| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| 11 // with the distribution. | 11 // with the distribution. |
| 12 // * Neither the name of Google Inc. nor the names of its | 12 // * Neither the name of Google Inc. nor the names of its |
| 13 // contributors may be used to endorse or promote products derived | 13 // contributors may be used to endorse or promote products derived |
| 14 // from this software without specific prior written permission. | 14 // from this software without specific prior written permission. |
| 15 // | 15 // |
| 16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | 16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 17 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | 17 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 18 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | 18 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 19 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | 19 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 20 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 20 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 21 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | 21 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 22 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 23 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 24 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 25 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 26 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | 27 |
| 28 // Flags: --allow-natives-syntax | 28 // Flags: --allow-natives-syntax --smi-only-arrays --track-allocation-sites |
| 29 | 29 |
| 30 // Test inlining at call sites with mismatched arity. | |
| 31 | 30 |
| 32 function f(a) { | 31 function fastliteralcase(literal, value) { |
| 33 return a.x; | 32 literal[0] = value; |
| 33 return literal; |
| 34 } | 34 } |
| 35 | 35 |
| 36 function g(a, b) { | 36 function get_standard_literal() { |
| 37 return a.x; | 37 var literal = [1, 2, 3]; |
| 38 return literal; |
| 38 } | 39 } |
| 39 | 40 |
| 40 function h1(a, b) { | 41 // Case: [1,2,3] as allocation site |
| 41 return f(a, a) * g(b); | 42 obj = fastliteralcase(get_standard_literal(), 1); |
| 42 } | 43 obj = fastliteralcase(get_standard_literal(), 1.5); |
| 44 obj = fastliteralcase(get_standard_literal(), 2); |
| 43 | 45 |
| 44 function h2(a, b) { | 46 obj = fastliteralcase([5, 3, 2], 1.5); |
| 45 return f(a, a) * g(b); | 47 // The assert indicates that a transition stub made the array FAST_DOUBLE. The |
| 46 } | 48 // bug was in the transition stub. To really reproduce with a access violation |
| 49 // the array needs to be allocated at the very end of new space, where top == |
| 50 // limit. The bug was that then we tried to dereference limit. |
| 51 assertEquals(true, %HasFastDoubleElements(obj)); |
| 47 | 52 |
| 48 | 53 |
| 49 var o = {x: 2}; | |
| 50 | |
| 51 assertEquals(4, h1(o, o)); | |
| 52 assertEquals(4, h1(o, o)); | |
| 53 assertEquals(4, h2(o, o)); | |
| 54 assertEquals(4, h2(o, o)); | |
| 55 %OptimizeFunctionOnNextCall(h1); | |
| 56 %OptimizeFunctionOnNextCall(h2); | |
| 57 assertEquals(4, h1(o, o)); | |
| 58 assertEquals(4, h2(o, o)); | |
| 59 | |
| 60 var u = {y:0, x:1}; | |
| 61 assertEquals(2, h1(u, o)); | |
| 62 assertEquals(2, h2(o, u)); | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11931037:
Out of bounds memory access in TestJSArrayForAllocationSiteInfo. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge