More accurate usages of Heap::AdjustLiveBytes().

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/424663004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/factory.cc

@@ -1796,8 +1796,8 @@ void Factory::ReinitializeJSReceiver(Handle<JSReceiver> object,
 
   // Put in filler if the new object is smaller than the old.
   if (size_difference > 0) {
-    Address address = object->address() + map->instance_size();
-    heap->CreateFillerObjectAt(address, size_difference);
+    Address address = object->address();
+    heap->CreateFillerObjectAt(address + map->instance_size(), size_difference);
     heap->AdjustLiveBytes(address, -size_difference, Heap::FROM_MUTATOR);
   }
 

src/objects.cc

@@ -4584,12 +4584,14 @@ void JSObject::MigrateFastToSlow(Handle<JSObject> object,
   int new_instance_size = new_map->instance_size();
   int instance_size_delta = map->instance_size() - new_instance_size;
   ASSERT(instance_size_delta >= 0);
-  Heap* heap = isolate->heap();
-  heap->CreateFillerObjectAt(object->address() + new_instance_size,
-                             instance_size_delta);
-  heap->AdjustLiveBytes(object->address(),
-                        -instance_size_delta,
-                        Heap::FROM_MUTATOR);
+
+  if (instance_size_delta > 0) {
+    Heap* heap = isolate->heap();
+    heap->CreateFillerObjectAt(object->address() + new_instance_size,
+                               instance_size_delta);
+    heap->AdjustLiveBytes(object->address(), -instance_size_delta,
+                          Heap::FROM_MUTATOR);
+  }
 
   // We are storing the new map using release store after creating a filler for
   // the left-over space to avoid races with the sweeper thread.