Revert "Clean up Context::Lookup and its uses."

This reverts commit 9241. This change shows failures on Mac and Win for the threading tests. Reverting while I investigate. R=fschneider@chromium.org BUG= TEST= Review URL: http://codereview.chromium.org/7886002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert "Clean up Context::Lookup and its uses."
This reverts commit 9241. This change shows failures on Mac and Win for the threading tests. Reverting while I investigate. R=fschneider@chromium.org BUG= TEST= Review URL: http://codereview.chromium.org/7886002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9246 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e9c6a554 · kmillikin@chromium.org · 130b9d78 · e9c6a554 · e9c6a554 · e9c6a554
Commit e9c6a554 authored Sep 13, 2011 by kmillikin@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 246 additions and 182 deletions

contexts.cc src/contexts.cc +54 -46

contexts.h src/contexts.h +24 -14

hydrogen.cc src/hydrogen.cc +1 -0

runtime.cc src/runtime.cc +167 -122

No files found.
--- a/src/contexts.cc
+++ b/src/contexts.cc
@@ -86,14 +86,14 @@ void Context::set_global_proxy(JSObject* object) {
 Handle<Object> Context::Lookup(Handle<String> name,
                               ContextLookupFlags flags,
-                               int* index,
+                               int* index_,
                               PropertyAttributes* attributes,
                               BindingFlags* binding_flags) {
  Isolate* isolate = GetIsolate();
  Handle<Context> context(this, isolate);
  bool follow_context_chain = (flags & FOLLOW_CONTEXT_CHAIN) != 0;
-  *index = -1;
+  *index_ = -1;
  *attributes = ABSENT;
  *binding_flags = MISSING_BINDING;
@@ -110,50 +110,70 @@ Handle<Object> Context::Lookup(Handle<String> name,
      PrintF("\n");
    }
-    // 1. Check global objects, subjects of with, and extension objects.
+    // Check extension/with/global object.
-    if (context->IsGlobalContext() ||
+    if (!context->IsBlockContext() && context->has_extension()) {
-        context->IsWithContext() ||
+      if (context->IsCatchContext()) {
-        (context->IsFunctionContext() && context->has_extension())) {
+        // Catch contexts have the variable name in the extension slot.
-      Handle<JSObject> object(JSObject::cast(context->extension()), isolate);
+        if (name->Equals(String::cast(context->extension()))) {
-      // Context extension objects needs to behave as if they have no
+          if (FLAG_trace_contexts) {
-      // prototype.  So even if we want to follow prototype chains, we need
+            PrintF("=> found in catch context\n");
-      // to only do a local lookup for context extension objects.
+          }
-      if ((flags & FOLLOW_PROTOTYPE_CHAIN) == 0 ||
+          *index_ = Context::THROWN_OBJECT_INDEX;
-          object->IsJSContextExtensionObject()) {
+          *attributes = NONE;
-        *attributes = object->GetLocalPropertyAttribute(*name);
+          *binding_flags = MUTABLE_IS_INITIALIZED;
+          return context;
+        }
      } else {
-        *attributes = object->GetPropertyAttribute(*name);
+        ASSERT(context->IsGlobalContext() ||
-      }
+               context->IsFunctionContext() ||
-      if (*attributes != ABSENT) {
+               context->IsWithContext());
-        if (FLAG_trace_contexts) {
+        // Global, function, and with contexts may have an object in the
-          PrintF("=> found property in context object %p\n",
+        // extension slot.
-                 reinterpret_cast<void*>(*object));
+        Handle<JSObject> extension(JSObject::cast(context->extension()),
+                                   isolate);
+        // Context extension objects needs to behave as if they have no
+        // prototype.  So even if we want to follow prototype chains, we
+        // need to only do a local lookup for context extension objects.
+        if ((flags & FOLLOW_PROTOTYPE_CHAIN) == 0 ||
+            extension->IsJSContextExtensionObject()) {
+          *attributes = extension->GetLocalPropertyAttribute(*name);
+        } else {
+          *attributes = extension->GetPropertyAttribute(*name);
+        }
+        if (*attributes != ABSENT) {
+          // property found
+          if (FLAG_trace_contexts) {
+            PrintF("=> found property in context object %p\n",
+                   reinterpret_cast<void*>(*extension));
+          }
+          return extension;
        }
-        return object;
      }
    }
-    // 2. Check the context proper if it has slots.
