[heap] API objects with elements aren't unmodified

Bug: v8:6284 Change-Id: I3a52819f4e67a143a0b3b63358fc4dd0df384553 Reviewed-on: https://chromium-review.googlesource.com/483482 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#44766}

[heap] API objects with elements aren't unmodified
Bug: v8:6284 Change-Id: I3a52819f4e67a143a0b3b63358fc4dd0df384553 Reviewed-on: https://chromium-review.googlesource.com/483482 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#44766}
870d3f66 · Toon Verwaest · Commit Bot · 0dfb0e21 · 870d3f66
Commit 870d3f66 authored Apr 20, 2017 by Toon Verwaest Committed by Commit Bot Apr 21, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

heap.cc src/heap/heap.cc +1 -0

No files found.
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -2969,6 +2969,7 @@ bool Heap::IsUnmodifiedHeapObject(Object** p) {
  Object* maybe_constructor = js_object->map()->GetConstructor();
  if (!maybe_constructor->IsJSFunction()) return false;
  JSFunction* constructor = JSFunction::cast(maybe_constructor);
+  if (js_object->elements()->length() != 0) return false;

  return constructor->initial_map() == heap_object->map();
 }