1 // Copyright 2014 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // Flags: --allow-natives-syntax 6 7 var dummy = {foo: "true"}; 8 9 var a = {y:0.5}; 10 a.y = 357; 11 var b = a.y; 12 13 var d; 14 function f( ) { 15 d = 357; 16 return {foo: b}; 17 } 18 f(); 19 f(); 20 %OptimizeFunctionOnNextCall(f); 21 var x = f(); 22 23 // With the bug, x is now an invalid object; the code below 24 // triggers a crash. 25 26 function g(obj) { 27 return obj.foo.length; 28 } 29 30 g(dummy); 31 g(dummy); 32 %OptimizeFunctionOnNextCall(g); 33 g(x); 34
