ad3724eb10
Causes crashes on canary if there is a GC and the value makes it onto the stack. Bug: chromium:727662 Change-Id: I44fa8cf8a83b43d64418896c0a1f5518401b454f Reviewed-on: https://chromium-review.googlesource.com/519302 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#45623}
23 lines
498 B
JavaScript
23 lines
498 B
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --expose-gc
|
|
|
|
(function() {
|
|
function thingo(i, b) {
|
|
var s = b ? "ac" : "abcd";
|
|
i = i >>> 0;
|
|
if (i < s.length) {
|
|
var c = s.charCodeAt(i);
|
|
gc();
|
|
return c;
|
|
}
|
|
}
|
|
thingo(0, true);
|
|
thingo(0, true);
|
|
%OptimizeFunctionOnNextCall(thingo);
|
|
thingo(0, true);
|
|
|
|
})();
|