1 // Copyright 2008 the V8 project authors. All rights reserved. 2 // Redistribution and use in source and binary forms, with or without 3 // modification, are permitted provided that the following conditions are 4 // met: 5 // 6 // * Redistributions of source code must retain the above copyright 7 // notice, this list of conditions and the following disclaimer. 8 // * Redistributions in binary form must reproduce the above 9 // copyright notice, this list of conditions and the following 10 // disclaimer in the documentation and/or other materials provided 11 // with the distribution. 12 // * Neither the name of Google Inc. nor the names of its 13 // contributors may be used to endorse or promote products derived 14 // from this software without specific prior written permission. 15 // 16 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 18 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 19 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 20 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 21 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 22 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 26 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 28 // Allocate a very large object that is guaranteed to overflow the 29 // instance_size field in the map resulting in an object that is smaller 30 // than what was called for. 31 function LargeObject(i) { 32 this.a = i; 33 this.b = i; 34 this.c = i; 35 this.d = i; 36 this.e = i; 37 this.f = i; 38 this.g = i; 39 this.h = i; 40 this.i = i; 41 this.j = i; 42 this.k = i; 43 this.l = i; 44 this.m = i; 45 this.n = i; 46 this.o = i; 47 this.p = i; 48 this.q = i; 49 this.r = i; 50 this.s = i; 51 this.t = i; 52 this.u = i; 53 this.v = i; 54 this.w = i; 55 this.x = i; 56 this.y = i; 57 this.z = i; 58 this.a1 = i; 59 this.b1 = i; 60 this.c1 = i; 61 this.d1 = i; 62 this.e1 = i; 63 this.f1 = i; 64 this.g1 = i; 65 this.h1 = i; 66 this.i1 = i; 67 this.j1 = i; 68 this.k1 = i; 69 this.l1 = i; 70 this.m1 = i; 71 this.n1 = i; 72 this.o1 = i; 73 this.p1 = i; 74 this.q1 = i; 75 this.r1 = i; 76 this.s1 = i; 77 this.t1 = i; 78 this.u1 = i; 79 this.v1 = i; 80 this.w1 = i; 81 this.x1 = i; 82 this.y1 = i; 83 this.z1 = i; 84 this.a2 = i; 85 this.b2 = i; 86 this.c2 = i; 87 this.d2 = i; 88 this.e2 = i; 89 this.f2 = i; 90 this.g2 = i; 91 this.h2 = i; 92 this.i2 = i; 93 this.j2 = i; 94 this.k2 = i; 95 this.l2 = i; 96 this.m2 = i; 97 this.n2 = i; 98 this.o2 = i; 99 this.p2 = i; 100 this.q2 = i; 101 this.r2 = i; 102 this.s2 = i; 103 this.t2 = i; 104 this.u2 = i; 105 this.v2 = i; 106 this.w2 = i; 107 this.x2 = i; 108 this.y2 = i; 109 this.z2 = i; 110 this.a3 = i; 111 this.b3 = i; 112 this.c3 = i; 113 this.d3 = i; 114 this.e3 = i; 115 this.f3 = i; 116 this.g3 = i; 117 this.h3 = i; 118 this.i3 = i; 119 this.j3 = i; 120 this.k3 = i; 121 this.l3 = i; 122 this.m3 = i; 123 this.n3 = i; 124 this.o3 = i; 125 this.p3 = i; 126 this.q3 = i; 127 this.r3 = i; 128 this.s3 = i; 129 this.t3 = i; 130 this.u3 = i; 131 this.v3 = i; 132 this.w3 = i; 133 this.x3 = i; 134 this.y3 = i; 135 this.z3 = i; 