AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
49f1450b3f
v8/test/mjsunit/regress/regress-889722.js
Georg Neis bcbb6d9eb4 [turbofan] Prepare broker for the next steps. 
- Add a new broker mode kRetired, in which the heap can
  again be accessed.
- Change the way modes work. We now always start in kDisabled.
  If FLAG_concurrent_compiler_frontend is on, we eventually move
  to kSerializing, then to kSerialized, then to kRetired.
- Add an ObjectDataKind to ObjectData that indicates whether the
  data is just a dummy (i.e. created while broker was in kDisabled
  mode).

This also happens to fix a bug found by clusterfuzz.

Bug: v8:7790, chromium:889722
Change-Id: I38833fe7ad26d2d3efb15ba560576defb82f673a
Reviewed-on: https://chromium-review.googlesource.com/1245425
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56260}
2018-09-27 10:22:51 +00:00

12 lines
454 B
JavaScript
Raw Blame History

// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
function getRandomProperty(v, rand) {
var properties = Object.getOwnPropertyNames(v);
return properties[rand % properties.length];
}
r = Realm.create();
o = Realm.eval(r, "() => { return Realm.global(-10) instanceof Object }");
o.__p_211203344 = o[getRandomProperty(o, 211203344)];
Reference in New Issue View Git Blame Copy Permalink