50d74d6010
This happened because {EphemeronKeyWriteBarrierFromCode} will also be
called if both table and key are in old-space, and key is an evacuation
candidate.
Bug: chromium:948307, v8:8557
Change-Id: Ic1284209584b74cb343163e4beec632a3f1544b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547858
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60568}
16 lines
462 B
JavaScript
16 lines
462 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --expose-gc
|
|
|
|
const set = new WeakSet()
|
|
const obj = {};
|
|
// Two GCs to promote {set} and {obj} to old-space.
|
|
gc();
|
|
gc();
|
|
// Allocate a large array so {obj} will become an evacuation candidate.
|
|
const foo = new Int8Array(0x0F000000);
|
|
// Trigger ephemeron key write barrier.
|
|
set.add(obj);
|