Fix issue 822: handling of JSObject::elements in CalculateNetworkSize.

BUG=822 TEST=test-heap-profiler/Issue822 Review URL: http://codereview.chromium.org/3128004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix issue 822: handling of JSObject::elements in CalculateNetworkSize.
BUG=822 TEST=test-heap-profiler/Issue822 Review URL: http://codereview.chromium.org/3128004 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5235 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
0765b6ea · mikhail.naganov@gmail.com · a6c69bf6 · 0765b6ea · 0765b6ea · 0765b6ea
Commit 0765b6ea authored Aug 11, 2010 by mikhail.naganov@gmail.com
Showing with 37 additions and 4 deletions

heap-profiler.cc src/heap-profiler.cc +2 -2

profile-generator.cc src/profile-generator.cc +2 -2

profile-generator.h src/profile-generator.h +2 -0

test-heap-profiler.cc test/cctest/test-heap-profiler.cc +31 -0

No files found.
--- a/src/heap-profiler.cc
+++ b/src/heap-profiler.cc
@@ -111,10 +111,10 @@ int Clusterizer::CalculateNetworkSize(JSObject* obj) {
  int size = obj->Size();
  // If 'properties' and 'elements' are non-empty (thus, non-shared),
  // take their size into account.
-  if (FixedArray::cast(obj->properties())->length() != 0) {
+  if (obj->properties() != Heap::empty_fixed_array()) {
    size += obj->properties()->Size();
  }
-  if (FixedArray::cast(obj->elements())->length() != 0) {
+  if (obj->elements() != Heap::empty_fixed_array()) {
    size += obj->elements()->Size();
  }
  // For functions, also account non-empty context and literals sizes.

--- a/src/profile-generator.cc
+++ b/src/profile-generator.cc
@@ -1379,10 +1379,10 @@ int HeapSnapshot::CalculateNetworkSize(JSObject* obj) {
  int size = obj->Size();
  // If 'properties' and 'elements' are non-empty (thus, non-shared),
  // take their size into account.
-  if (FixedArray::cast(obj->properties())->length() != 0) {
+  if (obj->properties() != Heap::empty_fixed_array()) {
    size += obj->properties()->Size();
  }
-  if (FixedArray::cast(obj->elements())->length() != 0) {
+  if (obj->elements() != Heap::empty_fixed_array()) {
    size += obj->elements()->Size();
  }
  // For functions, also account non-empty context and literals sizes.

--- a/src/profile-generator.h
+++ b/src/profile-generator.h
@@ -689,6 +689,8 @@ class HeapSnapshot {
  bool entries_sorted_;
  List<HeapEntryCalculatedData> calculated_data_;

+  friend class HeapSnapshotTester;
+
  DISALLOW_COPY_AND_ASSIGN(HeapSnapshot);
 };


--- a/test/cctest/test-heap-profiler.cc
+++ b/test/cctest/test-heap-profiler.cc
@@ -833,4 +833,35 @@ TEST(HeapSnapshotsDiff) {
  CHECK(s1_A_id != s2_A_id);
 }

+
+namespace v8 {
+namespace internal {
+
+class HeapSnapshotTester {
+ public:
+  static int CalculateNetworkSize(JSObject* obj) {
+    return HeapSnapshot::CalculateNetworkSize(obj);
+  }
+};
+
+} }  // namespace v8::internal
+
+// http://code.google.com/p/v8/issues/detail?id=822
+// Trying to call CalculateNetworkSize on an object with elements set
+// to non-FixedArray may cause an assertion error in debug builds.
+TEST(Issue822) {
+  v8::HandleScope scope;
+  LocalContext context;
+  const int kElementCount = 260;
+  uint8_t* pixel_data = reinterpret_cast<uint8_t*>(malloc(kElementCount));
+  i::Handle<i::PixelArray> pixels = i::Factory::NewPixelArray(kElementCount,
+                                                              pixel_data);
+  v8::Handle<v8::Object> obj = v8::Object::New();
+  // Set the elements to be the pixels.
+  obj->SetIndexedPropertiesToPixelData(pixel_data, kElementCount);
+  i::Handle<i::JSObject> jsobj = v8::Utils::OpenHandle(*obj);
+  // This call must not cause an assertion error in debug builds.
+  i::HeapSnapshotTester::CalculateNetworkSize(*jsobj);
+}
+
 #endif  // ENABLE_LOGGING_AND_PROFILING