v8/test/mjsunit/regress/regress-crbug-598998.js
Adam Klein 1769f892ce [cleanup] Remove always-off support for tail calls
The tail call implementation is hidden behind the --harmony-tailcalls
flag, which is off-by-default (and has been unstaged since February).
It is known to be broken in a variety of cases, including clusterfuzz
security issues (see sample Chromium issues below). To avoid letting
the implementation bitrot further on trunk, this patch removes it.

Bug: v8:4698, chromium:636914, chromium:724746
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c
Reviewed-on: https://chromium-review.googlesource.com/569069
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46651}
2017-07-13 19:29:05 +00:00

33 lines
534 B
JavaScript

// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
"use strict";
function deopt_function(func) {
%DeoptimizeFunction(func);
}
function f(x) {
return deopt_function(h);
}
function g(x) {
return f(x, 1);
}
function h(x) {
g(x, 1);
}
%SetForceInlineFlag(g);
%SetForceInlineFlag(f);
%NeverOptimizeFunction(deopt_function);
h(1);
h(1);
%OptimizeFunctionOnNextCall(h);
h(1);