e95cfafb67
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no longer assume that the strict arguments object being allocated will fit into new-space. The case where said object needs to move to large object space is now handled in the runtime. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-614727 BUG=chromium:614727 Review-Url: https://codereview.chromium.org/2054853002 Cr-Commit-Position: refs/heads/master@{#36917}
24 lines
955 B
JavaScript
24 lines
955 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
"use strict";
|
|
|
|
function f(a, b, c) { return arguments }
|
|
function g(...args) { return args }
|
|
|
|
// On 64-bit machine this produces a 768K array which is sufficiently small to
|
|
// not cause a stack overflow, but big enough to move the allocated arguments
|
|
// object into large object space (kMaxRegularHeapObjectSize == 600K).
|
|
var length = Math.pow(2, 15) * 3;
|
|
var args = new Array(length);
|
|
assertEquals(length, f.apply(null, args).length);
|
|
assertEquals(length, g.apply(null, args).length);
|
|
|
|
// On 32-bit machines this produces an equally sized array, however it might in
|
|
// turn trigger a stack overflow on 64-bit machines, which we need to catch.
|
|
var length = Math.pow(2, 16) * 3;
|
|
var args = new Array(length);
|
|
try { f.apply(null, args) } catch(e) {}
|
|
try { g.apply(null, args) } catch(e) {}
|