Revision: 10684
Author: [email protected]
Date: Mon Feb 13 05:39:31 2012
Log: Fix crash in CALLBACK KeyedIC stub.
[email protected]
Review URL: https://chromiumcodereview.appspot.com/9390005
http://code.google.com/p/v8/source/detail?r=10684
Modified:
/branches/bleeding_edge/src/ic.cc
=======================================
--- /branches/bleeding_edge/src/ic.cc Mon Feb 13 03:37:39 2012
+++ /branches/bleeding_edge/src/ic.cc Mon Feb 13 05:39:31 2012
@@ -1503,6 +1503,14 @@
KeyedAccessGrowMode grow_mode = IsGrowStubKind(stub_kind)
? ALLOW_JSARRAY_GROWTH
: DO_NOT_ALLOW_JSARRAY_GROWTH;
+
+ // Don't handle megamorphic property accesses for INTERCEPTORS or
CALLBACKS
+ // via megamorphic stubs, since they don't have a map in their
relocation info
+ // and so the stubs can't be harvested for the object needed for a map
check.
+ if (target()->type() != NORMAL) {
+ TRACE_GENERIC_IC("KeyedIC", "non-NORMAL target type");
+ return generic_stub;
+ }
bool monomorphic = false;
MapHandleList target_receiver_maps;
@@ -1533,14 +1541,6 @@
receiver, stub_kind, strict_mode, generic_stub);
}
ASSERT(target() != *generic_stub);
-
- // Don't handle megamorphic property accesses for INTERCEPTORS or
CALLBACKS
- // via megamorphic stubs, since they don't have a map in their
relocation info
- // and so the stubs can't be harvested for the object needed for a map
check.
- if (target()->type() != NORMAL) {
- TRACE_GENERIC_IC("KeyedIC", "non-NORMAL target type");
- return generic_stub;
- }
// Determine the list of receiver maps that this call site has seen,
// adding the map that was just encountered.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
