Status: New
Owner: ----
New issue 2535 by [email protected]: v8 dumps core during
HeapProfiler::TakeSnapshot with harmony colelctions enabled and used.
http://code.google.com/p/v8/issues/detail?id=2535
When harmony collections are enabled and used (for eg the Map ) and if the
HeapProfiler::TakeSnapshot is called then v8 dumps core.
This has been reproduced on 3.11 branch as well as the 3.15 branch
The following diffs fix the issue
diff for 3.11
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -1463,6 +1463,10 @@ int JSObject::GetHeaderSize() {
return JSObject::kHeaderSize;
case JS_MESSAGE_OBJECT_TYPE:
return JSMessageObject::kSize;
+ case JS_MAP_TYPE:
+ return JSMap::kSize;
+ case JS_SET_TYPE:
+ return JSSet::kSize;
default:
UNREACHABLE();
return 0;
diff for 3.15
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -1524,6 +1524,10 @@ int JSObject::GetHeaderSize() {
return JSObject::kHeaderSize;
case JS_MESSAGE_OBJECT_TYPE:
return JSMessageObject::kSize;
+ case JS_MAP_TYPE:
+ return JSMap::kSize;
+ case JS_SET_TYPE:
+ return JSSet::kSize;
default:
UNREACHABLE();
return 0;
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
