Upgrade V8 to version 4.9.385.28 https://chromium.googlesource.com/v8/v8/+/4.9.385.28 FPIIM-449 Change-Id: I4b2e74289d4bf3667f2f3dc8aa2e541f63e26eb4

commit: 4a90d5fbbb6802c59093b866f3478a814bf02b95 [log] [tgz]
author: Ben Murdoch <benm@google.com> Tue Mar 22 12:00:34 2016 +0000
committer: Dirk Vogt <dirk@fairphone.com> Fri Mar 17 16:05:42 2017 +0100
tree: 486867e3a04e7f17454c94a4c97891bb0e237f1f
parent: 3821a70061b1b2077ee51c70eda717bddac94f58 [diff] [blame]
diff --git a/test/mjsunit/regress/regress-crbug-527364.js b/test/mjsunit/regress/regress-crbug-527364.js
new file mode 100644
index 0000000..914bed0
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-527364.js

@@ -0,0 +1,26 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --stack-size=100 --allow-natives-syntax
+
+function module() {
+  "use asm";
+  var abs = Math.abs;
+  function f() {
+    return +abs();
+  }
+  return { f:f };
+}
+
+function run_close_to_stack_limit(f) {
+  try {
+    run_close_to_stack_limit(f);
+    f();
+  } catch(e) {
+  }
+}
+
+var boom = module().f;
+%OptimizeFunctionOnNextCall(boom)
+run_close_to_stack_limit(boom);
commit	4a90d5fbbb6802c59093b866f3478a814bf02b95	[log] [tgz]
author	Ben Murdoch <benm@google.com>	Tue Mar 22 12:00:34 2016 +0000
committer	Dirk Vogt <dirk@fairphone.com>	Fri Mar 17 16:05:42 2017 +0100
tree	486867e3a04e7f17454c94a4c97891bb0e237f1f
parent	3821a70061b1b2077ee51c70eda717bddac94f58 [diff] [blame]