Revert 1469 and 1472 due to a bug with array literals.

src/runtime.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 25 matching lines @@
 #include "cpu.h"
 #include "dateparser.h"
 #include "debug.h"
 #include "execution.h"
 #include "jsregexp.h"
 #include "platform.h"
 #include "runtime.h"
 #include "scopeinfo.h"
 #include "v8threads.h"
 #include "smart-pointer.h"
-#include "parser.h"
 
 namespace v8 { namespace internal {
 
 
 #define RUNTIME_ASSERT(value) do {                                   \
   if (!(value)) return IllegalOperation();                           \
 } while (false)
 
 // Cast the given object to a value of the specified type and store
 // it in a variable with the given name.  If the object is not of the
 // expected type call IllegalOperation and return.
 #define CONVERT_CHECKED(Type, name, obj)                             \
   RUNTIME_ASSERT(obj->Is##Type());                                   \
   Type* name = Type::cast(obj);
 
 #define CONVERT_ARG_CHECKED(Type, name, index)                       \
   RUNTIME_ASSERT(args[index]->Is##Type());                           \
   Handle<Type> name = args.at<Type>(index);
 
 // Cast the given object to a boolean and store it in a variable with
 // the given name.  If the object is not a boolean call IllegalOperation
 // and return.
 #define CONVERT_BOOLEAN_CHECKED(name, obj)                            \
   RUNTIME_ASSERT(obj->IsBoolean());                                   \
   bool name = (obj)->IsTrue();
 
-// Cast the given object to an int and store it in a variable with
-// the given name.  If the object is not a Smi call IllegalOperation
-// and return.
-#define CONVERT_INT_CHECKED(name, obj)                            \
-  RUNTIME_ASSERT(obj->IsSmi());                                   \
-  int name = Smi::cast(obj)->value();
-
 // Cast the given object to a double and store it in a variable with
 // the given name.  If the object is not a number (as opposed to
 // the number not-a-number) call IllegalOperation and return.
 #define CONVERT_DOUBLE_CHECKED(name, obj)                            \
   RUNTIME_ASSERT(obj->IsNumber());                                   \
   double name = (obj)->Number();
 
 // Call the specified converter on the object *comand store the result in
 // a variable of the specified type with the given name.  If the
 // object is not a Number call IllegalOperation and return.
 #define CONVERT_NUMBER_CHECKED(type, name, Type, obj)                \
   RUNTIME_ASSERT(obj->IsNumber());                                   \
   type name = NumberTo##Type(obj);
 
 // Non-reentrant string buffer for efficient general use in this file.
 static StaticResource<StringInputBuffer> runtime_string_input_buffer;
 
 
 static Object* IllegalOperation() {
   return Top::Throw(Heap::illegal_access_symbol());
 }
 
 
-static Object* Runtime_CloneLiteralBoilerplate(Arguments args) {
+static Object* Runtime_CloneObjectLiteralBoilerplate(Arguments args) {
   CONVERT_CHECKED(JSObject, boilerplate, args[0]);
   return Heap::CopyJSObject(boilerplate);
 }
 
 
 static Handle<Map> ComputeObjectLiteralMap(
     Handle<Context> context,
     Handle<FixedArray> constant_properties,
     bool* is_result_from_cache) {
   int number_of_properties = constant_properties->length() / 2;
@@ skipping 18 matching lines @@
       return Factory::ObjectLiteralMapFromCache(context, keys);
     }
   }
   *is_result_from_cache = false;
   return Factory::CopyMap(
       Handle<Map>(context->object_function()->initial_map()),
       number_of_properties);
 }
 
 
-static Handle<Object> CreateLiteralBoilerplate(
-    Handle<FixedArray> literals,
-    Handle<FixedArray> constant_properties);
+static Object* Runtime_CreateObjectLiteralBoilerplate(Arguments args) {
+  HandleScope scope;
+  ASSERT(args.length() == 3);
+  // Copy the arguments.
+  Handle<FixedArray> literals = args.at<FixedArray>(0);
+  int literals_index = Smi::cast(args[1])->value();
+  Handle<FixedArray> constant_properties = args.at<FixedArray>(2);
 
