61ce45c9e2
With bytecode flushing and lazy feedback allocation, we need to call %PrepareForOptimization before we call %OptimizeFunctionOnNextCall, ideally after declaring the function. Bug: v8:8801, v8:8394, v8:9183 Change-Id: I6bf119e726426df8527d97546b6ce806112c894d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643167 Auto-Submit: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#61988}
25 lines
543 B
JavaScript
25 lines
543 B
JavaScript
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-syntax --stress-compaction
|
|
|
|
// To reliably reproduce the crash use --verify-heap --random-seed=-133185440
|
|
|
|
function __f_2(o) {
|
|
return o.field.b.x;
|
|
}
|
|
|
|
%PrepareFunctionForOptimization(__f_2);
|
|
|
|
try {
|
|
%OptimizeFunctionOnNextCall(__f_2);
|
|
__v_1 = __f_2();
|
|
} catch (e) { }
|
|
|
|
function __f_3() { __f_3(/./.test()); };
|
|
|
|
try {
|
|
__f_3();
|
|
} catch (e) { }
|