Skip stack trace formatting in case the global object is already dead.

src/runtime.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 4137 matching lines @@
                                          obj_value,
                                          attr);
 }
 
 
 // Return property without being observable by accessors or interceptors.
 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetDataProperty) {
   ASSERT(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
   CONVERT_ARG_HANDLE_CHECKED(String, key, 1);
+  // In rare cases the global object backing the global proxy may already be
+  // invalid.  In that case, return undefined.
+  if (object->IsJSGlobalProxy() &&
+      !object->GetPrototype()->IsJSGlobalObject()) {
+    return isolate->heap()->undefined_value();
+  }
   LookupResult lookup(isolate);
   object->LookupRealNamedProperty(*key, &lookup);
   if (!lookup.IsFound()) return isolate->heap()->undefined_value();
   switch (lookup.type()) {
     case NORMAL:
       return lookup.holder()->GetNormalizedProperty(&lookup);
     case FIELD:
       return lookup.holder()->FastPropertyAt(
           lookup.GetFieldIndex().field_index());
     case CONSTANT_FUNCTION:
@@ skipping 469 matching lines @@
   ASSERT(args.length() == 2);
 
   CONVERT_ARG_CHECKED(JSObject, object, 0);
   CONVERT_ARG_CHECKED(String, key, 1);
 
   PropertyAttributes att = object->GetLocalPropertyAttribute(key);
   return isolate->heap()->ToBoolean(att != ABSENT && (att & DONT_ENUM) == 0);
 }
 
 
-RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPropertyNames) {
+RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPropertyNamesNoSideEffect) {
   HandleScope scope(isolate);
   ASSERT(args.length() == 1);
   CONVERT_ARG_HANDLE_CHECKED(JSReceiver, object, 0);
+  // In rare cases the global object backing the global proxy may already be
+  // invalid.  In that case, return an empty array.
+  if (object->IsJSGlobalProxy() &&
+      !object->GetPrototype()->IsJSGlobalObject()) {
+    return *isolate->factory()->NewJSArray(0);
+  }
   bool threw = false;
-  Handle<JSArray> result = GetKeysFor(object, &threw);
+  Handle<FixedArray> elements =
+      GetKeysInFixedArrayFor<false>(object, INCLUDE_PROTOS, &threw);
   if (threw) return Failure::Exception();
-  return *result;
+  return *isolate->factory()->NewJSArrayWithElements(elements);
 }
 
 
 // Returns either a FixedArray as Runtime_GetPropertyNames,
 // or, if the given object has an enum cache that contains
 // all enumerable properties of the object and its prototypes
 // have none, the map of the object. This is used to speed up
 // the check for deletions during a for-in.
 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPropertyNamesFast) {
   ASSERT(args.length() == 1);
 
   CONVERT_ARG_CHECKED(JSReceiver, raw_object, 0);
 
   if (raw_object->IsSimpleEnum()) return raw_object->map();
 
   HandleScope scope(isolate);
   Handle<JSReceiver> object(raw_object);
   bool threw = false;
   Handle<FixedArray> content =
-      GetKeysInFixedArrayFor(object, INCLUDE_PROTOS, &threw);
+      GetKeysInFixedArrayFor<true>(object, INCLUDE_PROTOS, &threw);
   if (threw) return Failure::Exception();
 
   // Test again, since cache may have been built by preceding call.
   if (object->IsSimpleEnum()) return object->map();
 
   return *content;
 }
 
 
 // Find the length of the prototype chain that is to to handled as one. If a
@@ skipping 179 matching lines @@
     }
 
     Handle<Object> proto(object->GetPrototype());
     // If proxy is detached we simply return an empty array.
     if (proto->IsNull()) return *isolate->factory()->NewJSArray(0);
     object = Handle<JSObject>::cast(proto);
   }
 
   bool threw = false;
   Handle<FixedArray> contents =
-      GetKeysInFixedArrayFor(object, LOCAL_ONLY, &threw);
+      GetKeysInFixedArrayFor<true>(object, LOCAL_ONLY, &threw);
   if (threw) return Failure::Exception();
 
   // Some fast paths through GetKeysInFixedArrayFor reuse a cached
   // property array and since the result is mutable we have to create
   // a fresh clone on each invocation.
   int length = contents->length();
   Handle<FixedArray> copy = isolate->factory()->NewFixedArray(length);
   for (int i = 0; i < length; i++) {
     Object* entry = contents->get(i);
     if (entry->IsString()) {
@@ skipping 5129 matching lines @@
 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetArrayKeys) {
   ASSERT(args.length() == 2);
   HandleScope scope(isolate);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, array, 0);
   CONVERT_NUMBER_CHECKED(uint32_t, length, Uint32, args[1]);
   if (array->elements()->IsDictionary()) {
     // Create an array and get all the keys into it, then remove all the
     // keys that are not integers in the range 0 to length-1.
     bool threw = false;
     Handle<FixedArray> keys =
-        GetKeysInFixedArrayFor(array, INCLUDE_PROTOS, &threw);
+        GetKeysInFixedArrayFor<true>(array, INCLUDE_PROTOS, &threw);
     if (threw) return Failure::Exception();
 
     int keys_length = keys->length();
     for (int i = 0; i < keys_length; i++) {
       Object* key = keys->get(i);
       uint32_t index = 0;
       if (!key->ToArrayIndex(&index) || index >= length) {
         // Zap invalid keys.
         keys->set_undefined(i);
       }
@@ skipping 794 matching lines @@
     }
 
