DBC There is a GC related problem bug see comment in object-visiting.cc.
http://codereview.chromium.org/6932068/diff/9002/src/heap.cc File src/heap.cc (right): http://codereview.chromium.org/6932068/diff/9002/src/heap.cc#newcode3220 src/heap.cc:3220: if (!maybe_map_obj->ToObject(&map_obj)) return maybe_map_obj; I introduced a helpful templated To<T> accessor to avoid boilerplate code: if (!maybe_map_obj->To<Map>(&map)) ... http://codereview.chromium.org/6932068/diff/9002/src/objects-visiting.cc File src/objects-visiting.cc (right): http://codereview.chromium.org/6932068/diff/9002/src/objects-visiting.cc#newcode92 src/objects-visiting.cc:92: return GetVisitorIdForSize(kVisitDataObject, This introduces a subtle GC problem: JS_PROXY is not a data object. Data objects do not contain pointers in their bodies. We should either pretend that JS_PROXY is a struct (kVisitStruct, kVisitStructGeneric) or introduce a separate kVisitJSProxy. I think pretending that JS_PROXY is a struct should be fine especially because proxies are probably not going to need any special handling by visitors. http://codereview.chromium.org/6932068/ -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
