AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
8332c0ff11
v8/test/mjsunit/regress/regress-718891.js
Julien Brianceau b41f857b9e Fix common misspellings 
Bug: chromium:750830
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Icab7b5a1c469d5e77d04df8bfca8319784e92af4
Reviewed-on: https://chromium-review.googlesource.com/595655
Commit-Queue: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47072}
2017-08-02 09:35:28 +00:00

69 lines
2.4 KiB
JavaScript
Raw Blame History

// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --expose-gc
function Data() {
}
Data.prototype = { x: 1 };
function TriggerDeopt() {
Data.prototype = { x: 2 };
}
function TestDontSelfHealWithDeoptedCode(run_unoptimized, ClosureFactory) {
// Create some function closures which don't have
// optimized code.
var unoptimized_closure = ClosureFactory();
if (run_unoptimized) {
unoptimized_closure();
}
// Run and optimize the code (do this in a separate function
// so that the closure doesn't leak in a dead register).
(() => {
var optimized_closure = ClosureFactory();
// Use .call to avoid the CallIC retaining the JSFunction in the
// feedback vector via a weak map, which would mean it wouldn't be
// collected in the minor gc below.
optimized_closure.call(undefined);
%OptimizeFunctionOnNextCall(optimized_closure);
optimized_closure.call(undefined);
})();
// Optimize a dummy function, just so it gets linked into the
// Contexts optimized_functions list head, which is in the old
// space, and the link from to the optimized_closure's JSFunction
// moves to the inline link in dummy's JSFunction in the new space,
// otherwise optimized_closure's JSFunction will be retained by the
// old->new remember set.
(() => {
var dummy = function() { return 1; };
%OptimizeFunctionOnNextCall(dummy);
dummy();
})();
// GC the optimized closure with a minor GC - the optimized
// code will remain in the feedback vector.
gc(true);
// Trigger deoptimization by changing the prototype of Data. This
// will mark the code for deopt, but since no live JSFunction has
// optimized code, we won't clear the feedback vector.
TriggerDeopt();
// Call pre-existing functions, these will try to self-heal with the
// optimized code in the feedback vector op, but should bail-out
// since the code is marked for deoptimization.
unoptimized_closure();
}
// Run with the unoptimized closure both uncomplied and compiled for the
// interpreter initially, to test self healing on both CompileLazy and
// the InterpreterEntryTrampoline respectively.
TestDontSelfHealWithDeoptedCode(false,
() => { return () => { return new Data() }});
TestDontSelfHealWithDeoptedCode(true,
() => { return () => { return new Data() }});
Reference in New Issue View Git Blame Copy Permalink