Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / chromium_org / v8 / c47dff5fc3b12ecc3a7a9fc61fbd02868548dde6^! / . / test / cctest / test-heap.cc
commitc47dff5fc3b12ecc3a7a9fc61fbd02868548dde6[log] [tgz]
authormvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>Wed Jan 23 16:28:41 2013 +0000
committermvstanton@chromium.org <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>Wed Jan 23 16:28:41 2013 +0000
tree1dc7bbea50c18d0504fd817469314a3f393b7012
parent6bec0093ef661b53a1e338a233d7aafb9536a307 [diff] [blame]
Merged r13480, r13481 into trunk branch.

Always fail when trying to store to an undeclared global variable, even if it was found.

Fix corner case when JSFunction is evicted from flusher.

BUG=chromium:168801

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/12040042

git-svn-id: http://v8.googlecode.com/svn/trunk@13482 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc
index eb4f072..88ff1d4 100644
--- a/test/cctest/test-heap.cc
+++ b/test/cctest/test-heap.cc

@@ -2778,3 +2778,57 @@
   AlwaysAllocateScope aa_scope;
   v8::Script::Compile(mote_code_string)->Run();
 }
+
+
+TEST(Regress168801) {
+  i::FLAG_always_compact = true;
+  i::FLAG_cache_optimized_code = false;
+  i::FLAG_allow_natives_syntax = true;
+  i::FLAG_flush_code_incrementally = true;
+  InitializeVM();
+  v8::HandleScope scope;
+
+  // Perform one initial GC to enable code flushing.
+  HEAP->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask);
+
+  // Ensure the code ends up on an evacuation candidate.
+  SimulateFullSpace(HEAP->code_space());
+
+  // Prepare an unoptimized function that is eligible for code flushing.
+  Handle<JSFunction> function;
+  {
+    HandleScope inner_scope;
+    CompileRun("function mkClosure() {"
+               "  return function(x) { return x + 1; };"
+               "}"
+               "var f = mkClosure();"
+               "f(1); f(2);");
+
+    Handle<JSFunction> f =
+        v8::Utils::OpenHandle(
+            *v8::Handle<v8::Function>::Cast(
+                v8::Context::GetCurrent()->Global()->Get(v8_str("f"))));
+    CHECK(f->is_compiled());
+    const int kAgingThreshold = 6;
+    for (int i = 0; i < kAgingThreshold; i++) {
+      f->shared()->code()->MakeOlder(static_cast<MarkingParity>(i % 2));
+    }
+
+    function = inner_scope.CloseAndEscape(handle(*f, ISOLATE));
+  }
+
+  // Simulate incremental marking so that unoptimized function is enqueued as a
+  // candidate for code flushing. The shared function info however will not be
+  // explicitly enqueued.
+  SimulateIncrementalMarking();
+
+  // Now optimize the function so that it is taken off the candidate list.
+  {
+    HandleScope inner_scope;
+    CompileRun("%OptimizeFunctionOnNextCall(f); f(3);");
+  }
+
+  // This cycle will bust the heap and subsequent cycles will go ballistic.
+  HEAP->CollectAllGarbage(Heap::kNoGCFlags);
+  HEAP->CollectAllGarbage(Heap::kNoGCFlags);
+}