+    // Check serialized scope information of functions and blocks. Only
+    // functions can have parameters, and a function name.
    if (context->IsFunctionContext() || context->IsBlockContext()) {
-      // Use serialized scope information of functions and blocks to search
+      // We may have context-local slots.  Check locals in the context.
-      // for the context index.
      Handle<SerializedScopeInfo> scope_info;
      if (context->IsFunctionContext()) {
        scope_info = Handle<SerializedScopeInfo>(
            context->closure()->shared()->scope_info(), isolate);
      } else {
+        ASSERT(context->IsBlockContext());
        scope_info = Handle<SerializedScopeInfo>(
            SerializedScopeInfo::cast(context->extension()), isolate);
      }
      Variable::Mode mode;
-      int slot_index = scope_info->ContextSlotIndex(*name, &mode);
+      int index = scope_info->ContextSlotIndex(*name, &mode);
-      ASSERT(slot_index < 0 || slot_index >= MIN_CONTEXT_SLOTS);
+      ASSERT(index < 0 || index >= MIN_CONTEXT_SLOTS);
-      if (slot_index >= 0) {
+      if (index >= 0) {
        if (FLAG_trace_contexts) {
          PrintF("=> found local in context slot %d (mode = %d)\n",
-                 slot_index, mode);
+                 index, mode);
        }
-        *index = slot_index;
+        *index_ = index;
        // Note: Fixed context slots are statically allocated by the compiler.
        // Statically allocated variables always have a statically known mode,
        // which is the mode with which they were declared when added to the
@@ -186,34 +206,22 @@ Handle<Object> Context::Lookup(Handle<String> name,
      // Check the slot corresponding to the intermediate context holding
      // only the function name variable.
-      if (follow_context_chain && context->IsFunctionContext()) {
+      if (follow_context_chain) {
-        int function_index = scope_info->FunctionContextSlotIndex(*name);
+        int index = scope_info->FunctionContextSlotIndex(*name);
-        if (function_index >= 0) {
+        if (index >= 0) {
          if (FLAG_trace_contexts) {
            PrintF("=> found intermediate function in context slot %d\n",
-                   function_index);
+                   index);
          }
-          *index = function_index;
+          *index_ = index;
          *attributes = READ_ONLY;
          *binding_flags = IMMUTABLE_IS_INITIALIZED;
          return context;
        }
      }
-    } else if (context->IsCatchContext()) {
-      // Catch contexts have the variable name in the extension slot.
-      if (name->Equals(String::cast(context->extension()))) {
-        if (FLAG_trace_contexts) {
-          PrintF("=> found in catch context\n");
-        }
-        *index = Context::THROWN_OBJECT_INDEX;
-        *attributes = NONE;
-        *binding_flags = MUTABLE_IS_INITIALIZED;
-        return context;
-      }
    }
-    // 3. Prepare to continue with the previous (next outermost) context.
+    // Proceed with the previous context.
    if (context->IsGlobalContext()) {
      follow_context_chain = false;
    } else {

--- a/src/contexts.h
+++ b/src/contexts.h
@@ -330,6 +330,12 @@ class Context: public FixedArray {
  // Mark the global context with out of memory.
  inline void mark_out_of_memory();
+  // The exception holder is the object used as a with object in
+  // the implementation of a catch block.
+  bool is_exception_holder(Object* object) {
+    return IsCatchContext() && extension() == object;
+  }
  // A global context hold a list of all functions which have been optimized.
  void AddOptimizedFunction(JSFunction* function);
  void RemoveOptimizedFunction(JSFunction* function);
@@ -349,25 +355,29 @@ class Context: public FixedArray {
 #undef GLOBAL_CONTEXT_FIELD_ACCESSORS
  // Lookup the the slot called name, starting with the current context.
-  // There are three possibilities:
+  // There are 4 possible outcomes:
+  //
+  // 1) index_ >= 0 && result->IsContext():
+  //    most common case, the result is a Context, and index is the
+  //    context slot index, and the slot exists.
+  //    attributes == READ_ONLY for the function name variable, NONE otherwise.