136 this.a4 = i; 137 this.b4 = i; 138 this.c4 = i; 139 this.d4 = i; 140 this.e4 = i; 141 this.f4 = i; 142 this.g4 = i; 143 this.h4 = i; 144 this.i4 = i; 145 this.j4 = i; 146 this.k4 = i; 147 this.l4 = i; 148 this.m4 = i; 149 this.n4 = i; 150 this.o4 = i; 151 this.p4 = i; 152 this.q4 = i; 153 this.r4 = i; 154 this.s4 = i; 155 this.t4 = i; 156 this.u4 = i; 157 this.v4 = i; 158 this.w4 = i; 159 this.x4 = i; 160 this.y4 = i; 161 this.z4 = i; 162 this.a5 = i; 163 this.b5 = i; 164 this.c5 = i; 165 this.d5 = i; 166 this.e5 = i; 167 this.f5 = i; 168 this.g5 = i; 169 this.h5 = i; 170 this.i5 = i; 171 this.j5 = i; 172 this.k5 = i; 173 this.l5 = i; 174 this.m5 = i; 175 this.n5 = i; 176 this.o5 = i; 177 this.p5 = i; 178 this.q5 = i; 179 this.r5 = i; 180 this.s5 = i; 181 this.t5 = i; 182 this.u5 = i; 183 this.v5 = i; 184 this.w5 = i; 185 this.x5 = i; 186 this.y5 = i; 187 this.z5 = i; 188 this.a6 = i; 189 this.b6 = i; 190 this.c6 = i; 191 this.d6 = i; 192 this.e6 = i; 193 this.f6 = i; 194 this.g6 = i; 195 this.h6 = i; 196 this.i6 = i; 197 this.j6 = i; 198 this.k6 = i; 199 this.l6 = i; 200 this.m6 = i; 201 this.n6 = i; 202 this.o6 = i; 203 this.p6 = i; 204 this.q6 = i; 205 this.r6 = i; 206 this.s6 = i; 207 this.t6 = i; 208 this.u6 = i; 209 this.v6 = i; 210 this.w6 = i; 211 this.x6 = i; 212 this.y6 = i; 213 this.z6 = i; 214 this.a7 = i; 215 this.b7 = i; 216 this.c7 = i; 217 this.d7 = i; 218 this.e7 = i; 219 this.f7 = i; 220 this.g7 = i; 221 this.h7 = i; 222 this.i7 = i; 223 this.j7 = i; 224 this.k7 = i; 225 this.l7 = i; 226 this.m7 = i; 227 this.n7 = i; 228 this.o7 = i; 229 this.p7 = i; 230 this.q7 = i; 231 this.r7 = i; 232 this.s7 = i; 233 this.t7 = i; 234 this.u7 = i; 235 this.v7 = i; 236 this.w7 = i; 237 this.x7 = i; 238 this.y7 = i; 239 this.z7 = i; 240 this.a8 = i; 241 this.b8 = i; 242 this.c8 = i; 243 this.d8 = i; 244 this.e8 = i; 245 this.f8 = i; 246 this.g8 = i; 247 this.h8 = i; 248 this.i8 = i; 249 this.j8 = i; 250 this.k8 = i; 251 this.l8 = i; 252 this.m8 = i; 253 this.n8 = i; 254 this.o8 = i; 255 this.p8 = i; 256 this.q8 = i; 257 this.r8 = i; 258 this.s8 = i; 259 this.t8 = i; 260 this.u8 = i; 261 this.v8 = i; 262 this.w8 = i; 263 this.x8 = i; 264 this.y8 = i; 265 this.z8 = i; 266 this.a9 = i; 267 this.b9 = i; 268 this.c9 = i; 269 this.d9 = i; 270 this.e9 = i; 271 this.f9 = i; 272 this.g9 = i; 273 this.h9 = i; 274 this.i9 = i; 275 this.j9 = i; 276 this.k9 = i; 277 this.l9 = i; 278 this.m9 = i; 279 this.n9 = i; 280 this.o9 = i; 281 this.p9 = i; 282 this.q9 = i; 283 // With this number of properties the object perfectly wraps around if the 284 // instance size is not checked when allocating the initial map for MultiProp. 285 // Meaning that the instance will be smaller than a minimal JSObject and we 286 // will suffer a bus error in the release build or an assertion in the debug 287 // build. 288 } 289 290 function ExpectAllFields(o, val) { 291 for (var x in o) { 292 assertEquals(o[x], val); 293 } 294 } 295 296 var a = new LargeObject(1); 297 var b = new LargeObject(2); 298 299 ExpectAllFields(a, 1); 300 ExpectAllFields(b, 2); 301