Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/compiler/js-native-context-specialization.cc

Issue 2739303003: [turbofan] Fix ReduceNamedAccess for detached global proxies (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/compiler/js-native-context-specialization.cc
diff --git a/src/compiler/js-native-context-specialization.cc b/src/compiler/js-native-context-specialization.cc
index 0b7b2913b85d502983da331fafb0de8059e96f93..fb8e53b034878cc5ec9d203f2832ad98ae3b9db8 100644
--- a/src/compiler/js-native-context-specialization.cc
+++ b/src/compiler/js-native-context-specialization.cc
@@ -570,9 +570,11 @@ Reduction JSNativeContextSpecialization::ReduceNamedAccess(
if (receiver_maps.length() == 1) {
Handle<Map> receiver_map = receiver_maps.first();
if (receiver_map->IsJSGlobalProxyMap()) {
- Context* receiver_context =
- JSFunction::cast(receiver_map->GetConstructor())->native_context();
- if (receiver_context == *native_context()) {
+ Object* maybe_constructor = receiver_map->GetConstructor();
+ // Detached global proxies have |null| as their constructor.
+ if (maybe_constructor->IsJSFunction() &&
+ JSFunction::cast(maybe_constructor)->native_context() ==
+ *native_context()) {
return ReduceGlobalAccess(node, receiver, value, name, access_mode,
index);
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698