Reviewers: Søren Gjesse,
Description:
Fix issue 822: handling of JSObject::elements in CalculateNetworkSize.
BUG=822
TEST=test-heap-profiler/Issue822
Please review this at http://codereview.chromium.org/3128004/show
Affected files:
M src/heap-profiler.cc
M src/profile-generator.h
M src/profile-generator.cc
M test/cctest/test-heap-profiler.cc
Index: src/heap-profiler.cc
diff --git a/src/heap-profiler.cc b/src/heap-profiler.cc
index
92ded7b3477a67054b1dbb4e2e906329feefdf04..8b7135490be09c609e701ef8634ceac41acb3b4f
100644
--- a/src/heap-profiler.cc
+++ b/src/heap-profiler.cc
@@ -111,10 +111,10 @@ int Clusterizer::CalculateNetworkSize(JSObject* obj) {
int size = obj->Size();
// If 'properties' and 'elements' are non-empty (thus, non-shared),
// take their size into account.
- if (FixedArray::cast(obj->properties())->length() != 0) {
+ if (obj->properties() != Heap::empty_fixed_array()) {
size += obj->properties()->Size();
}
- if (FixedArray::cast(obj->elements())->length() != 0) {
+ if (obj->elements() != Heap::empty_fixed_array()) {
size += obj->elements()->Size();
}
// For functions, also account non-empty context and literals sizes.
Index: src/profile-generator.cc
diff --git a/src/profile-generator.cc b/src/profile-generator.cc
index
1d1aa812bc09e32ab00fe37f4086250ca1dc055d..cd46badf0997772958336fcfdd024f36752944b0
100644
--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -1379,10 +1379,10 @@ int HeapSnapshot::CalculateNetworkSize(JSObject*
obj) {
int size = obj->Size();
// If 'properties' and 'elements' are non-empty (thus, non-shared),
// take their size into account.
- if (FixedArray::cast(obj->properties())->length() != 0) {
+ if (obj->properties() != Heap::empty_fixed_array()) {
size += obj->properties()->Size();
}
- if (FixedArray::cast(obj->elements())->length() != 0) {
+ if (obj->elements() != Heap::empty_fixed_array()) {
size += obj->elements()->Size();
}
// For functions, also account non-empty context and literals sizes.
Index: src/profile-generator.h
diff --git a/src/profile-generator.h b/src/profile-generator.h
index
4936f8f3831160e30fb9c3994ef47d096af4e8ce..bebf40a37641048ecb33f0f5c5c41751991c9984
100644
--- a/src/profile-generator.h
+++ b/src/profile-generator.h
@@ -689,6 +689,8 @@ class HeapSnapshot {
bool entries_sorted_;
List<HeapEntryCalculatedData> calculated_data_;
+ friend class HeapSnapshotTester;
+
DISALLOW_COPY_AND_ASSIGN(HeapSnapshot);
};
Index: test/cctest/test-heap-profiler.cc
diff --git a/test/cctest/test-heap-profiler.cc
b/test/cctest/test-heap-profiler.cc
index
d3bcf478fb441f1203d673204c56a43b8dffe4ef..92ad0a4002a1fbd967a3bf03a4324ec8be8c290d
100644
--- a/test/cctest/test-heap-profiler.cc
+++ b/test/cctest/test-heap-profiler.cc
@@ -833,4 +833,35 @@ TEST(HeapSnapshotsDiff) {
CHECK(s1_A_id != s2_A_id);
}
+
+namespace v8 {
+namespace internal {
+
+class HeapSnapshotTester {
+ public:
+ static int CalculateNetworkSize(JSObject* obj) {
+ return HeapSnapshot::CalculateNetworkSize(obj);
+ }
+};
+
+} } // namespace v8::internal
+
+// http://code.google.com/p/v8/issues/detail?id=822
+// Trying to call CalculateNetworkSize on an object with elements set
+// to non-FixedArray may cause an assertion error in debug builds.
+TEST(Issue822) {
+ v8::HandleScope scope;
+ LocalContext context;
+ const int kElementCount = 260;
+ uint8_t* pixel_data = reinterpret_cast<uint8_t*>(malloc(kElementCount));
+ i::Handle<i::PixelArray> pixels =
i::Factory::NewPixelArray(kElementCount,
+ pixel_data);
+ v8::Handle<v8::Object> obj = v8::Object::New();
+ // Set the elements to be the pixels.
+ obj->SetIndexedPropertiesToPixelData(pixel_data, kElementCount);
+ i::Handle<i::JSObject> jsobj = v8::Utils::OpenHandle(*obj);
+ // This call must not cause an assertion error in debug builds.
+ i::HeapSnapshotTester::CalculateNetworkSize(*jsobj);
+}
+
#endif // ENABLE_LOGGING_AND_PROFILING
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
