LayoutTests/js/script-tests/instanceof-operator.js - WebKit - Git at Google

 description(
 "instanceof test"
 );

 getterCalled = false;
 try {
     ({} instanceof { get prototype(){ getterCalled = true; } });
 } catch (e) {
 }
 shouldBeFalse("getterCalled");

 // Regression test for <https://webkit.org/b/129768>.
 // This test should not crash.
 function dummyFunction() {}
 var c = dummyFunction.bind();

 function foo() {
     // To reproduce the issue of <https://webkit.org/b/129768>, we need to do
     // an instanceof test against an object that has the following attributes:
     // ImplementsHasInstance, and OverridesHasInstance.  A bound function fits
     // the bill.
     var result = c instanceof c;

     // This is where the op_check_has_instance bytecode jumps to after the
     // instanceof test. At this location, we need the word at offset 1 to be
     // a ridiculously large value that can't be a valid stack register index.
     // To achieve that, we use an op_loop_hint followed by any other bytecode
     // instruction. The op_loop_hint takes up exactly 1 word, and the word at
     // offset 1 that follows after is the opcode of the next instruction.  In
     // the LLINT, that opcode value will be a pointer to the opcode handler
     // which will be large and exactly what we need.  Hence, we plant a loop
     // here for the op_loop_hint, and have some instruction inside the loop.
     while (true) {
         var dummy2 = 123456789;
         break;
     }
     return result;
 }

 shouldBeFalse("foo()");
	description(
	"instanceof test"
	);

	getterCalled = false;
	try {
	({} instanceof { get prototype(){ getterCalled = true; } });
	} catch (e) {
	}
	shouldBeFalse("getterCalled");

	// Regression test for <https://webkit.org/b/129768>.
	// This test should not crash.
	function dummyFunction() {}
	var c = dummyFunction.bind();

	function foo() {
	// To reproduce the issue of <https://webkit.org/b/129768>, we need to do
	// an instanceof test against an object that has the following attributes:
	// ImplementsHasInstance, and OverridesHasInstance. A bound function fits
	// the bill.
	var result = c instanceof c;

	// This is where the op_check_has_instance bytecode jumps to after the
	// instanceof test. At this location, we need the word at offset 1 to be
	// a ridiculously large value that can't be a valid stack register index.
	// To achieve that, we use an op_loop_hint followed by any other bytecode
	// instruction. The op_loop_hint takes up exactly 1 word, and the word at
	// offset 1 that follows after is the opcode of the next instruction. In
	// the LLINT, that opcode value will be a pointer to the opcode handler
	// which will be large and exactly what we need. Hence, we plant a loop
	// here for the op_loop_hint, and have some instruction inside the loop.
	while (true) {
	var dummy2 = 123456789;
	break;
	}
	return result;
	}

	shouldBeFalse("foo()");