v8/test/mjsunit/regress/regress-crbug-1171954.js
Mythri A df98901c19 [interpreter] Store accumulator to callee after optional chain checks
Optional chain checks check if the object is null or undefined and
if it is we don't perform the load but just load accumulator with
undefined. For calls the value of the accumulator needs to be stored
in the callee register. We were doing this only when the object
isn't null or undefined. This cl fixes it by storing it to callee
always.

Bug: chromium:1171954
Change-Id: I391af18e783486fed70be561027bd8aba97b93cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2665466
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72475}
2021-02-02 11:27:13 +00:00

20 lines
701 B
JavaScript

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --always-opt
// This causes the register used by the call in the later try-catch block to be
// used by the ToName conversion for null which causes a DCHECK fail when
// compiling. If register allocation changes, this test may no longer reproduce
// the crash but it is not easy write a proper test because it is linked to
// register allocation. This test should always work, so shouldn't cause any
// flakes.
try {
var { [null]: __v_12, } = {};
} catch (e) {}
try {
assertEquals((__v_40?.o?.m)().p);
} catch (e) {}