mirror of
https://github.com/tc39/test262.git
synced 2025-10-31 03:34:08 +01:00
7298a38552
sourceRevisionAtLastExport: 33f2fb0e53d135f0ee17cfccd9d993eb2a6f47de targetRevisionAtLastExport: 31340cbd9add103f586d501b0c3354b7b182abc0
37 lines
1.3 KiB
JavaScript
37 lines
1.3 KiB
JavaScript
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// New space must be at max capacity to trigger pretenuring decision.
|
|
// Flags: --allow-natives-syntax --verify-heap --max-semi-space-size=1
|
|
// Flags: --expose-gc --no-always-opt
|
|
|
|
var global = []; // Used to keep some objects alive.
|
|
|
|
function Ctor() {
|
|
var result = {a: {}, b: {}, c: {}, d: {}, e: {}, f: {}, g: {}};
|
|
return result;
|
|
}
|
|
|
|
gc();
|
|
|
|
for (var i = 0; i < 120; i++) {
|
|
// Make the "a" property long-lived, while everything else is short-lived.
|
|
global.push(Ctor().a);
|
|
(function FillNewSpace() { new Array(10000); })();
|
|
}
|
|
|
|
// The bad situation is only triggered if Ctor wasn't optimized too early.
|
|
assertUnoptimized(Ctor);
|
|
// Optimized code for Ctor will pretenure the "a" property, so it will have
|
|
// three allocations:
|
|
// #1 Allocate the "result" object in new-space.
|
|
// #2 Allocate the object stored in the "a" property in old-space.
|
|
// #3 Allocate the objects for the "b" through "g" properties in new-space.
|
|
%OptimizeFunctionOnNextCall(Ctor);
|
|
for (var i = 0; i < 10000; i++) {
|
|
// At least one of these calls will run out of new space. The bug is
|
|
// triggered when it is allocation #3 that triggers GC.
|
|
Ctor();
|
|
}
|