From f40c463526e5bf95a51fec59869a6ae5a768d4e2 Mon Sep 17 00:00:00 2001
From: "whesse@chromium.org"
 <whesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Wed, 18 May 2011 12:20:36 +0000
Subject: [PATCH] Fix bug 1396: Optimized calls to API functions assumed that
 the receiver was a JSObject, failed when compiling stub otherwise.

BUG=v8:1396
Review URL: http://codereview.chromium.org/7045002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7929 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/arm/stub-cache-arm.cc   | 1 +
 src/ia32/stub-cache-ia32.cc | 1 +
 src/mips/stub-cache-mips.cc | 1 +
 src/x64/stub-cache-x64.cc   | 1 +
 4 files changed, 4 insertions(+)

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index eca3e45..fb8e023 100644
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -2262,6 +2262,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
diff --git a/src/ia32/stub-cache-ia32.cc b/src/ia32/stub-cache-ia32.cc
index 3379ff0..dfcb475 100644
--- a/src/ia32/stub-cache-ia32.cc
+++ b/src/ia32/stub-cache-ia32.cc
@@ -2115,6 +2115,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
diff --git a/src/mips/stub-cache-mips.cc b/src/mips/stub-cache-mips.cc
index 45df93a..5ab8e11 100644
--- a/src/mips/stub-cache-mips.cc
+++ b/src/mips/stub-cache-mips.cc
@@ -2255,6 +2255,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap->undefined_value();
   if (cell != NULL) return heap->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap->undefined_value();
diff --git a/src/x64/stub-cache-x64.cc b/src/x64/stub-cache-x64.cc
index a3e664a..f76c3ad 100644
--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc
@@ -1954,6 +1954,7 @@ MaybeObject* CallStubCompiler::CompileFastApiCall(
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return heap()->undefined_value();
   if (cell != NULL) return heap()->undefined_value();
+  if (!object->IsJSObject()) return heap()->undefined_value();
   int depth = optimization.GetPrototypeDepthOfExpectedType(
             JSObject::cast(object), holder);
   if (depth == kInvalidProtoDepth) return heap()->undefined_value();
-- 
2.7.4