[heap] API objects with elements aren't unmodified

Bug: v8:6284 Change-Id: I3a52819f4e67a143a0b3b63358fc4dd0df384553 Reviewed-on: https://chromium-review.googlesource.com/483482 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#44766}
2017-04-20 17:36:04 +02:00 · 2017-04-20 17:36:04 +02:00 · 870d3f6627
commit 870d3f6627
parent 0dfb0e21fe
1 changed files with 1 additions and 0 deletions
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@ -2969,6 +2969,7 @@ bool Heap::IsUnmodifiedHeapObject(Object** p) {
  Object* maybe_constructor = js_object->map()->GetConstructor();
  if (!maybe_constructor->IsJSFunction()) return false;
  JSFunction* constructor = JSFunction::cast(maybe_constructor);
+  if (js_object->elements()->length() != 0) return false;

  return constructor->initial_map() == heap_object->map();
 }