js/src/jit-test/tests/basic/bigLoadStoreDisp.js@6474c204b198
js/src/jit-test/tests/basic/bigLoadStoreDisp.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 // In Nanojit, loads and stores have a maximum displacement of 16-bits. Any
2 // displacements larger than that should be split off into a separate
3 // instruction that adds the displacement to the base pointer. This
4 // program tests if this is done correctly.
5 //
6 // x.y ends up having a dslot offset of 79988, because of the 20000 array
7 // elements before it. If Nanojit incorrectly stores this offset into a
8 // 16-bit value it will truncate to 14452 (because 79988 - 65536 == 14452).
9 // This means that the increments in the second loop will be done to one of
10 // the array elements instead of x.y. And so x.y's final value will be
11 // (99 + 8) instead of 1099.
12 //
13 // Note that setting x.y to 99 and checking its value at the end will
14 // access the correct location because those lines are interpreted. Phew.
16 var x = {}
17 for (var i = 0; i < 20000; i++)
18 x[i] = 0;
19 x.y = 99; // not traced, correctly accessed
21 for (var i = 0; i < 1000; ++i) {
22 x.y++; // traced, will access an array elem if disp was truncated
23 }
24 assertEq(x.y, 1099); // not traced, correctly accessed
