Fix crash when calling non-function globals.

Review URL: http://codereview.chromium.org/151199 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix crash when calling non-function globals.
Review URL: http://codereview.chromium.org/151199 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
22231d47 · kasperl@chromium.org · f0053e89 · 22231d47 · 22231d47
Commit 22231d47 authored Jul 02, 2009 by kasperl@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 11 deletions

ic.cc src/ic.cc +9 -10

call-non-function.js test/mjsunit/call-non-function.js +10 -1

No files found.
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -460,11 +460,10 @@ void CallIC::UpdateCaches(LookupResult* lookup,
          if (lookup->holder() != *global) return;
          JSGlobalPropertyCell* cell =
              JSGlobalPropertyCell::cast(global->GetPropertyCell(lookup));
-          if (cell->value()->IsJSFunction()) {
-            JSFunction* function = JSFunction::cast(cell->value());
-            code = StubCache::ComputeCallGlobal(argc, in_loop, *name, *global,
-                                                cell, function);
-          }
+          if (!cell->value()->IsJSFunction()) return;
+          JSFunction* function = JSFunction::cast(cell->value());
+          code = StubCache::ComputeCallGlobal(argc, in_loop, *name, *global,
+                                              cell, function);
        } else {
          // There is only one shared stub for calling normalized
          // properties. It does not traverse the prototype chain, so the
@@ -489,7 +488,7 @@ void CallIC::UpdateCaches(LookupResult* lookup,

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
-  if (code->IsFailure()) return;
+  if (code == NULL || code->IsFailure()) return;

  // Patch the call site depending on the state of the cache.
  if (state == UNINITIALIZED ||
@@ -700,7 +699,7 @@ void LoadIC::UpdateCaches(LookupResult* lookup,

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
-  if (code->IsFailure()) return;
+  if (code == NULL || code->IsFailure()) return;

  // Patch the call site depending on the state of the cache.
  if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
@@ -890,7 +889,7 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup, State state,

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
-  if (code->IsFailure()) return;
+  if (code == NULL || code->IsFailure()) return;

  // Patch the call site depending on the state of the cache.  Make
  // sure to always rewrite from monomorphic to megamorphic.
@@ -1042,7 +1041,7 @@ void StoreIC::UpdateCaches(LookupResult* lookup,

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
-  if (code->IsFailure()) return;
+  if (code == NULL || code->IsFailure()) return;

  // Patch the call site depending on the state of the cache.
  if (state == UNINITIALIZED || state == MONOMORPHIC_PROTOTYPE_FAILURE) {
@@ -1164,7 +1163,7 @@ void KeyedStoreIC::UpdateCaches(LookupResult* lookup,

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
-  if (code->IsFailure()) return;
+  if (code == NULL || code->IsFailure()) return;

  // Patch the call site depending on the state of the cache.  Make
  // sure to always rewrite from monomorphic to megamorphic.

--- a/test/mjsunit/call-non-function.js
+++ b/test/mjsunit/call-non-function.js
@@ -51,4 +51,13 @@ TryCall(1234);
 TryCall("hest");


-
+// Make sure that calling a non-function global doesn't crash the
+// system while building the IC for it.
+var NonFunction = 42;
+function WillThrow() {
+  NonFunction();
+}
+assertThrows(WillThrow);
+assertThrows(WillThrow);
+assertThrows(WillThrow);
+assertThrows(WillThrow);