Home | History | Annotate | Download | only in webkit 
      1 // Copyright 2013 the V8 project authors. All rights reserved.
      2 // Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
      3 //
      4 // Redistribution and use in source and binary forms, with or without
      5 // modification, are permitted provided that the following conditions
      6 // are met:
      7 // 1.  Redistributions of source code must retain the above copyright
      8 //     notice, this list of conditions and the following disclaimer.
      9 // 2.  Redistributions in binary form must reproduce the above copyright
     10 //     notice, this list of conditions and the following disclaimer in the
     11 //     documentation and/or other materials provided with the distribution.
     12 //
     13 // THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY
     14 // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     15 // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
     16 // DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
     17 // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     18 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     19 // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
     20 // ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     21 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
     22 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     23 
     24 description(
     25 "Tests that attempts by the DFG simplification to short-circuit a Phantom to a GetLocal on a variable that is SetLocal'd in the same block, and where the predecessor block(s) make no mention of that variable, do not result in crashes."
     26 );
     27 
     28 function baz() {
     29     // Do something that prevents inlining.
     30     return function() { }
     31 }
     32 
     33 function stuff(z) { }
     34 
     35 function foo(x, y) {
     36     var a = arguments; // Force arguments to be captured, so that x is captured.
     37     baz();
     38     var z = x;
     39     stuff(z); // Force a Flush, and then a Phantom on the GetLocal of x.
     40     return 42;
     41 }
     42 
     43 var o = {
     44     g: function(x) { }
     45 };
     46 
     47 function thingy(o) {
     48     var p = {};
     49     var result;
     50     // Trick to delay control flow graph simplification until after the flush of x above gets turned into a phantom.
     51     if (o.g)
     52         p.f = true;
     53     if (p.f) {
     54         // Basic block that stores to x in foo(), which is a captured variable, with
     55         // the predecessor block making no mention of x.
     56         result = foo("hello", 2);
     57     }
     58     return result;
     59 }
     60 
     61 for (var i = 0; i < 200; ++i)
     62     shouldBe("thingy(o)", "42");
     63