1769f892ce
The tail call implementation is hidden behind the --harmony-tailcalls flag, which is off-by-default (and has been unstaged since February). It is known to be broken in a variety of cases, including clusterfuzz security issues (see sample Chromium issues below). To avoid letting the implementation bitrot further on trunk, this patch removes it. Bug: v8:4698, chromium:636914, chromium:724746 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c Reviewed-on: https://chromium-review.googlesource.com/569069 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46651}
46 lines
688 B
JavaScript
46 lines
688 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
function h() {
|
|
var res = g.arguments;
|
|
return res;
|
|
}
|
|
|
|
function g(o) {
|
|
var res = h();
|
|
return res;
|
|
}
|
|
|
|
function f1() {
|
|
var o = { x : 42 };
|
|
var res = g(o);
|
|
return 1;
|
|
}
|
|
|
|
function f0(a, b) {
|
|
"use strict";
|
|
return f1(5);
|
|
}
|
|
|
|
function boom(b) {
|
|
if (b) throw new Error("boom!");
|
|
}
|
|
|
|
%NeverOptimizeFunction(h);
|
|
f0();
|
|
f0();
|
|
%OptimizeFunctionOnNextCall(f0);
|
|
|
|
boom(false);
|
|
boom(false);
|
|
%OptimizeFunctionOnNextCall(boom);
|
|
|
|
try {
|
|
f0(1, 2, 3);
|
|
boom(true, 1, 2, 3);
|
|
} catch (e) {
|
|
}
|