Reviewers: Mads Ager, Description: Push r2334 to trunk.
Please review this at http://codereview.chromium.org/150222 SVN Base: http://v8.googlecode.com/svn/trunk/ Affected files: M src/ic.cc M src/version.cc M test/mjsunit/call-non-function.js Index: test/mjsunit/call-non-function.js =================================================================== --- test/mjsunit/call-non-function.js (revision 2334) +++ test/mjsunit/call-non-function.js (working copy) @@ -51,4 +51,13 @@ TryCall("hest"); - +// Make sure that calling a non-function global doesn't crash the +// system while building the IC for it. +var NonFunction = 42; +function WillThrow() { + NonFunction(); +} +assertThrows(WillThrow); +assertThrows(WillThrow); +assertThrows(WillThrow); +assertThrows(WillThrow); Index: src/ic.cc =================================================================== --- src/ic.cc (revision 2334) +++ src/ic.cc (working copy) @@ -460,11 +460,10 @@ if (lookup->holder() != *global) return; JSGlobalPropertyCell* cell = JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup)); - if (cell->value()->IsJSFunction()) { - JSFunction* function = JSFunction::cast(cell->value()); - code = StubCache::ComputeCallGlobal(argc, in_loop, *name, *global, - cell, function); - } + if (!cell->value()->IsJSFunction()) return; + JSFunction* function = JSFunction::cast(cell->value()); + code = StubCache::ComputeCallGlobal(argc, in_loop, *name, *global, + cell, function); } else { // There is only one shared stub for calling normalized // properties. It does not traverse the prototype chain, so the @@ -489,7 +488,7 @@ // If we're unable to compute the stub (not enough memory left), we // simply avoid updating the caches. - if (code->IsFailure()) return; + if (code == NULL || code->IsFailure()) return; // Patch the call site depending on the state of the cache. if (state == UNINITIALIZED || @@ -700,7 +699,7 @@ // If we're unable to compute the stub (not enough memory left), we // simply avoid updating the caches. - if (code->IsFailure()) return; + if (code == NULL || code->IsFailure()) return; // Patch the call site depending on the state of the cache. if (state == UNINITIALIZED || state == PREMONOMORPHIC || @@ -890,7 +889,7 @@ // If we're unable to compute the stub (not enough memory left), we // simply avoid updating the caches. - if (code->IsFailure()) return; + if (code == NULL || code->IsFailure()) return; // Patch the call site depending on the state of the cache. Make // sure to always rewrite from monomorphic to megamorphic. @@ -1042,7 +1041,7 @@ // If we're unable to compute the stub (not enough memory left), we // simply avoid updating the caches. - if (code->IsFailure()) return; + if (code == NULL || code->IsFailure()) return; // Patch the call site depending on the state of the cache. if (state == UNINITIALIZED || state == MONOMORPHIC_PROTOTYPE_FAILURE) { @@ -1164,7 +1163,7 @@ // If we're unable to compute the stub (not enough memory left), we // simply avoid updating the caches. - if (code->IsFailure()) return; + if (code == NULL || code->IsFailure()) return; // Patch the call site depending on the state of the cache. Make // sure to always rewrite from monomorphic to megamorphic. Index: src/version.cc =================================================================== --- src/version.cc (revision 2334) +++ src/version.cc (working copy) @@ -35,7 +35,7 @@ #define MAJOR_VERSION 1 #define MINOR_VERSION 2 #define BUILD_NUMBER 11 -#define PATCH_LEVEL 0 +#define PATCH_LEVEL 1 #define CANDIDATE_VERSION false // Define SONAME to have the SCons build the put a specific SONAME into the --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
