1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/src/jit-test/tests/basic/bigLoadStoreDisp.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,25 @@
1.4 +// In Nanojit, loads and stores have a maximum displacement of 16-bits. Any
1.5 +// displacements larger than that should be split off into a separate
1.6 +// instruction that adds the displacement to the base pointer. This
1.7 +// program tests if this is done correctly.
1.8 +//
1.9 +// x.y ends up having a dslot offset of 79988, because of the 20000 array
1.10 +// elements before it. If Nanojit incorrectly stores this offset into a
1.11 +// 16-bit value it will truncate to 14452 (because 79988 - 65536 == 14452).
1.12 +// This means that the increments in the second loop will be done to one of
1.13 +// the array elements instead of x.y. And so x.y's final value will be
1.14 +// (99 + 8) instead of 1099.
1.15 +//
1.16 +// Note that setting x.y to 99 and checking its value at the end will
1.17 +// access the correct location because those lines are interpreted. Phew.
1.18 +
1.19 +var x = {}
1.20 +for (var i = 0; i < 20000; i++)
1.21 + x[i] = 0;
1.22 +x.y = 99; // not traced, correctly accessed
1.23 +
1.24 +for (var i = 0; i < 1000; ++i) {
1.25 + x.y++; // traced, will access an array elem if disp was truncated
1.26 +}
1.27 +assertEq(x.y, 1099); // not traced, correctly accessed
1.28 +
