2bc09c95fb
This fixes a corner-case where resuming a suspended generator would not perform stack overflow checks and hence cause the stack to grow without bounds. R=neis@chromium.org BUG=chromium:781583 Change-Id: Ib04116e489ac6b962cb821263860497abb57bbae Reviewed-on: https://chromium-review.googlesource.com/765953 Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49327}
26 lines
602 B
JavaScript
26 lines
602 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
function* generator(a) {
|
|
a.pop().next();
|
|
}
|
|
|
|
function prepareGenerators(n) {
|
|
var a = [{ next: () => 0 }];
|
|
for (var i = 0; i < n; ++i) {
|
|
a.push(generator(a));
|
|
}
|
|
return a;
|
|
}
|
|
|
|
var gens1 = prepareGenerators(10);
|
|
assertDoesNotThrow(() => gens1.pop().next());
|
|
|
|
%OptimizeFunctionOnNextCall(generator);
|
|
|
|
var gens2 = prepareGenerators(200000);
|
|
assertThrows(() => gens2.pop().next(), RangeError);
|