ClearTypeFeedbackInfo() assumed we have a context in the isolate.

Better, is to compare against the context for the JSFunction we are
currently looking at.

TBR=ulan@chromium.org

Review URL: https://codereview.chromium.org/294903013

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21440 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/objects.cc b/src/objects.cc
index c301670..b4db670 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -11245,19 +11245,6 @@ void Code::ClearInlineCaches(Code::Kind* kind) {
 void SharedFunctionInfo::ClearTypeFeedbackInfo() {
   FixedArray* vector = feedback_vector();
   Heap* heap = GetHeap();
-  JSFunction* array_function = NULL;
-
-  // Clearing type feedback can be called when the contexts are still being
-  // set up so caution is required.
-  Context* context = GetIsolate()->context();
-  if (context != NULL) {
-    Context* native_context = context->native_context();
-    Object* candidate = native_context->get(Context::ARRAY_FUNCTION_INDEX);
-    if (candidate->IsJSFunction()) {
-      array_function = JSFunction::cast(candidate);
-    }
-  }
-
   int length = vector->length();
 
   for (int i = 0; i < length; i++) {
@@ -11272,8 +11259,12 @@ void SharedFunctionInfo::ClearTypeFeedbackInfo() {
           break;
         case JS_FUNCTION_TYPE:
           // No need to clear the native context array function.
-          if (obj == array_function) break;
+          if (obj == JSFunction::cast(obj)->context()->native_context()->
+              get(Context::ARRAY_FUNCTION_INDEX)) {
+            break;
+          }
           // Fall through...
+
         default:
           vector->set(i, TypeFeedbackInfo::RawUninitializedSentinel(heap),
                       SKIP_WRITE_BARRIER);