Implement Function.prototype.toMethod.

src/heap/heap.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/base/once.h"
 #include "src/base/utils/random-number-generator.h"
@@ skipping 2859 matching lines @@
 
   set_detailed_stack_trace_symbol(*factory->NewPrivateSymbol());
   set_elements_transition_symbol(*factory->NewPrivateSymbol());
   set_frozen_symbol(*factory->NewPrivateSymbol());
   set_megamorphic_symbol(*factory->NewPrivateSymbol());
   set_nonexistent_symbol(*factory->NewPrivateSymbol());
   set_normal_ic_symbol(*factory->NewPrivateSymbol());
   set_observed_symbol(*factory->NewPrivateSymbol());
   set_stack_trace_symbol(*factory->NewPrivateSymbol());
   set_uninitialized_symbol(*factory->NewPrivateSymbol());
+  set_home_object_symbol(*factory->NewPrivateOwnSymbol());
 
   Handle<SeededNumberDictionary> slow_element_dictionary =
       SeededNumberDictionary::New(isolate(), 0, TENURED);
   slow_element_dictionary->set_requires_slow_elements();
   set_empty_slow_element_dictionary(*slow_element_dictionary);
 
   set_materialized_objects(*factory->NewFixedArray(0, TENURED));
 
   // Handling of script id generation is in Factory::NewScript.
   set_last_script_id(Smi::FromInt(v8::UnboundScript::kNoScriptId));
@@ skipping 782 matching lines @@
 #ifdef DEBUG
   // Make sure result is NOT a global object if valid.
   HeapObject* obj;
   DCHECK(!allocation.To(&obj) || !obj->IsGlobalObject());
 #endif
   return allocation;
 }
 
 
 AllocationResult Heap::CopyJSObject(JSObject* source, AllocationSite* site) {
-  // Never used to copy functions.  If functions need to be copied we
-  // have to be careful to clear the literals array.
-  SLOW_DCHECK(!source->IsJSFunction());
-
   // Make the clone.
   Map* map = source->map();
   int object_size = map->instance_size();
   HeapObject* clone;
 
   DCHECK(site == NULL || AllocationSite::CanTrack(map->instance_type()));
 
   WriteBarrierMode wb_mode = UPDATE_WRITE_BARRIER;
 
   // If we're forced to always allocate, we use the general allocation
@@ skipping 53 matching lines @@
   }
   // Update properties if necessary.
   if (properties->length() > 0) {
     FixedArray* prop;
     {
       AllocationResult allocation = CopyFixedArray(properties);
       if (!allocation.To(&prop)) return allocation;
     }
     JSObject::cast(clone)->set_properties(prop, wb_mode);
   }
+
+  // Clean up literals array.
+  if (source->IsJSFunction()) {

[Toon Verwaest, 2014/08/18 14:15:35]

Are you sure this works? What code object does this get? What if it's optimized?
If we also become optimized, will we get notified in case the function
deoptimizes?

Can you just make a specialized JSFunction::Copy(), that preferably uses
NewFunctionFromSharedFunctionInfo, but additionally copies over properties and
prototype?

[Dmitry Lomov (no reviews), 2014/08/19 13:47:42]

You are quite right, it is easy to write a test that crashes. JSFunction::Copy
is a way to go I guess. Another way would be to properly wire up the
JSFunction's clone into the functions' list etc. but that would break whenever
that logic changes because people will forget to update the cloning logic
(people will forget to update JSFunction::Copy logic as well that that might
just be a less frequent change)

+    SLOW_DCHECK(clone->IsJSFunction());
+    JSFunction* source_fun = JSFunction::cast(source);
+    JSFunction* clone_fun = JSFunction::cast(clone);
+    SharedFunctionInfo* info = source_fun->shared();
+    if (!info->bound()) {
+      int num_literals = info->num_literals();
+      HeapObject* obj;
+      {
+        AllocationResult allocation = AllocateFixedArrayWithFiller(
+            num_literals, NOT_TENURED, undefined_value());
+        if (!allocation.To(&obj)) return allocation;
+      }
+      FixedArray* new_literals = FixedArray::cast(obj);
+      if (num_literals > 0) {
+        new_literals->set(JSFunction::kLiteralNativeContextIndex,
+            JSFunction::NativeContextFromLiterals(source_fun->literals()));
+      }
+      clone_fun->set_literals(new_literals);
+    }
+  }
   // Return the new clone.
   return clone;
 }
 
 
 static inline void WriteOneByteData(Vector<const char> vector, uint8_t* chars,
                                     int len) {
   // Only works for ascii.
   DCHECK(vector.length() == len);
   MemCopy(chars, vector.start(), len);
@@ skipping 2374 matching lines @@
       static_cast<int>(object_sizes_last_time_[index]));
   CODE_AGE_LIST_COMPLETE(ADJUST_LAST_TIME_OBJECT_COUNT)
 #undef ADJUST_LAST_TIME_OBJECT_COUNT
 
   MemCopy(object_counts_last_time_, object_counts_, sizeof(object_counts_));
   MemCopy(object_sizes_last_time_, object_sizes_, sizeof(object_sizes_));
   ClearObjectStats();
 }
 }
 }  // namespace v8::internal