• jarin's avatar
    Test for wrong arguments object materialization. · 0f94c96c
    jarin authored
    The test demonstrates a bad interaction between arguments object
    materialization, escape analysis and exception handling.
    
    We can return a wrong arguments object if we materialize arguments
    object (using f.arguments) and then throw around f's frame so that f
    does not clean up the materialized frame information (see the
    MaterializedObjectStore in deoptimizer.h/.cc). If we enter another
    function that has the same frame pointer and request an arguments object
    of (or lazily deoptimize) that function, we can get the materialized
    object of the original function.
    
    We should clean up the materialized object store when we unwind the
    stack.
    
    BUG=v8:3985
    LOG=n
    
    Review URL: https://codereview.chromium.org/1032623003
    
    Cr-Commit-Position: refs/heads/master@{#27406}
    0f94c96c
regress-3985.js 747 Bytes