c6a16c10dd
With bytecode flushing and lazy feedback allocation, we need to call %PrepareForOptimization before we call %OptimizeFunctionOnNextCall, ideally after declaring the function. Bug: v8:8801, v8:8394, v8:9183 Change-Id: I3fb257282a30f6526a376a3afdedb44786320d34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648255 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62119}
19 lines
552 B
JavaScript
19 lines
552 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax
|
|
|
|
function includes(key, array) {
|
|
// Transition to dictionary mode in the final invocation.
|
|
array.__defineSetter__(key, () => {});
|
|
// Will then read OOB.
|
|
return array.includes(1234);
|
|
};
|
|
%PrepareFunctionForOptimization(includes);
|
|
includes('', []);
|
|
includes("", []);
|
|
%OptimizeFunctionOnNextCall(includes);
|
|
includes("", []);
|
|
includes("1235", []);
|