2015-06-17 11:24:15 +00:00
|
|
|
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
|
|
// New space must be at max capacity to trigger pretenuring decision.
|
|
|
|
// Flags: --allow-natives-syntax --verify-heap --max-semi-space-size=1
|
2017-01-26 17:39:09 +00:00
|
|
|
// Flags: --expose-gc --no-always-opt
|
2015-06-17 11:24:15 +00:00
|
|
|
|
|
|
|
var global = []; // Used to keep some objects alive.
|
|
|
|
|
|
|
|
function Ctor() {
|
|
|
|
var result = {a: {}, b: {}, c: {}, d: {}, e: {}, f: {}, g: {}};
|
|
|
|
return result;
|
2019-06-12 14:00:50 +00:00
|
|
|
};
|
|
|
|
%PrepareFunctionForOptimization(Ctor);
|
2016-08-08 11:31:23 +00:00
|
|
|
gc();
|
|
|
|
|
2015-06-17 11:24:15 +00:00
|
|
|
for (var i = 0; i < 120; i++) {
|
|
|
|
// Make the "a" property long-lived, while everything else is short-lived.
|
|
|
|
global.push(Ctor().a);
|
2019-06-12 14:00:50 +00:00
|
|
|
(function FillNewSpace() {
|
|
|
|
new Array(10000);
|
|
|
|
})();
|
2015-06-17 11:24:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// The bad situation is only triggered if Ctor wasn't optimized too early.
|
|
|
|
assertUnoptimized(Ctor);
|
|
|
|
// Optimized code for Ctor will pretenure the "a" property, so it will have
|
|
|
|
// three allocations:
|
|
|
|
// #1 Allocate the "result" object in new-space.
|
|
|
|
// #2 Allocate the object stored in the "a" property in old-space.
|
|
|
|
// #3 Allocate the objects for the "b" through "g" properties in new-space.
|
|
|
|
%OptimizeFunctionOnNextCall(Ctor);
|
|
|
|
for (var i = 0; i < 10000; i++) {
|
|
|
|
// At least one of these calls will run out of new space. The bug is
|
|
|
|
// triggered when it is allocation #3 that triggers GC.
|
|
|
|
Ctor();
|
|
|
|
}
|