Do not assume that names of function expressions are context-allocated.

The heap profile generator assumes that for named function expressions, the
name is context allocated.  This is not necessary true.

BUG=v8:2051
TEST=WebKit layout test inspector/profiler/heap-snapshot-inspect-dom-wrapper.html

Review URL: https://chromiumcodereview.appspot.com/9960065

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/objects.h

@@ -3413,8 +3413,8 @@ class ScopeInfo : public FixedArray {
   // otherwise returns a value < 0. The name must be a symbol (canonicalized).
   int ParameterIndex(String* name);
 
-  // Lookup support for serialized scope info. Returns the
-  // function context slot index if the function name is present (named
+  // Lookup support for serialized scope info. Returns the function context
+  // slot index if the function name is present and context-allocated (named
   // function expressions, only), otherwise returns a value < 0. The name
   // must be a symbol (canonicalized).
   int FunctionContextSlotIndex(String* name, VariableMode* mode);

src/profile-generator.cc

@@ -2109,12 +2109,11 @@ void V8HeapExplorer::ExtractClosureReferences(JSObject* js_obj,
     // Add function variable.
     if (scope_info->HasFunctionName()) {
       String* name = scope_info->FunctionName();
-      int idx = Context::MIN_CONTEXT_SLOTS + context_locals;
-#ifdef DEBUG
       VariableMode mode;
-      ASSERT(idx == scope_info->FunctionContextSlotIndex(name, &mode));
-#endif
-      SetClosureReference(js_obj, entry, name, context->get(idx));
+      int idx = scope_info->FunctionContextSlotIndex(name, &mode);
+      if (idx >= 0) {
+        SetClosureReference(js_obj, entry, name, context->get(idx));
+      }
     }
   }
 }