Revision: 5235
Author: [email protected]
Date: Wed Aug 11 02:03:23 2010
Log: Fix issue 822: handling of JSObject::elements in CalculateNetworkSize.
BUG=822
TEST=test-heap-profiler/Issue822
Review URL: http://codereview.chromium.org/3128004
http://code.google.com/p/v8/source/detail?r=5235
Modified:
/branches/bleeding_edge/src/heap-profiler.cc
/branches/bleeding_edge/src/profile-generator.cc
/branches/bleeding_edge/src/profile-generator.h
/branches/bleeding_edge/test/cctest/test-heap-profiler.cc
=======================================
--- /branches/bleeding_edge/src/heap-profiler.cc Thu Jul 15 06:21:50 2010
+++ /branches/bleeding_edge/src/heap-profiler.cc Wed Aug 11 02:03:23 2010
@@ -111,10 +111,10 @@
int size = obj->Size();
// If 'properties' and 'elements' are non-empty (thus, non-shared),
// take their size into account.
- if (FixedArray::cast(obj->properties())->length() != 0) {
+ if (obj->properties() != Heap::empty_fixed_array()) {
size += obj->properties()->Size();
}
- if (FixedArray::cast(obj->elements())->length() != 0) {
+ if (obj->elements() != Heap::empty_fixed_array()) {
size += obj->elements()->Size();
}
// For functions, also account non-empty context and literals sizes.
=======================================
--- /branches/bleeding_edge/src/profile-generator.cc Tue Aug 10 05:06:42
2010
+++ /branches/bleeding_edge/src/profile-generator.cc Wed Aug 11 02:03:23
2010
@@ -1379,10 +1379,10 @@
int size = obj->Size();
// If 'properties' and 'elements' are non-empty (thus, non-shared),
// take their size into account.
- if (FixedArray::cast(obj->properties())->length() != 0) {
+ if (obj->properties() != Heap::empty_fixed_array()) {
size += obj->properties()->Size();
}
- if (FixedArray::cast(obj->elements())->length() != 0) {
+ if (obj->elements() != Heap::empty_fixed_array()) {
size += obj->elements()->Size();
}
// For functions, also account non-empty context and literals sizes.
=======================================
--- /branches/bleeding_edge/src/profile-generator.h Tue Aug 10 05:06:42 2010
+++ /branches/bleeding_edge/src/profile-generator.h Wed Aug 11 02:03:23 2010
@@ -689,6 +689,8 @@
bool entries_sorted_;
List<HeapEntryCalculatedData> calculated_data_;
+ friend class HeapSnapshotTester;
+
DISALLOW_COPY_AND_ASSIGN(HeapSnapshot);
};
=======================================
--- /branches/bleeding_edge/test/cctest/test-heap-profiler.cc Mon Aug 9
04:37:24 2010
+++ /branches/bleeding_edge/test/cctest/test-heap-profiler.cc Wed Aug 11
02:03:23 2010
@@ -832,5 +832,36 @@
CHECK_NE_UINT64_T(0, s1_A_id);
CHECK(s1_A_id != s2_A_id);
}
+
+
+namespace v8 {
+namespace internal {
+
+class HeapSnapshotTester {
+ public:
+ static int CalculateNetworkSize(JSObject* obj) {
+ return HeapSnapshot::CalculateNetworkSize(obj);
+ }
+};
+
+} } // namespace v8::internal
+
+// http://code.google.com/p/v8/issues/detail?id=822
+// Trying to call CalculateNetworkSize on an object with elements set
+// to non-FixedArray may cause an assertion error in debug builds.
+TEST(Issue822) {
+ v8::HandleScope scope;
+ LocalContext context;
+ const int kElementCount = 260;
+ uint8_t* pixel_data = reinterpret_cast<uint8_t*>(malloc(kElementCount));
+ i::Handle<i::PixelArray> pixels =
i::Factory::NewPixelArray(kElementCount,
+ pixel_data);
+ v8::Handle<v8::Object> obj = v8::Object::New();
+ // Set the elements to be the pixels.
+ obj->SetIndexedPropertiesToPixelData(pixel_data, kElementCount);
+ i::Handle<i::JSObject> jsobj = v8::Utils::OpenHandle(*obj);
+ // This call must not cause an assertion error in debug builds.
+ i::HeapSnapshotTester::CalculateNetworkSize(*jsobj);
+}
#endif // ENABLE_LOGGING_AND_PROFILING
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
