-      line += methodName || "<anonymous>";
-    }
-  } else if (isConstructor) {
-    line += "new " + (functionName || "<anonymous>");
-  } else if (functionName) {
-    line += functionName;
-  } else {
-    line += fileLocation;
-    addPrefix = false;
-  }
-  if (addPrefix) {
-    line += " (" + fileLocation + ")";
-  }
-  return line;
-}
 function FormatStackTrace(error, frames) {
   var lines = [];
   try {
@@ -1050,7 +1052,7 @@ function FormatStackTrace(error, frames) {
     var frame = frames[i];
     var line;
     try {
-      line = FormatSourcePosition(frame);
+      line = frame.toString();
     } catch (e) {
       try {
         line = "<error: " + e + ">";
@@ -1081,6 +1083,19 @@ function FormatRawStackTrace(error, raw_stack) {
   }
 }
+function GetTypeName(obj, requireConstructor) {
+  var constructor = obj.receiver.constructor;
+  if (!constructor) {
+    return requireConstructor ? null :
+        %_CallFunction(obj.receiver, ObjectToString);
+  }
+  var constructorName = constructor.name;
+  if (!constructorName) {
+    return requireConstructor ? null :
+        %_CallFunction(obj.receiver, ObjectToString);
+  }
+  return constructorName;
+}
 function captureStackTrace(obj, cons_opt) {
   var stackTraceLimit = $Error.stackTraceLimit;
@@ -1125,13 +1140,7 @@ function SetUpError() {
     }
     %FunctionSetInstanceClassName(f, 'Error');
     %SetProperty(f.prototype, 'constructor', f, DONT_ENUM);
-    // The name property on the prototype of error objects is not
-    // specified as being read-one and dont-delete. However, allowing
-    // overwriting allows leaks of error objects between script blocks
-    // in the same context in a browser setting. Therefore we fix the
-    // name.
-    %SetProperty(f.prototype, "name", name,
-                 DONT_ENUM | DONT_DELETE | READ_ONLY)  ;
+    %SetProperty(f.prototype, "name", name, DONT_ENUM);
     %SetCode(f, function(m) {
       if (%_IsConstructCall()) {
         // Define all the expected properties directly on the error
@@ -1147,10 +1156,8 @@ function SetUpError() {
               return FormatMessage(%NewMessageObject(obj.type, obj.arguments));
           });
         } else if (!IS_UNDEFINED(m)) {
-          %IgnoreAttributesAndSetProperty(this,
-                                          'message',
-                                          ToString(m),
-                                          DONT_ENUM);
+          %IgnoreAttributesAndSetProperty(
+            this, 'message', ToString(m), DONT_ENUM);
         }
         captureStackTrace(this, f);
       } else {
@@ -1180,16 +1187,41 @@ $Error.captureStackTrace = captureStackTrace;
 var visited_errors = new InternalArray();
 var cyclic_error_marker = new $Object();
+function GetPropertyWithoutInvokingMonkeyGetters(error, name) {
+  // Climb the prototype chain until we find the holder.
+  while (error && !%HasLocalProperty(error, name)) {
+    error = error.__proto__;
+  }
+  if (error === null) return void 0;
+  if (!IS_OBJECT(error)) return error[name];
+  // If the property is an accessor on one of the predefined errors that can be
+  // generated statically by the compiler, don't touch it. This is to address
+  // http://code.google.com/p/chromium/issues/detail?id=69187
+  var desc = %GetOwnProperty(error, name);
+  if (desc && desc[IS_ACCESSOR_INDEX]) {
+    var isName = name === "name";
+    if (error === $ReferenceError.prototype)
+      return isName ? "ReferenceError" : void 0;
+    if (error === $SyntaxError.prototype)
+      return isName ? "SyntaxError" : void 0;
+    if (error === $TypeError.prototype)
+      return isName ? "TypeError" : void 0;
+  }
+  // Otherwise, read normally.
+  return error[name];
+}
 function ErrorToStringDetectCycle(error) {
   if (!%PushIfAbsent(visited_errors, error)) throw cyclic_error_marker;
   try {
-    var type = error.type;
-    var name = error.name;
+    var type = GetPropertyWithoutInvokingMonkeyGetters(error, "type");
+    var name = GetPropertyWithoutInvokingMonkeyGetters(error, "name");
     name = IS_UNDEFINED(name) ? "Error" : TO_STRING_INLINE(name);
-    var message = error.message;
+    var message = GetPropertyWithoutInvokingMonkeyGetters(error, "message");
     var hasMessage = %_CallFunction(error, "message", ObjectHasOwnProperty);
     if (type && !hasMessage) {
-      message = FormatMessage(%NewMessageObject(type, error.arguments));
+      var args = GetPropertyWithoutInvokingMonkeyGetters(error, "arguments");
+      message = FormatMessage(%NewMessageObject(type, args));
     }
     message = IS_UNDEFINED(message) ? "" : TO_STRING_INLINE(message);
     if (name === "") return message;

data/vendor/v8/src/mips/builtins-mips.cc CHANGED

@@ -118,7 +118,7 @@ static void AllocateEmptyJSArray(MacroAssembler* masm,
                                  Label* gc_required) {
   const int initial_capacity = JSArray::kPreallocatedArrayElements;
   STATIC_ASSERT(initial_capacity >= 0);
-  __ LoadInitialArrayMap(array_function, scratch2, scratch1);
+  __ LoadInitialArrayMap(array_function, scratch2, scratch1, false);
   // Allocate the JSArray object together with space for a fixed array with the
   // requested elements.
@@ -214,7 +214,8 @@ static void AllocateJSArray(MacroAssembler* masm,
                             bool fill_with_hole,
                             Label* gc_required) {
   // Load the initial map from the array function.
-  __ LoadInitialArrayMap(array_function, scratch2, elements_array_storage);
+  __ LoadInitialArrayMap(array_function, scratch2,
+                         elements_array_storage, fill_with_hole);
   if (FLAG_debug_code) {  // Assert that array size is not zero.
     __ Assert(
@@ -449,10 +450,10 @@ static void ArrayNativeCode(MacroAssembler* masm,
   __ Branch(call_generic_code);
   __ bind(&not_double);
-  // Transition FAST_SMI_ONLY_ELEMENTS to FAST_ELEMENTS.
+  // Transition FAST_SMI_ELEMENTS to FAST_ELEMENTS.
   // a3: JSArray
   __ lw(a2, FieldMemOperand(a3, HeapObject::kMapOffset));
-  __ LoadTransitionedArrayMapConditional(FAST_SMI_ONLY_ELEMENTS,
+  __ LoadTransitionedArrayMapConditional(FAST_SMI_ELEMENTS,
                                          FAST_ELEMENTS,
                                          a2,
                                          t5,