  //
-  // 1) result->IsContext():
+  // 2) index_ >= 0 && result->IsJSObject():
-  //    The binding was found in a context.  *index is always the
+  //    the result is the JSObject arguments object, the index is the parameter
-  //    non-negative slot index.  *attributes is NONE for var and let
+  //    index, i.e., key into the arguments object, and the property exists.
-  //    declarations, READ_ONLY for const declarations (never ABSENT).
+  //    attributes != ABSENT.
  //
-  // 2) result->IsJSObject():
+  // 3) index_ < 0 && result->IsJSObject():
-  //    The binding was found as a named property in a context extension
+  //    the result is the JSObject extension context or the global object,
-  //    object (i.e., was introduced via eval), as a property on the subject
+  //    and the name is the property name, and the property exists.
-  //    of with, or as a property of the global object.  *index is -1 and
+  //    attributes != ABSENT.
-  //    *attributes is not ABSENT.
  //
-  // 3) result.is_null():
+  // 4) index_ < 0 && result.is_null():
-  //    There was no binding found, *index is always -1 and *attributes is
+  //    there was no context found with the corresponding property.
-  //    always ABSENT.
+  //    attributes == ABSENT.
  Handle<Object> Lookup(Handle<String> name,
                        ContextLookupFlags flags,
-                        int* index,
+                        int* index_,
                        PropertyAttributes* attributes,
                        BindingFlags* binding_flags);

--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -4924,6 +4924,7 @@ void HGraphBuilder::VisitCall(Call* expr) {
  } else {
    VariableProxy* proxy = expr->expression()->AsVariableProxy();
+    // FIXME.
    bool global_call = proxy != NULL && proxy->var()->IsUnallocated();
    if (global_call) {

--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -1301,17 +1301,15 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareContextSlot) {
  HandleScope scope(isolate);
  ASSERT(args.length() == 4);
-  // Declarations are always made in a function or global context.  In the
+  CONVERT_ARG_CHECKED(Context, context, 0);
-  // case of eval code, the context passed is the context of the caller,
-  // which may be some nested context and not the declaration context.
-  RUNTIME_ASSERT(args[0]->IsContext());
-  Handle<Context> context(Context::cast(args[0])->declaration_context());
  Handle<String> name(String::cast(args[1]));
  PropertyAttributes mode = static_cast<PropertyAttributes>(args.smi_at(2));
  RUNTIME_ASSERT(mode == READ_ONLY || mode == NONE);
  Handle<Object> initial_value(args[3], isolate);
+  // Declarations are always done in a function or global context.
+  context = Handle<Context>(context->declaration_context());
  int index;
  PropertyAttributes attributes;
  ContextLookupFlags flags = DONT_FOLLOW_CHAINS;
@@ -1320,7 +1318,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareContextSlot) {
      context->Lookup(name, flags, &index, &attributes, &binding_flags);
  if (attributes != ABSENT) {
-    // The name was declared before; check for conflicting re-declarations.
+    // The name was declared before; check for conflicting
+    // re-declarations: This is similar to the code in parser.cc in
+    // the AstBuildingParser::Declare function.
    if (((attributes & READ_ONLY) != 0) || (mode == READ_ONLY)) {
      // Functions are not read-only.
      ASSERT(mode != READ_ONLY || initial_value->IsTheHole());
@@ -1331,41 +1331,53 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareContextSlot) {
    // Initialize it if necessary.
    if (*initial_value != NULL) {
      if (index >= 0) {
-        ASSERT(holder.is_identical_to(context));
+        // The variable or constant context slot should always be in
-        if (((attributes & READ_ONLY) == 0) ||
+        // the function context or the arguments object.
-            context->get(index)->IsTheHole()) {
+        if (holder->IsContext()) {
-          context->set(index, *initial_value);
+          ASSERT(holder.is_identical_to(context));
+          if (((attributes & READ_ONLY) == 0) ||
+              context->get(index)->IsTheHole()) {
+            context->set(index, *initial_value);
+          }
+        } else {
+          // The holder is an arguments object.
+          Handle<JSObject> arguments(Handle<JSObject>::cast(holder));
+          Handle<Object> result = SetElement(arguments, index, initial_value,
+                                             kNonStrictMode);
+          if (result.is_null()) return Failure::Exception();
        }
      } else {
-        // Slow case: The property is in the context extension object of a
+        // Slow case: The property is not in the FixedArray part of the context.
-        // function context or the global object of a global context.
