AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Off-by-one error in zapping objects after right trimming.

Browse Source 
Review URL: https://chromiumcodereview.appspot.com/11013012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
verwaest@chromium.org 2012-10-01 09:48:07 +00:00
parent 22d3864a0a
commit 15ebb22b6f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/objects.cc
View File

@ -2176,11 +2176,13 @@ enum RightTrimMode { FROM_GC, FROM_MUTATOR };
static void ZapEndOfFixedArray(Address new_end, int to_trim) { static void ZapEndOfFixedArray(Address new_end, int to_trim) {
// If we are doing a big trim in old space then we zap the space. // If we are doing a big trim in old space then we zap the space.
Object** zap = reinterpret_cast<Object**>(new_end); Object** zap = reinterpret_cast<Object**>(new_end);
zap++; // Header of filler must be at least one word so skip that.
for (int i = 1; i < to_trim; i++) { for (int i = 1; i < to_trim; i++) {
*zap++ = Smi::FromInt(0); *zap++ = Smi::FromInt(0);
} }
} }
template<RightTrimMode trim_mode> template<RightTrimMode trim_mode>
static void RightTrimFixedArray(Heap* heap, FixedArray* elms, int to_trim) { static void RightTrimFixedArray(Heap* heap, FixedArray* elms, int to_trim) {
ASSERT(elms->map() != HEAP->fixed_cow_array_map()); ASSERT(elms->map() != HEAP->fixed_cow_array_map());