     // Finally copy any properties from the function context extension.
     // These will be variables introduced by eval.
     if (function_context->closure() == *function) {
       if (function_context->has_extension() &&
           !function_context->IsNativeContext()) {
         Handle<JSObject> ext(JSObject::cast(function_context->extension()));
         bool threw = false;
         Handle<FixedArray> keys =
-            GetKeysInFixedArrayFor(ext, INCLUDE_PROTOS, &threw);
+            GetKeysInFixedArrayFor<true>(ext, INCLUDE_PROTOS, &threw);
         if (threw) return Handle<JSObject>();
 
         for (int i = 0; i < keys->length(); i++) {
           // Names of variables introduced by eval are strings.
           ASSERT(keys->get(i)->IsString());
           Handle<String> key(String::cast(keys->get(i)));
           RETURN_IF_EMPTY_HANDLE_VALUE(
               isolate,
               SetProperty(isolate,
                           local_scope,
@@ skipping 130 matching lines @@
           isolate, scope_info, context, closure_scope)) {
     return Handle<JSObject>();
   }
 
   // Finally copy any properties from the function context extension. This will
   // be variables introduced by eval.
   if (context->has_extension()) {
     Handle<JSObject> ext(JSObject::cast(context->extension()));
     bool threw = false;
     Handle<FixedArray> keys =
-        GetKeysInFixedArrayFor(ext, INCLUDE_PROTOS, &threw);
+        GetKeysInFixedArrayFor<true>(ext, INCLUDE_PROTOS, &threw);
     if (threw) return Handle<JSObject>();
 
     for (int i = 0; i < keys->length(); i++) {
       // Names of variables introduced by eval are strings.
       ASSERT(keys->get(i)->IsString());
       Handle<String> key(String::cast(keys->get(i)));
        RETURN_IF_EMPTY_HANDLE_VALUE(
           isolate,
           SetProperty(isolate,
                       closure_scope,
@@ skipping 2070 matching lines @@
   CONVERT_ARG_HANDLE_CHECKED(JSFunction, fun, 0);
   HandleScope scope(isolate);
   Handle<String> key = isolate->factory()->hidden_stack_trace_symbol();
   JSObject::SetHiddenProperty(fun, key, key);
   return *fun;
 }
 
 
 // Retrieve the stack trace.  This could be the raw stack trace collected
 // on stack overflow or the already formatted stack trace string.
-RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowedStackTrace) {
+RUNTIME_FUNCTION(MaybeObject*, Runtime_GetOverflowStackTrace) {
   HandleScope scope(isolate);
   ASSERT_EQ(args.length(), 1);
   CONVERT_ARG_CHECKED(JSObject, error_object, 0);
-  String* key = isolate->heap()->hidden_stack_trace_symbol();
+  String* key = isolate->heap()->overflow_stack_trace_symbol();
   Object* result = error_object->GetHiddenProperty(key);
   RUNTIME_ASSERT(result->IsJSArray() ||
                  result->IsString() ||
+                 result->IsJSObject() ||
                  result->IsUndefined());
   return result;
 }
 
 
 // Set or clear the stack trace attached to an stack overflow error object.
-RUNTIME_FUNCTION(MaybeObject*, Runtime_SetOverflowedStackTrace) {
+RUNTIME_FUNCTION(MaybeObject*, Runtime_SetOverflowStackTrace) {
   HandleScope scope(isolate);
   ASSERT_EQ(args.length(), 2);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, error_object, 0);
   CONVERT_ARG_HANDLE_CHECKED(HeapObject, value, 1);
-  Handle<String> key = isolate->factory()->hidden_stack_trace_symbol();
+  Handle<String> key = isolate->factory()->overflow_stack_trace_symbol();
   if (value->IsUndefined()) {
     error_object->DeleteHiddenProperty(*key);
   } else {
-    RUNTIME_ASSERT(value->IsString());
+    RUNTIME_ASSERT(value->IsString() || value->IsJSObject());
     JSObject::SetHiddenProperty(error_object, key, value);
   }
   return *error_object;
 }
 
 
 // Returns V8 version as a string.
 RUNTIME_FUNCTION(MaybeObject*, Runtime_GetV8Version) {
   ASSERT_EQ(args.length(), 0);
 
@@ skipping 404 matching lines @@
     // Handle last resort GC and make sure to allow future allocations
     // to grow the heap without causing GCs (if possible).
     isolate->counters()->gc_last_resort_from_js()->Increment();
     isolate->heap()->CollectAllGarbage(Heap::kNoGCFlags,
                                        "Runtime::PerformGC");
   }
 }
 
 
 } }  // namespace v8::internal