+        Handle<JSObject> context_ext = Handle<JSObject>::cast(holder);
-        Handle<JSObject> object = Handle<JSObject>::cast(holder);
        RETURN_IF_EMPTY_HANDLE(
            isolate,
-            SetProperty(object, name, initial_value, mode, kNonStrictMode));
+            SetProperty(context_ext, name, initial_value,
+                        mode, kNonStrictMode));
      }
    }
  } else {
    // The property is not in the function context. It needs to be
-    // "declared" in the function context's extension context or as a
+    // "declared" in the function context's extension context, or in the
-    // property of the the global object.
+    // global context.
-    Handle<JSObject> object;
+    Handle<JSObject> context_ext;
    if (context->has_extension()) {
-      object = Handle<JSObject>(JSObject::cast(context->extension()));
+      // The function context's extension context exists - use it.
+      context_ext = Handle<JSObject>(JSObject::cast(context->extension()));
    } else {
-      // Context extension objects are allocated lazily.
+      // The function context's extension context does not exists - allocate
-      ASSERT(context->IsFunctionContext());
+      // it.
-      object = isolate->factory()->NewJSObject(
+      context_ext = isolate->factory()->NewJSObject(
          isolate->context_extension_function());
-      context->set_extension(*object);
+      // And store it in the extension slot.
+      context->set_extension(*context_ext);
    }
-    ASSERT(*object != NULL);
+    ASSERT(*context_ext != NULL);
    // Declare the property by setting it to the initial value if provided,
    // or undefined, and use the correct mode (e.g. READ_ONLY attribute for
    // constant declarations).
-    ASSERT(!object->HasLocalProperty(*name));
+    ASSERT(!context_ext->HasLocalProperty(*name));
    Handle<Object> value(isolate->heap()->undefined_value(), isolate);
    if (*initial_value != NULL) value = initial_value;
    // Declaring a const context slot is a conflicting declaration if
@@ -1375,15 +1387,15 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareContextSlot) {
    // SetProperty and no setters are invoked for those since they are
    // not real JSObjects.
    if (initial_value->IsTheHole() &&
-        !object->IsJSContextExtensionObject()) {
+        !context_ext->IsJSContextExtensionObject()) {
      LookupResult lookup;
-      object->Lookup(*name, &lookup);
+      context_ext->Lookup(*name, &lookup);
      if (lookup.IsProperty() && (lookup.type() == CALLBACKS)) {
        return ThrowRedeclarationError(isolate, "const", name);
      }
    }
    RETURN_IF_EMPTY_HANDLE(isolate,
-                           SetProperty(object, name, value, mode,
+                           SetProperty(context_ext, name, value, mode,
                                       kNonStrictMode));
  }
@@ -1581,12 +1593,11 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeConstContextSlot) {
  Handle<Object> value(args[0], isolate);
  ASSERT(!value->IsTheHole());
+  CONVERT_ARG_CHECKED(Context, context, 1);
+  Handle<String> name(String::cast(args[2]));
  // Initializations are always done in a function or global context.
-  RUNTIME_ASSERT(args[1]->IsContext());
+  context = Handle<Context>(context->declaration_context());
-  Handle<Context> context(Context::cast(args[1])->declaration_context());
-  Handle<String> name(String::cast(args[2]));
  int index;
  PropertyAttributes attributes;
@@ -1595,19 +1606,39 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeConstContextSlot) {
  Handle<Object> holder =
      context->Lookup(name, flags, &index, &attributes, &binding_flags);
+  // In most situations, the property introduced by the const
+  // declaration should be present in the context extension object.
+  // However, because declaration and initialization are separate, the
+  // property might have been deleted (if it was introduced by eval)
+  // before we reach the initialization point.
+  //
+  // Example:
+  //
+  //    function f() { eval("delete x; const x;"); }
+  //
+  // In that case, the initialization behaves like a normal assignment
+  // to property 'x'.
  if (index >= 0) {
-    ASSERT(holder->IsContext());
+    if (holder->IsContext()) {
-    // Property was found in a context.  Perform the assignment if we
+      // Property was found in a context.  Perform the assignment if we
-    // found some non-constant or an uninitialized constant.
+      // found some non-constant or an uninitialized constant.
