From 9c52caa86eb414603c3fec0c09b6a38836a5b0cb Mon Sep 17 00:00:00 2001
From: "adamk@chromium.org"
 <adamk@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 5 May 2014 21:44:36 +0000
Subject: [PATCH] Tighten up Object.observe code to ASSERT that it never deals
 with globals

After r21126, Object.observe no longer allows observing the global proxy
object. This patch replaces codepaths that used to handle that case with
asserts showing that no such observation happens.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/261773006

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21151 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/objects.cc |  7 ++++---
 src/runtime.cc | 14 ++------------
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/src/objects.cc b/src/objects.cc
index 87853f3..a30d6ab 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1976,12 +1976,11 @@ void JSObject::EnqueueChangeRecord(Handle<JSObject> object,
                                    const char* type_str,
                                    Handle<Name> name,
                                    Handle<Object> old_value) {
+  ASSERT(!object->IsJSGlobalProxy());
+  ASSERT(!object->IsJSGlobalObject());
   Isolate* isolate = object->GetIsolate();
   HandleScope scope(isolate);
   Handle<String> type = isolate->factory()->InternalizeUtf8String(type_str);
-  if (object->IsJSGlobalObject()) {
-    object = handle(JSGlobalObject::cast(*object)->global_receiver(), isolate);
-  }
   Handle<Object> args[] = { type, object, name, old_value };
   int argc = name.is_null() ? 2 : old_value->IsTheHole() ? 3 : 4;
 
@@ -5927,6 +5926,8 @@ MaybeHandle<Object> JSObject::Freeze(Handle<JSObject> object) {
 
 
 void JSObject::SetObserved(Handle<JSObject> object) {
+  ASSERT(!object->IsJSGlobalProxy());
+  ASSERT(!object->IsJSGlobalObject());
   Isolate* isolate = object->GetIsolate();
   Handle<Map> new_map;
   Handle<Map> old_map(object->map(), isolate);
diff --git a/src/runtime.cc b/src/runtime.cc
index e07876b..e5df51e 100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -14883,12 +14883,7 @@ RUNTIME_FUNCTION(Runtime_IsObserved) {
 
   if (!args[0]->IsJSReceiver()) return isolate->heap()->false_value();
   CONVERT_ARG_CHECKED(JSReceiver, obj, 0);
-  if (obj->IsJSGlobalProxy()) {
-    Object* proto = obj->GetPrototype();
-    if (proto->IsNull()) return isolate->heap()->false_value();
-    ASSERT(proto->IsJSGlobalObject());
-    obj = JSReceiver::cast(proto);
-  }
+  ASSERT(!obj->IsJSGlobalProxy() || !obj->map()->is_observed());
   return isolate->heap()->ToBoolean(obj->map()->is_observed());
 }
 
@@ -14897,12 +14892,7 @@ RUNTIME_FUNCTION(Runtime_SetIsObserved) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 1);
   CONVERT_ARG_HANDLE_CHECKED(JSReceiver, obj, 0);
-  if (obj->IsJSGlobalProxy()) {
-    Object* proto = obj->GetPrototype();
-    if (proto->IsNull()) return isolate->heap()->undefined_value();
-    ASSERT(proto->IsJSGlobalObject());
-    obj = handle(JSReceiver::cast(proto));
-  }
+  ASSERT(!obj->IsJSGlobalProxy());
   if (obj->IsJSProxy())
     return isolate->heap()->undefined_value();
 
-- 
2.7.4