Reviewers: Dmitry Lomov (chromium),
Description:
Harden Runtime_FunctionSetPrototype, Isolate::PrintStack
BUG=chromium:377209
LOG=n
Please review this at https://codereview.chromium.org/306543002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+14, -7 lines):
M src/frames.cc
M src/hydrogen.cc
M src/runtime.cc
Index: src/frames.cc
diff --git a/src/frames.cc b/src/frames.cc
index
e89dd5639a3a3081292b7072b072dde5378fe90e..ef38a1b47005005cc058cb2b61506976325f3ab9
100644
--- a/src/frames.cc
+++ b/src/frames.cc
@@ -1235,6 +1235,10 @@ void JavaScriptFrame::Print(StringStream*
accumulator,
if (this->context() != NULL && this->context()->IsContext()) {
context = Context::cast(this->context());
}
+ while (context->IsWithContext()) {
+ context = context->previous();
+ ASSERT(context != NULL);
+ }
// Print heap-allocated local variables.
if (heap_locals_count > 0) {
@@ -1245,8 +1249,9 @@ void JavaScriptFrame::Print(StringStream* accumulator,
accumulator->PrintName(scope_info->ContextLocalName(i));
accumulator->Add(" = ");
if (context != NULL) {
- if (i < context->length()) {
- accumulator->Add("%o", context->get(Context::MIN_CONTEXT_SLOTS +
i));
+ int index = Context::MIN_CONTEXT_SLOTS + i;
+ if (index < context->length()) {
+ accumulator->Add("%o", context->get(index));
} else {
accumulator->Add(
"// warning: missing context slot - inconsistent frame?");
Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index
ccb34f9844f3c2a32a9f6b321b9f8426e1d97f07..e285fc9f5e254c9157efdbf33a97f829f9296cd8
100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -8740,7 +8740,6 @@ void
HOptimizedGraphBuilder::GenerateDataViewInitialize(
CallRuntime* expr) {
ZoneList<Expression*>* arguments = expr->arguments();
- NoObservableSideEffectsScope scope(this);
ASSERT(arguments->length()== 4);
CHECK_ALIVE(VisitForValue(arguments->at(0)));
HValue* obj = Pop();
@@ -8754,8 +8753,11 @@ void
HOptimizedGraphBuilder::GenerateDataViewInitialize(
CHECK_ALIVE(VisitForValue(arguments->at(3)));
HValue* byte_length = Pop();
- BuildArrayBufferViewInitialization<JSDataView>(
- obj, buffer, byte_offset, byte_length);
+ {
+ NoObservableSideEffectsScope scope(this);
+ BuildArrayBufferViewInitialization<JSDataView>(
+ obj, buffer, byte_offset, byte_length);
+ }
}
@@ -8876,7 +8878,6 @@ void
HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
CallRuntime* expr) {
ZoneList<Expression*>* arguments = expr->arguments();
- NoObservableSideEffectsScope scope(this);
static const int kObjectArg = 0;
static const int kArrayIdArg = 1;
static const int kBufferArg = 2;
@@ -8931,6 +8932,7 @@ void
HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
HValue* byte_length = Pop();
+ NoObservableSideEffectsScope scope(this);
IfBuilder byte_offset_smi(this);
if (!is_zero_byte_offset) {
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
1aaa3cd92a70b10d8521ffde464cec500aecd393..b8fe2b99dd0a7841eba268e63c1f2c0faae777ce
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -3028,7 +3028,7 @@ RUNTIME_FUNCTION(Runtime_FunctionSetPrototype) {
CONVERT_ARG_HANDLE_CHECKED(JSFunction, fun, 0);
CONVERT_ARG_HANDLE_CHECKED(Object, value, 1);
- ASSERT(fun->should_have_prototype());
+ RUNTIME_ASSERT(fun->should_have_prototype());
Accessors::FunctionSetPrototype(fun, value);
return args[0]; // return TOS
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