-    Handle<Context> context = Handle<Context>::cast(holder);
+      Handle<Context> context = Handle<Context>::cast(holder);
-    if ((attributes & READ_ONLY) == 0 || context->get(index)->IsTheHole()) {
+      if ((attributes & READ_ONLY) == 0 || context->get(index)->IsTheHole()) {
-      context->set(index, *value);
+        context->set(index, *value);
+      }
+    } else {
+      // The holder is an arguments object.
+      ASSERT((attributes & READ_ONLY) == 0);
+      Handle<JSObject> arguments(Handle<JSObject>::cast(holder));
+      RETURN_IF_EMPTY_HANDLE(
+          isolate,
+          SetElement(arguments, index, value, kNonStrictMode));
    }
    return *value;
  }
-  // The property could not be found, we introduce it as a property of the
+  // The property could not be found, we introduce it in the global
-  // global object.
+  // context.
  if (attributes == ABSENT) {
    Handle<JSObject> global = Handle<JSObject>(
        isolate->context()->global());
@@ -1618,41 +1649,29 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeConstContextSlot) {
    return *value;
  }
-  // The property was present in some function's context extension object,
+  // The property was present in a context extension object.
-  // as a property on the subject of a with, or as a property of the global
+  Handle<JSObject> context_ext = Handle<JSObject>::cast(holder);
-  // object.
-  //
-  // In most situations, eval-introduced consts should still be present in
-  // the context extension object.  However, because declaration and
-  // initialization are separate, the property might have been deleted
-  // before we reach the initialization point.
-  //
-  // Example:
-  //
-  //    function f() { eval("delete x; const x;"); }
-  //
-  // In that case, the initialization behaves like a normal assignment.
-  Handle<JSObject> object = Handle<JSObject>::cast(holder);
-  if (*object == context->extension()) {
+  if (*context_ext == context->extension()) {
-    // This is the property that was introduced by the const declaration.
+    // This is the property that was introduced by the const
-    // Set it if it hasn't been set before.  NOTE: We cannot use
+    // declaration.  Set it if it hasn't been set before.  NOTE: We
-    // GetProperty() to get the current value as it 'unholes' the value.
+    // cannot use GetProperty() to get the current value as it
+    // 'unholes' the value.
    LookupResult lookup;
-    object->LocalLookupRealNamedProperty(*name, &lookup);
+    context_ext->LocalLookupRealNamedProperty(*name, &lookup);
    ASSERT(lookup.IsProperty());  // the property was declared
    ASSERT(lookup.IsReadOnly());  // and it was declared as read-only
    PropertyType type = lookup.type();
    if (type == FIELD) {
-      FixedArray* properties = object->properties();
+      FixedArray* properties = context_ext->properties();
      int index = lookup.GetFieldIndex();
      if (properties->get(index)->IsTheHole()) {
        properties->set(index, *value);
      }
    } else if (type == NORMAL) {
-      if (object->GetNormalizedProperty(&lookup)->IsTheHole()) {
+      if (context_ext->GetNormalizedProperty(&lookup)->IsTheHole()) {
-        object->SetNormalizedProperty(&lookup, *value);
+        context_ext->SetNormalizedProperty(&lookup, *value);
      }
    } else {
      // We should not reach here. Any real, named property should be
@@ -1660,13 +1679,13 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeConstContextSlot) {
      UNREACHABLE();
    }
  } else {
-    // The property was found on some other object.  Set it if it is not a
+    // The property was found in a different context extension object.
-    // read-only property.
+    // Set it if it is not a read-only property.
    if ((attributes & READ_ONLY) == 0) {
      // Strict mode not needed (const disallowed in strict mode).
      RETURN_IF_EMPTY_HANDLE(
          isolate,
-          SetProperty(object, name, value, attributes, kNonStrictMode));
+          SetProperty(context_ext, name, value, attributes, kNonStrictMode));
    }
  }
@@ -8544,10 +8563,18 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeleteContextSlot) {
  }
  // The slot was found in a JSObject, either a context extension object,
-  // the global object, or the subject of a with.  Try to delete it
+  // the global object, or an arguments object.  Try to delete it
-  // (respecting DONT_DELETE).
+  // (respecting DONT_DELETE).  For consistency with V8's usual behavior,
+  // which allows deleting all parameters in functions that mention
+  // 'arguments', we do this even for the case of slots found on an
+  // arguments object.  The slot was found on an arguments object if the
+  // index is non-negative.
