Harden Runtime_FunctionSetPrototype, Isolate::PrintStack

BUG=chromium:377209 LOG=n R=dslomov@chromium.org Review URL: https://codereview.chromium.org/306543002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Harden Runtime_FunctionSetPrototype, Isolate::PrintStack
BUG=chromium:377209 LOG=n R=dslomov@chromium.org Review URL: https://codereview.chromium.org/306543002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21584 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e82b97ab · jkummerow@chromium.org · 5cd009a0 · e82b97ab · e82b97ab · e82b97ab
Commit e82b97ab authored May 30, 2014 by jkummerow@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 7 deletions

frames.cc src/frames.cc +7 -2

hydrogen.cc src/hydrogen.cc +6 -4

runtime.cc src/runtime.cc +1 -1

No files found.
--- a/src/frames.cc
+++ b/src/frames.cc
@@ -1235,6 +1235,10 @@ void JavaScriptFrame::Print(StringStream* accumulator,
  if (this->context() != NULL && this->context()->IsContext()) {
    context = Context::cast(this->context());
  }
+  while (context->IsWithContext()) {
+    context = context->previous();
+    ASSERT(context != NULL);
+  }
  // Print heap-allocated local variables.
  if (heap_locals_count > 0) {
@@ -1245,8 +1249,9 @@ void JavaScriptFrame::Print(StringStream* accumulator,
    accumulator->PrintName(scope_info->ContextLocalName(i));
    accumulator->Add(" = ");
    if (context != NULL) {
-      if (i < context->length()) {
+      int index = Context::MIN_CONTEXT_SLOTS + i;
-        accumulator->Add("%o", context->get(Context::MIN_CONTEXT_SLOTS + i));
+      if (index < context->length()) {
+        accumulator->Add("%o", context->get(index));
      } else {
        accumulator->Add(
            "// warning: missing context slot - inconsistent frame?");

--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -8733,7 +8733,6 @@ void HOptimizedGraphBuilder::GenerateDataViewInitialize(
    CallRuntime* expr) {
  ZoneList<Expression*>* arguments = expr->arguments();
-  NoObservableSideEffectsScope scope(this);
  ASSERT(arguments->length()== 4);
  CHECK_ALIVE(VisitForValue(arguments->at(0)));
  HValue* obj = Pop();
@@ -8747,8 +8746,11 @@ void HOptimizedGraphBuilder::GenerateDataViewInitialize(
  CHECK_ALIVE(VisitForValue(arguments->at(3)));
  HValue* byte_length = Pop();
-  BuildArrayBufferViewInitialization<JSDataView>(
+  {
-      obj, buffer, byte_offset, byte_length);
+    NoObservableSideEffectsScope scope(this);
+    BuildArrayBufferViewInitialization<JSDataView>(
+        obj, buffer, byte_offset, byte_length);
+  }
 }
@@ -8869,7 +8871,6 @@ void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
    CallRuntime* expr) {
  ZoneList<Expression*>* arguments = expr->arguments();
-  NoObservableSideEffectsScope scope(this);
  static const int kObjectArg = 0;
  static const int kArrayIdArg = 1;
  static const int kBufferArg = 2;
@@ -8924,6 +8925,7 @@ void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
  CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
  HValue* byte_length = Pop();
+  NoObservableSideEffectsScope scope(this);
  IfBuilder byte_offset_smi(this);
  if (!is_zero_byte_offset) {

--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -3027,7 +3027,7 @@ RUNTIME_FUNCTION(Runtime_FunctionSetPrototype) {
  CONVERT_ARG_HANDLE_CHECKED(JSFunction, fun, 0);
  CONVERT_ARG_HANDLE_CHECKED(Object, value, 1);
-  ASSERT(fun->should_have_prototype());
+  RUNTIME_ASSERT(fun->should_have_prototype());
  Accessors::FunctionSetPrototype(fun, value);
  return args[0];  // return TOS
 }