ae11f20e26
A sloppy mode eval call that establishes strict mode will leak that strictness into the sloppy surrounding scope on recompile. This changes the structure of the type feedback vector for the function and crashes follow. The fix is straightforward. BUG=491536, 503565 LOG=N Review URL: https://codereview.chromium.org/1231343003 Cr-Commit-Position: refs/heads/master@{#29671}
22 lines
473 B
JavaScript
22 lines
473 B
JavaScript
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Crashes without the fix for bug 503565.
|
|
function f() {}
|
|
function g() {}
|
|
function h() {
|
|
g()
|
|
}
|
|
(function() {
|
|
eval("\
|
|
\"use strict\";\
|
|
g = (function(x) {\
|
|
+Math.log(+Math.log((+(+x>0)), f(Math.log())))\
|
|
})\
|
|
")
|
|
})()
|
|
for (var j = 0; j < 999; j++) {
|
|
h()
|
|
}
|