  Handle<JSObject> object = Handle<JSObject>::cast(holder);
-  return object->DeleteProperty(*name, JSReceiver::NORMAL_DELETION);
+  if (index >= 0) {
+    return object->DeleteElement(index, JSReceiver::NORMAL_DELETION);
+  } else {
+    return object->DeleteProperty(*name, JSReceiver::NORMAL_DELETION);
+  }
 }
@@ -8632,19 +8659,24 @@ static ObjectPair LoadContextSlotHelper(Arguments args,
                                          &attributes,
                                          &binding_flags);
-  // If the index is non-negative, the slot has been found in a context.
+  // If the index is non-negative, the slot has been found in a local
+  // variable or a parameter. Read it from the context object or the
+  // arguments object.
  if (index >= 0) {
-    ASSERT(holder->IsContext());
+    // If the "property" we were looking for is a local variable or an
-    // If the "property" we were looking for is a local variable, the
+    // argument in a context, the receiver is the global object; see
-    // receiver is the global object; see ECMA-262, 3rd., 10.1.6 and 10.2.3.
+    // ECMA-262, 3rd., 10.1.6 and 10.2.3.
    //
-    // Use the hole as the receiver to signal that the receiver is implicit
+    // Use the hole as the receiver to signal that the receiver is
-    // and that the global receiver should be used (as distinguished from an
+    // implicit and that the global receiver should be used.
-    // explicit receiver that happens to be a global object).
    Handle<Object> receiver = isolate->factory()->the_hole_value();
-    Object* value = Context::cast(*holder)->get(index);
+    MaybeObject* value = (holder->IsContext())
+        ? Context::cast(*holder)->get(index)
+        : JSObject::cast(*holder)->GetElement(index);
    // Check for uninitialized bindings.
-    if (binding_flags == MUTABLE_CHECK_INITIALIZED && value->IsTheHole()) {
+    if (holder->IsContext() &&
+        binding_flags == MUTABLE_CHECK_INITIALIZED &&
+        value->IsTheHole()) {
      Handle<Object> reference_error =
          isolate->factory()->NewReferenceError("not_defined",
                                                HandleVector(&name, 1));
@@ -8654,18 +8686,25 @@ static ObjectPair LoadContextSlotHelper(Arguments args,
    }
  }
-  // Otherwise, if the slot was found the holder is a context extension
+  // If the holder is found, we read the property from it.
-  // object, subject of a with, or a global object.  We read the named
+  if (!holder.is_null() && holder->IsJSObject()) {
-  // property from it.
+    ASSERT(Handle<JSObject>::cast(holder)->HasProperty(*name));
-  if (!holder.is_null()) {
    JSObject* object = JSObject::cast(*holder);
-    ASSERT(object->HasProperty(*name));
+    Object* receiver;
+    if (object->IsGlobalObject()) {
+      receiver = GlobalObject::cast(object)->global_receiver();
+    } else if (context->is_exception_holder(*holder)) {
+      // Use the hole as the receiver to signal that the receiver is
+      // implicit and that the global receiver should be used.
+      receiver = isolate->heap()->the_hole_value();
+    } else {
+      receiver = ComputeReceiverForNonGlobal(isolate, object);
+    }
    // GetProperty below can cause GC.
-    Handle<Object> receiver_handle(object->IsGlobalObject()
+    Handle<Object> receiver_handle(receiver);
-        ? GlobalObject::cast(object)->global_receiver()
-        : ComputeReceiverForNonGlobal(isolate, object));
-    // No need to unhole the value here.  This is taken care of by the
+    // No need to unhole the value here. This is taken care of by the
    // GetProperty function.
    MaybeObject* value = object->GetProperty(*name);
    return MakePair(value, *receiver_handle);
@@ -8718,37 +8757,45 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_StoreContextSlot) {
                                          &binding_flags);
  if (index >= 0) {
-    // The property was found in a context slot.
