projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6691196)
Fix bug 1396: Optimized calls to API functions assumed that the receiver was a JSObje...
authorwhesse@chromium.org <whesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 18 May 2011 12:20:36 +0000 (12:20 +0000)
committerwhesse@chromium.org <whesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Wed, 18 May 2011 12:20:36 +0000 (12:20 +0000)
BUG=v8:1396
Review URL: http://codereview.chromium.org/7045002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/arm/stub-cache-arm.cc patch | blob | history
src/ia32/stub-cache-ia32.cc patch | blob | history
src/mips/stub-cache-mips.cc patch | blob | history
src/x64/stub-cache-x64.cc patch | blob | history

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index eca3e453c0e42780ef645837a872c928215f0fbf..fb8e023f414f095a2c2d059fe476f042faf62db7 100644 (file)
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -2262,6 +2262,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc
index 3379ff00fdd5b4db01865c5472b7b133a3f78ee7..dfcb475a9511b369f6d3f0b976741be643dab413 100644 (file)
--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc
@@ -2115,6 +2115,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index 45df93a340d79074acfa52e963335b9523e88e47..5ab8e119815dfe9cfe86eb954265343d766ddc8d 100644 (file)
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -2255,6 +2255,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap->undefined_value();
   if (cell != NULL) return heap->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap->undefined_value();
diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc
index a3e664a67e1f68b98a946b480d7097f7ae88d7d4..f76c3ad34b94f90e60f09b070298d092d4904765 100644 (file)
--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc
@@ -1954,6 +1954,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
Domain: Web Framework / Web Engine;