Revert of [d8] bounds-check before getting Shell::Worker internal field (patchset...

Reason for revert:
[Sheriff] Fails here:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/4737

Original issue's description:
> [d8] bounds-check before getting Shell::Worker internal field
>
> Prevents fatal error in debug builds
>
> BUG=v8:4271
> R=binji@chromium.org
> LOG=N
>
> Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
> Cr-Commit-Position: refs/heads/master@{#29524}

TBR=binji@chromium.org,jochen@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4271

Review URL: https://codereview.chromium.org/1215333012

Cr-Commit-Position: refs/heads/master@{#29525}

diff --git a/src/d8.cc b/src/d8.cc
index 2117825..7db6f3e 100644 (file)
--- a/src/d8.cc
+++ b/src/d8.cc
@@ -717,17 +717,14 @@ void Shell::WorkerPostMessage(const v8::FunctionCallbackInfo<v8::Value>& args) {
   Isolate* isolate = args.GetIsolate();
   HandleScope handle_scope(isolate);
   Local<Context> context = isolate->GetCurrentContext();
-  Local<Value> this_value;
 
   if (args.Length() < 1) {
     Throw(isolate, "Invalid argument");
     return;
   }
 
-  if (args.This()->InternalFieldCount() > 0) {
-    this_value = args.This()->GetInternalField(0);
-  }
-  if (this_value.IsEmpty()) {
+  Local<Value> this_value = args.This()->GetInternalField(0);
+  if (!this_value->IsExternal()) {
     Throw(isolate, "this is not a Worker");
     return;
   }
@@ -773,11 +770,9 @@ void Shell::WorkerPostMessage(const v8::FunctionCallbackInfo<v8::Value>& args) {
 void Shell::WorkerGetMessage(const v8::FunctionCallbackInfo<v8::Value>& args) {
   Isolate* isolate = args.GetIsolate();
   HandleScope handle_scope(isolate);
-  Local<Value> this_value;
-  if (args.This()->InternalFieldCount() > 0) {
-    this_value = args.This()->GetInternalField(0);
-  }
-  if (this_value.IsEmpty()) {
+
+  Local<Value> this_value = args.This()->GetInternalField(0);
+  if (!this_value->IsExternal()) {
     Throw(isolate, "this is not a Worker");
     return;
   }
@@ -800,11 +795,8 @@ void Shell::WorkerGetMessage(const v8::FunctionCallbackInfo<v8::Value>& args) {
 void Shell::WorkerTerminate(const v8::FunctionCallbackInfo<v8::Value>& args) {
   Isolate* isolate = args.GetIsolate();
   HandleScope handle_scope(isolate);
-  Local<Value> this_value;
-  if (args.This()->InternalFieldCount() > 0) {
-    this_value = args.This()->GetInternalField(0);
-  }
-  if (this_value.IsEmpty()) {
+  Local<Value> this_value = args.This()->GetInternalField(0);
+  if (!this_value->IsExternal()) {
     Throw(isolate, "this is not a Worker");
     return;
   }

diff --git a/test/mjsunit/regress/regress-4271.js b/test/mjsunit/regress/regress-4271.js
deleted file mode 100644 (file)
index eff0803..0000000
--- a/test/mjsunit/regress/regress-4271.js
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright 2015 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Throw rather than overflow internal field index
-
-assertThrows(function() {
-  Worker.prototype.terminate();
-});
-
-assertThrows(function() {
-  Worker.prototype.getMessage();
-});
-
-assertThrows(function() {
-  Worker.prototype.postMessage({});
-});
-
-// Don't throw for real worker
-
-var worker = new Worker('');
-worker.getMessage();
-worker.postMessage({});
-worker.terminate();