+    if (holder->IsContext()) {
-    Handle<Context> context = Handle<Context>::cast(holder);
+      Handle<Context> context = Handle<Context>::cast(holder);
-    if (binding_flags == MUTABLE_CHECK_INITIALIZED &&
+      if (binding_flags == MUTABLE_CHECK_INITIALIZED &&
-        context->get(index)->IsTheHole()) {
+          context->get(index)->IsTheHole()) {
-      Handle<Object> error =
+        Handle<Object> error =
-          isolate->factory()->NewReferenceError("not_defined",
+            isolate->factory()->NewReferenceError("not_defined",
-                                                HandleVector(&name, 1));
+                                                  HandleVector(&name, 1));
-      return isolate->Throw(*error);
+        return isolate->Throw(*error);
-    }
+      }
-    // Ignore if read_only variable.
+      // Ignore if read_only variable.
-    if ((attributes & READ_ONLY) == 0) {
+      if ((attributes & READ_ONLY) == 0) {
-      // Context is a fixed array and set cannot fail.
+        // Context is a fixed array and set cannot fail.
-      context->set(index, *value);
+        context->set(index, *value);
-    } else if (strict_mode == kStrictMode) {
+      } else if (strict_mode == kStrictMode) {
-      // Setting read only property in strict mode.
+        // Setting read only property in strict mode.
-      Handle<Object> error =
+        Handle<Object> error =
-          isolate->factory()->NewTypeError("strict_cannot_assign",
+            isolate->factory()->NewTypeError("strict_cannot_assign",
-                                           HandleVector(&name, 1));
+                                             HandleVector(&name, 1));
-      return isolate->Throw(*error);
+        return isolate->Throw(*error);
+      }
+    } else {
+      ASSERT((attributes & READ_ONLY) == 0);
+      Handle<Object> result =
+          SetElement(Handle<JSObject>::cast(holder), index, value, strict_mode);
+      if (result.is_null()) {
+        ASSERT(isolate->has_pending_exception());
+        return Failure::Exception();
+      }
    }
    return *value;
  }
-  // Slow case: The property is not in a context slot.  It is either in a
+  // Slow case: The property is not in a FixedArray context.
-  // context extension object, a property of the subject of a with, or a
+  // It is either in an JSObject extension context or it was not found.
-  // property of the global object.
+  Handle<JSObject> context_ext;
-  Handle<JSObject> object;
  if (!holder.is_null()) {
-    // The property exists on the holder.
+    // The property exists in the extension context.
-    object = Handle<JSObject>::cast(holder);
+    context_ext = Handle<JSObject>::cast(holder);
  } else {
    // The property was not found.
    ASSERT(attributes == ABSENT);
@@ -8756,21 +8803,22 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_StoreContextSlot) {
    if (strict_mode == kStrictMode) {
      // Throw in strict mode (assignment to undefined variable).
      Handle<Object> error =
-          isolate->factory()->NewReferenceError(
+        isolate->factory()->NewReferenceError(
-              "not_defined", HandleVector(&name, 1));
+            "not_defined", HandleVector(&name, 1));
      return isolate->Throw(*error);
    }
-    // In non-strict mode, the property is added to the global object.
+    // In non-strict mode, the property is stored in the global context.
    attributes = NONE;
-    object = Handle<JSObject>(isolate->context()->global());
+    context_ext = Handle<JSObject>(isolate->context()->global());
  }
-  // Set the property if it's not read only or doesn't yet exist.
+  // Set the property, but ignore if read_only variable on the context
+  // extension object itself.
  if ((attributes & READ_ONLY) == 0 ||
-      (object->GetLocalPropertyAttribute(*name) == ABSENT)) {
+      (context_ext->GetLocalPropertyAttribute(*name) == ABSENT)) {
    RETURN_IF_EMPTY_HANDLE(
        isolate,
-        SetProperty(object, name, value, NONE, strict_mode));
+        SetProperty(context_ext, name, value, NONE, strict_mode));
  } else if (strict_mode == kStrictMode && (attributes & READ_ONLY) != 0) {
    // Setting read only property in strict mode.
    Handle<Object> error =
@@ -9175,9 +9223,6 @@ RUNTIME_FUNCTION(ObjectPair, Runtime_ResolvePossiblyDirectEval) {
  PropertyAttributes attributes = ABSENT;
  BindingFlags binding_flags;
  while (true) {
-    // Don't follow context chains in Context::Lookup and implement the loop
-    // up the context chain here, so that we can know the context where eval
-    // was found.
    receiver = context->Lookup(isolate->factory()->eval_symbol(),
                               FOLLOW_PROTOTYPE_CHAIN,
                               &index,