539017b0b6
The bottlenecks to prevent storing signalling NaNs in backing stores were not perfect. This change makes it harder by ensuring that all the Torque-side "[]=" operator overloads for FixedDoubleArray stores have signalling NaNs silenced. Bug: chromium:944435 Change-Id: I295d9b34f4c896db30989bb9db1a2b452daa03ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538517 Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#60459}
39 lines
546 B
JavaScript
39 lines
546 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --verify-heap --expose-gc
|
|
|
|
function foo( ) {
|
|
return [
|
|
0,
|
|
1,
|
|
2,
|
|
3,
|
|
4,
|
|
5,
|
|
6,
|
|
7,
|
|
8,
|
|
9,
|
|
10,
|
|
0x1000000,
|
|
0x40000000,
|
|
12,
|
|
60,
|
|
100,
|
|
1000 * 60 * 60 * 24].map(Math.asin);
|
|
}
|
|
|
|
let b = [];
|
|
b.constructor = {};
|
|
b.constructor[Symbol.species] = function() {};
|
|
|
|
let a = [];
|
|
for (let i = 0; i < 10; i++) {
|
|
a.push(foo());
|
|
gc();
|
|
gc();
|
|
gc();
|
|
}
|