diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-12-08 10:22:59 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-12-08 12:17:14 +0000 |
| commit | 69b8f9169ffd66fdeca1ac60a4bc06b91d106186 (patch) | |
| tree | c8b7f735583d0b4e0c0b61a014a7f4b3b26e85ab /chromium/v8/src/compiler/js-create-lowering.cc | |
| parent | daa093eea7c773db06799a13bd7e4e2e2a9f8f14 (diff) | |
| download | qtwebengine-chromium-69b8f9169ffd66fdeca1ac60a4bc06b91d106186.tar.gz | |
BASELINE: Update Chromium to 63.0.3239.87
Change-Id: Iac27464730121b4fac76869d87d622504642e016
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Diffstat (limited to 'chromium/v8/src/compiler/js-create-lowering.cc')
| -rw-r--r-- | chromium/v8/src/compiler/js-create-lowering.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/chromium/v8/src/compiler/js-create-lowering.cc b/chromium/v8/src/compiler/js-create-lowering.cc index d740f7681cb..bd4f1069abb 100644 --- a/chromium/v8/src/compiler/js-create-lowering.cc +++ b/chromium/v8/src/compiler/js-create-lowering.cc @@ -255,13 +255,14 @@ Reduction JSCreateLowering::ReduceJSCreate(Node* node) { Node* const control = NodeProperties::GetControlInput(node); // Extract constructor and original constructor function. if (target_type->IsHeapConstant() && new_target_type->IsHeapConstant() && + target_type->AsHeapConstant()->Value()->IsJSFunction() && new_target_type->AsHeapConstant()->Value()->IsJSFunction()) { Handle<JSFunction> constructor = Handle<JSFunction>::cast(target_type->AsHeapConstant()->Value()); + if (!constructor->IsConstructor()) return NoChange(); Handle<JSFunction> original_constructor = Handle<JSFunction>::cast(new_target_type->AsHeapConstant()->Value()); - DCHECK(constructor->IsConstructor()); - DCHECK(original_constructor->IsConstructor()); + if (!original_constructor->IsConstructor()) return NoChange(); // Check if we can inline the allocation. if (IsAllocationInlineable(constructor, original_constructor)) { |