ClearTypeFeedbackInfo(): context may not be initialized.

SharedFunctionInfo::ClearTypeFeedbackInfo() wants to compare feedback to the array JSFunction, but it's called at times when the context isn't fully initialized. Be cautious about this check. R=ulan@chromium.org Review URL: https://codereview.chromium.org/298983002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ClearTypeFeedbackInfo(): context may not be initialized.
SharedFunctionInfo::ClearTypeFeedbackInfo() wants to compare feedback to the array JSFunction, but it's called at times when the context isn't fully initialized. Be cautious about this check. R=ulan@chromium.org Review URL: https://codereview.chromium.org/298983002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21434 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
5392e94e · mvstanton@chromium.org · 87513237 · 5392e94e
Commit 5392e94e authored May 22, 2014 by mvstanton@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 3 deletions

objects.cc src/objects.cc +12 -3

No files found.
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -11245,10 +11245,19 @@ void Code::ClearInlineCaches(Code::Kind* kind) {
 void SharedFunctionInfo::ClearTypeFeedbackInfo() {
  FixedArray* vector = feedback_vector();
  Heap* heap = GetHeap();
+  JSFunction* array_function = NULL;
+
+  // Clearing type feedback can be called when the contexts are still being
+  // set up so caution is required.
  Context* context = GetIsolate()->context();
-  JSFunction* array_function = context != NULL
-      ? context->native_context()->array_function()
-      : NULL;
+  if (context != NULL) {
+    Context* native_context = context->native_context();
+    Object* candidate = native_context->get(Context::ARRAY_FUNCTION_INDEX);
+    if (candidate->IsJSFunction()) {
+      array_function = JSFunction::cast(candidate);
+    }
+  }
+
  int length = vector->length();

  for (int i = 0; i < length; i++) {