Fix null-dereference in r23716.

src/type-info.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/ast.h"
 #include "src/code-stubs.h"
 #include "src/compiler.h"
 #include "src/ic/stub-cache.h"
@@ skipping 177 matching lines @@
   Handle<Map> map;
   Map* raw_map = code->FindFirstMap();
   if (raw_map != NULL) {
     if (Map::TryUpdate(handle(raw_map)).ToHandle(&map) &&
         CanRetainOtherContext(*map, *native_context_)) {
       map = Handle<Map>::null();
     }
   }
 
   if (code->is_compare_ic_stub()) {
-    CompareIC::StubInfoToType(code->stub_key(), left_type, right_type,
-                              combined_type, map, zone());
+    CompareICStub stub(code->stub_key(), isolate());
+    *left_type = CompareIC::StateToType(zone(), stub.left());
+    *right_type = CompareIC::StateToType(zone(), stub.right());
+    *combined_type = CompareIC::StateToType(zone(), stub.state(), map);
   } else if (code->is_compare_nil_ic_stub()) {
     CompareNilICStub stub(isolate(), code->extra_ic_state());
     *combined_type = stub.GetType(zone(), map);
     *left_type = *right_type = stub.GetInputType(zone(), map);
   }
 }
 
 
 void TypeFeedbackOracle::BinaryType(TypeFeedbackId id,
                                     Type** left,
@@ skipping 249 matching lines @@
          UnseededNumberDictionary::kNotFound);
   // Dictionary has been allocated with sufficient size for all elements.
   DisallowHeapAllocation no_need_to_resize_dictionary;
   HandleScope scope(isolate());
   USE(UnseededNumberDictionary::AtNumberPut(
       dictionary_, IdToKey(ast_id), handle(target, isolate())));
 }
 
 
 } }  // namespace v8::internal