1 // Copyright 2014 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // Flags: --allow-natives-syntax --block-concurrent-recompilation 6 // Flags: --expose-gc 7 8 function Ctor() { 9 this.a = 1; 10 } 11 12 function get_closure() { 13 return function add_field(obj) { 14 obj.c = 3; 15 obj.a = obj.a + obj.c; 16 return obj.a; 17 } 18 } 19 function get_closure2() { 20 return function cc(obj) { 21 obj.c = 3; 22 obj.a = obj.a + obj.c; 23 } 24 } 25 26 function dummy() { 27 (function () { 28 var o = {c: 10}; 29 var f1 = get_closure2(); 30 f1(o); 31 f1(o); 32 %OptimizeFunctionOnNextCall(f1); 33 f1(o); 34 })(); 35 } 36 37 var o = new Ctor(); 38 function opt() { 39 (function () { 40 var f1 = get_closure(); 41 f1(new Ctor()); 42 f1(new Ctor()); 43 %OptimizeFunctionOnNextCall(f1); 44 f1(o); 45 })(); 46 } 47 48 // Optimize add_field and install its code in optimized code cache. 49 opt(); 50 opt(); 51 opt(); 52 53 // Optimize dummy function to remove the add_field from head of optimized 54 // function list in the context. 55 dummy(); 56 dummy(); 57 58 // Kill add_field in new space GC. 59 for(var i = 0; i < 3; i++) gc(true); 60 61 // Trigger deopt. 62 o.c = 2.2; 63 64 // Fetch optimized code of add_field from cache and crash. 65 var f2 = get_closure(); 66 f2(new Ctor()); 67
