bigLoadStoreDisp.js (1096B)
1 // In Nanojit, loads and stores have a maximum displacement of 16-bits. Any 2 // displacements larger than that should be split off into a separate 3 // instruction that adds the displacement to the base pointer. This 4 // program tests if this is done correctly. 5 // 6 // x.y ends up having a dslot offset of 79988, because of the 20000 array 7 // elements before it. If Nanojit incorrectly stores this offset into a 8 // 16-bit value it will truncate to 14452 (because 79988 - 65536 == 14452). 9 // This means that the increments in the second loop will be done to one of 10 // the array elements instead of x.y. And so x.y's final value will be 11 // (99 + 8) instead of 1099. 12 // 13 // Note that setting x.y to 99 and checking its value at the end will 14 // access the correct location because those lines are interpreted. Phew. 15 16 var x = {} 17 for (var i = 0; i < 20000; i++) 18 x[i] = 0; 19 x.y = 99; // not traced, correctly accessed 20 21 for (var i = 0; i < 1000; ++i) { 22 x.y++; // traced, will access an array elem if disp was truncated 23 } 24 assertEq(x.y, 1099); // not traced, correctly accessed