AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
9f13a30034
v8/test/mjsunit/maglev/regress/regress-1363450.js
Jakob Linke 9f13a30034 [maglev] Fix clobbered register in ThrowIfNotSuperConstructor 
The kContextRegister can alias allocated registers - when setting it,
take care not to unintentionally clobber.

Bug: v8:7700
Change-Id: I0635d334fb14fa15540582a4873d4186fffa2199
Fixed: chromium:1363450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897634
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83212}
2022-09-15 11:33:07 +00:00

23 lines
603 B
JavaScript
Raw Blame History

// Copyright 2022 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Flags: --allow-natives-syntax
class C extends (class {}) {
constructor() {
var f = () => {
try { C.__proto__ = null; } catch {}
try { super(); } catch {}
};
%PrepareFunctionForOptimization(f);
f();
%OptimizeMaglevOnNextCall(f);
}
}
try { new C(); } catch {}
// The next 2 calls deopt before reaching relevant bits.
try { new C(); } catch {}
try { new C(); } catch {}
try { new C(); } catch {}
Reference in New Issue View Git Blame Copy Permalink