Google Git
Sign in
webkit / WebKit / 9e9f82894faa7708e8af1f05e9d485cbe8db52f4 / . / LayoutTests / js / script-tests / instanceof-operator.js
blob: cdd6477f2aad5bb24ef23d26609eab43fadd8c73 [file] [log] [blame]
bfulgham@webkit.orgc09b5632009-07-15 20:08:50 +0000[diff] [blame]1description(
barraclough@apple.com8da6d972010-11-16 21:11:26 +0000[diff] [blame]2"instanceof test"
bfulgham@webkit.orgc09b5632009-07-15 20:08:50 +0000[diff] [blame]3);
4
barraclough@apple.com8da6d972010-11-16 21:11:26 +0000[diff] [blame]5getterCalled = false;
6try {
7 ({} instanceof { get prototype(){ getterCalled = true; } });
8} catch (e) {
9}
10shouldBeFalse("getterCalled");
mark.lam@apple.com13bc5662014-03-06 03:17:28 +0000[diff] [blame]11
12// Regression test for <https://webkit.org/b/129768>.
13// This test should not crash.
14function dummyFunction() {}
15var c = dummyFunction.bind();
16
17function foo() {
18 // To reproduce the issue of <https://webkit.org/b/129768>, we need to do
19 // an instanceof test against an object that has the following attributes:
20 // ImplementsHasInstance, and OverridesHasInstance. A bound function fits
21 // the bill.
22 var result = c instanceof c;
23
24 // This is where the op_check_has_instance bytecode jumps to after the
25 // instanceof test. At this location, we need the word at offset 1 to be
26 // a ridiculously large value that can't be a valid stack register index.
27 // To achieve that, we use an op_loop_hint followed by any other bytecode
28 // instruction. The op_loop_hint takes up exactly 1 word, and the word at
29 // offset 1 that follows after is the opcode of the next instruction. In
30 // the LLINT, that opcode value will be a pointer to the opcode handler
31 // which will be large and exactly what we need. Hence, we plant a loop
32 // here for the op_loop_hint, and have some instruction inside the loop.
33 while (true) {
34 var dummy2 = 123456789;
35 break;
36 }
37 return result;
38}
39
40shouldBeFalse("foo()");
41