-
-static Handle<Object> CreateObjectLiteralBoilerplate(
-    Handle<FixedArray> literals,
-    Handle<FixedArray> constant_properties) {
   // Get the global context from the literals array.  This is the
   // context in which the function was created and we use the object
   // function from this context to create the object literal.  We do
   // not use the object function from the current global context
   // because this might be the object function from another context
   // which we should not have access to.
   Handle<Context> context =
       Handle<Context>(JSFunction::GlobalContextFromLiterals(*literals));
 
   bool is_result_from_cache;
   Handle<Map> map = ComputeObjectLiteralMap(context,
                                             constant_properties,
                                             &is_result_from_cache);
 
   Handle<JSObject> boilerplate = Factory::NewJSObjectFromMap(map);
   {  // Add the constant properties to the boilerplate.
     int length = constant_properties->length();
     OptimizedObjectForAddingMultipleProperties opt(boilerplate,
                                                    !is_result_from_cache);
     for (int index = 0; index < length; index +=2) {
       Handle<Object> key(constant_properties->get(index+0));
       Handle<Object> value(constant_properties->get(index+1));
-      if (value->IsFixedArray()) {
-        // The value contains the constant_properties of a
-        // simple object literal.
-        Handle<FixedArray> array = Handle<FixedArray>::cast(value);
-        value = CreateLiteralBoilerplate(literals, array);
-        if (value.is_null()) return value;
-      }
       Handle<Object> result;
       uint32_t element_index = 0;
       if (key->IsSymbol()) {
         // If key is a symbol it is not an array element.
         Handle<String> name(String::cast(*key));
         ASSERT(!name->AsArrayIndex(&element_index));
         result = SetProperty(boilerplate, name, value, NONE);
       } else if (Array::IndexFromObject(*key, &element_index)) {
         // Array index (uint32).
         result = SetElement(boilerplate, element_index, value);
       } else {
         // Non-uint32 number.
         ASSERT(key->IsNumber());
         double num = key->Number();
         char arr[100];
         Vector<char> buffer(arr, ARRAY_SIZE(arr));
         const char* str = DoubleToCString(num, buffer);
         Handle<String> name = Factory::NewStringFromAscii(CStrVector(str));
         result = SetProperty(boilerplate, name, value, NONE);
       }
       // If setting the property on the boilerplate throws an
       // exception, the exception is converted to an empty handle in
       // the handle based operations.  In that case, we need to
       // convert back to an exception.
-      if (result.is_null()) return result;
+      if (result.is_null()) return Failure::Exception();
     }
   }
 
-  return boilerplate;
+  // Update the functions literal and return the boilerplate.
+  literals->set(literals_index, *boilerplate);
+
+  return *boilerplate;
 }
 
