0793bb8498
The regexp interpreter holds several unhandlified references to heap objects, and is thus within a DisallowHeapAllocation scope. But there are two situations in which we can and do allocate safely: 1. When creating & throwing a stack overflow exception. The interpreter aborts afterwards, and thus possible-moved objects are never used. 2. When handling interrupts. We manually relocate unhandlified references after interrupts have run. This CL explicitly allows allocations on stack overflows. Isolate::StackOverflow allocates heap objects. Bug: chromium:940722, v8:8724 Change-Id: I74ef6f0dd7a30bd55f49a7bc0f2f6ac82adbeda8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518174 Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#60191}
14 lines
414 B
JavaScript
14 lines
414 B
JavaScript
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --stack-size=100
|
|
|
|
var __v_27278 = "x";
|
|
for (var __v_27279 = 0; __v_27279 != 13; __v_27279++) {
|
|
try { __v_27278 += __v_27278; } catch (e) {}
|
|
}
|
|
|
|
// Can throw or not, but should not crash.
|
|
try { /(xx|x)*/.exec(__v_27278); } catch (e) {}
|