test/mjsunit/regress/regress-672041.js - Issue 2562273004: Revert of [heap] Initialize the owner on each page after lospace allocation - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(64)

My Issues | Starred Open | Closed | All

Side by Side Diff: test/mjsunit/regress/regress-672041.js

Issue 2562273004: Revert of [heap] Initialize the owner on each page after lospace allocation (Closed)

Patch Set: Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « src/heap/spaces-inl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 // Copyright 2016 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 // Trigger an infinite loop through RegExp.prototype[@@match], which results

6 // in unbounded growth of the results array.

7

8 // Limit the number of iterations to avoid OOM while still triggering large

9 // object space allocation.

10 const min_ptr_size = 4;

11 const max_regular_heap_object_size = 507136;

12 const num_iterations = max_regular_heap_object_size / min_ptr_size;

13

14 const RegExpPrototypeExec = RegExp.prototype.exec;

15

16 let i = 0;

17

18 RegExp.prototype.__defineGetter__("global", () => true);

19 RegExp.prototype.exec = function(str) {

20 return (i++ < num_iterations) ? RegExpPrototypeExec.call(this, str) : null;

21 };

22

23 "a".match();

OLD	NEW

« no previous file with comments | « src/heap/spaces-inl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698