Revision: 21434
Author: [email protected]
Date: Thu May 22 11:32:30 2014 UTC
Log: ClearTypeFeedbackInfo(): context may not be initialized.
SharedFunctionInfo::ClearTypeFeedbackInfo() wants to compare feedback
to the array JSFunction, but it's called at times when the context
isn't fully initialized. Be cautious about this check.
[email protected]
Review URL: https://codereview.chromium.org/298983002
http://code.google.com/p/v8/source/detail?r=21434
Modified:
/branches/bleeding_edge/src/objects.cc
=======================================
--- /branches/bleeding_edge/src/objects.cc Thu May 22 09:36:20 2014 UTC
+++ /branches/bleeding_edge/src/objects.cc Thu May 22 11:32:30 2014 UTC
@@ -11245,10 +11245,19 @@
void SharedFunctionInfo::ClearTypeFeedbackInfo() {
FixedArray* vector = feedback_vector();
Heap* heap = GetHeap();
+ JSFunction* array_function = NULL;
+
+ // Clearing type feedback can be called when the contexts are still being
+ // set up so caution is required.
Context* context = GetIsolate()->context();
- JSFunction* array_function = context != NULL
- ? context->native_context()->array_function()
- : NULL;
+ if (context != NULL) {
+ Context* native_context = context->native_context();
+ Object* candidate = native_context->get(Context::ARRAY_FUNCTION_INDEX);
+ if (candidate->IsJSFunction()) {
+ array_function = JSFunction::cast(candidate);
+ }
+ }
+
int length = vector->length();
for (int i = 0; i < length; i++) {
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
