8a1812f252
Also add policing code to ensure that optimized frames can in fact lazily deopt at their respective current PC when we patch them for lazy bailout. BUG=chromium:350434 LOG=y R=jarin@chromium.org Review URL: https://codereview.chromium.org/194703008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19834 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
34 lines
826 B
JavaScript
34 lines
826 B
JavaScript
// Copyright 2014 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --gc-global --noincremental-marking --allow-natives-syntax
|
|
|
|
function Ctor() {
|
|
this.foo = 1;
|
|
}
|
|
|
|
var o = new Ctor();
|
|
var p = new Ctor();
|
|
|
|
|
|
function crash(o, timeout) {
|
|
var s = "4000111222"; // Outside Smi range.
|
|
%SetAllocationTimeout(100000, timeout);
|
|
// This allocates a heap number, causing a GC, triggering lazy deopt.
|
|
var end = s >>> 0;
|
|
s = s.substring(0, end);
|
|
// This creates a map dependency, which gives the GC a reason to trigger
|
|
// a lazy deopt when that map dies.
|
|
o.bar = 2;
|
|
}
|
|
|
|
crash(o, 100000);
|
|
crash(o, 100000);
|
|
crash(p, 100000);
|
|
%OptimizeFunctionOnNextCall(crash);
|
|
crash(o, 100000);
|
|
o = null;
|
|
p = null;
|
|
crash({}, 0);
|