 
-static Handle<Object> CreateArrayLiteralBoilerplate(
-    Handle<FixedArray> literals,
-    Handle<FixedArray> elements) {
-  // Create the JSArray.
-  Handle<JSFunction> constructor(
-      JSFunction::GlobalContextFromLiterals(*literals)->array_function());
-  Handle<Object> object = Factory::NewJSObject(constructor);
-
-  Handle<Object> copied_elements = Factory::CopyFixedArray(elements);
-
-  Handle<FixedArray> content = Handle<FixedArray>::cast(copied_elements);
-  for (int i = 0; i < content->length(); i++) {
-    if (content->get(i)->IsFixedArray()) {
-      // The value contains the constant_properties of a
-      // simple object literal.
-      Handle<FixedArray> fa(FixedArray::cast(content->get(i)));
-      Handle<Object> result = CreateLiteralBoilerplate(literals, fa);
-      if (result.is_null()) return result;
-      content->set(i, *result);
-    }
-  }
-
-  // Set the elements.
-  Handle<JSArray>::cast(object)->SetContent(*content);
-  return object;
-}
-
-
-static Handle<Object> CreateLiteralBoilerplate(
-    Handle<FixedArray> literals,
-    Handle<FixedArray> array) {
-  Handle<FixedArray> elements = CompileTimeValue::GetElements(array);
-  switch (CompileTimeValue::GetType(array)) {
-    case CompileTimeValue::OBJECT_LITERAL:
-      return CreateObjectLiteralBoilerplate(literals, elements);
-    case CompileTimeValue::ARRAY_LITERAL:
-      return CreateArrayLiteralBoilerplate(literals, elements);
-    default:
-      UNREACHABLE();
-      return Handle<Object>::null();
-  }
-}
-
-
-static Object* Runtime_CreateObjectLiteralBoilerplate(Arguments args) {
-  HandleScope scope;
-  ASSERT(args.length() == 3);
-  // Copy the arguments.
-  CONVERT_ARG_CHECKED(FixedArray, literals, 0);
-  CONVERT_INT_CHECKED(literals_index, args[1]);
-  CONVERT_ARG_CHECKED(FixedArray, constant_properties, 2);
-
-  Handle<Object> result =
-    CreateObjectLiteralBoilerplate(literals, constant_properties);
-
-  if (result.is_null()) return Failure::Exception();
-
-  // Update the functions literal and return the boilerplate.
-  literals->set(literals_index, *result);
-
-  return *result;
-}
-
-
-static Object* Runtime_CreateArrayLiteralBoilerplate(Arguments args) {
+static Object* Runtime_CreateArrayLiteral(Arguments args) {
   // Takes a FixedArray of elements containing the literal elements of
   // the array literal and produces JSArray with those elements.
   // Additionally takes the literals array of the surrounding function
   // which contains the context from which to get the Array function
   // to use for creating the array literal.
-  HandleScope scope;
-  ASSERT(args.length() == 3);
-  CONVERT_ARG_CHECKED(FixedArray, literals, 0);
-  CONVERT_INT_CHECKED(literals_index, args[1]);
-  CONVERT_ARG_CHECKED(FixedArray, elements, 2);
+  ASSERT(args.length() == 2);
+  CONVERT_CHECKED(FixedArray, elements, args[0]);
+  CONVERT_CHECKED(FixedArray, literals, args[1]);
+  JSFunction* constructor =
+      JSFunction::GlobalContextFromLiterals(literals)->array_function();
+  // Create the JSArray.
+  Object* object = Heap::AllocateJSObject(constructor);
+  if (object->IsFailure()) return object;
 
-  Handle<Object> object = CreateArrayLiteralBoilerplate(literals, elements);
-  if (object.is_null()) return Failure::Exception();
+  // Copy the elements.
+  Object* content = elements->Copy();
+  if (content->IsFailure()) return content;
 
-  // Update the functions literal and return the boilerplate.
-  literals->set(literals_index, *object);
-  return *object;
+  // Set the elements.
+  JSArray::cast(object)->SetContent(FixedArray::cast(content));
+  return object;
 }
 
 
 static Object* Runtime_CreateCatchExtensionObject(Arguments args) {
   ASSERT(args.length() == 2);
   CONVERT_CHECKED(String, key, args[0]);
   Object* value = args[1];
   // Create a catch context extension object.
   JSFunction* constructor =
       Top::context()->global_context()->context_extension_function();
@@ skipping 6421 matching lines @@
   } else {
     // Handle last resort GC and make sure to allow future allocations
     // to grow the heap without causing GCs (if possible).
     Counters::gc_last_resort_from_js.Increment();
     Heap::CollectAllGarbage();
   }
 }
 
 
 } }  // namespace v8::internal