From: jkummerow@chromium.org Date: Fri, 30 May 2014 17:04:40 +0000 (+0000) Subject: Harden Runtime_FunctionSetPrototype, Isolate::PrintStack X-Git-Tag: upstream/4.7.83~8890 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e82b97ab40cf39431be9d99539329b1efe9a9fc3;p=platform%2Fupstream%2Fv8.git Harden Runtime_FunctionSetPrototype, Isolate::PrintStack BUG=chromium:377209 LOG=n R=dslomov@chromium.org Review URL: https://codereview.chromium.org/306543002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/frames.cc b/src/frames.cc index e89dd56..ef38a1b 100644 --- a/src/frames.cc +++ b/src/frames.cc @@ -1235,6 +1235,10 @@ void JavaScriptFrame::Print(StringStream* accumulator, if (this->context() != NULL && this->context()->IsContext()) { context = Context::cast(this->context()); } + while (context->IsWithContext()) { + context = context->previous(); + ASSERT(context != NULL); + } // Print heap-allocated local variables. if (heap_locals_count > 0) { @@ -1245,8 +1249,9 @@ void JavaScriptFrame::Print(StringStream* accumulator, accumulator->PrintName(scope_info->ContextLocalName(i)); accumulator->Add(" = "); if (context != NULL) { - if (i < context->length()) { - accumulator->Add("%o", context->get(Context::MIN_CONTEXT_SLOTS + i)); + int index = Context::MIN_CONTEXT_SLOTS + i; + if (index < context->length()) { + accumulator->Add("%o", context->get(index)); } else { accumulator->Add( "// warning: missing context slot - inconsistent frame?"); diff --git a/src/hydrogen.cc b/src/hydrogen.cc index 3b77c73..03cdeef 100644 --- a/src/hydrogen.cc +++ b/src/hydrogen.cc @@ -8733,7 +8733,6 @@ void HOptimizedGraphBuilder::GenerateDataViewInitialize( CallRuntime* expr) { ZoneList* arguments = expr->arguments(); - NoObservableSideEffectsScope scope(this); ASSERT(arguments->length()== 4); CHECK_ALIVE(VisitForValue(arguments->at(0))); HValue* obj = Pop(); @@ -8747,8 +8746,11 @@ void HOptimizedGraphBuilder::GenerateDataViewInitialize( CHECK_ALIVE(VisitForValue(arguments->at(3))); HValue* byte_length = Pop(); - BuildArrayBufferViewInitialization( - obj, buffer, byte_offset, byte_length); + { + NoObservableSideEffectsScope scope(this); + BuildArrayBufferViewInitialization( + obj, buffer, byte_offset, byte_length); + } } @@ -8869,7 +8871,6 @@ void HOptimizedGraphBuilder::GenerateTypedArrayInitialize( CallRuntime* expr) { ZoneList* arguments = expr->arguments(); - NoObservableSideEffectsScope scope(this); static const int kObjectArg = 0; static const int kArrayIdArg = 1; static const int kBufferArg = 2; @@ -8924,6 +8925,7 @@ void HOptimizedGraphBuilder::GenerateTypedArrayInitialize( CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg))); HValue* byte_length = Pop(); + NoObservableSideEffectsScope scope(this); IfBuilder byte_offset_smi(this); if (!is_zero_byte_offset) { diff --git a/src/runtime.cc b/src/runtime.cc index 42e5956..c596daa 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -3027,7 +3027,7 @@ RUNTIME_FUNCTION(Runtime_FunctionSetPrototype) { CONVERT_ARG_HANDLE_CHECKED(JSFunction, fun, 0); CONVERT_ARG_HANDLE_CHECKED(Object, value, 1); - ASSERT(fun->should_have_prototype()); + RUNTIME_ASSERT(fun->should_have_prototype()); Accessors::FunctionSetPrototype(fun, value); return args[0]; // return TOS }