From b988c6ae9ee11de63d4c8b8822a15266ded76d4c Mon Sep 17 00:00:00 2001
From: "ishell@chromium.org" <ishell@chromium.org>
Date: Mon, 18 Jul 2022 15:19:22 +0200
Subject: [PATCH] [heap-stats] Fix accounting of JSCollection tables

... which might be undefined during initialization.

Bug: v8:13054
Change-Id: Ia3a7a95ffb1133b5d3d299c36bfb3875bcee2dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769830
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81783}
---
 src/heap/object-stats.cc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/heap/object-stats.cc b/src/heap/object-stats.cc
index a2db9346f5..4a1b07e77d 100644
--- a/src/heap/object-stats.cc
+++ b/src/heap/object-stats.cc
@@ -633,10 +633,13 @@ void ObjectStatsCollectorImpl::RecordVirtualJSObjectDetails(JSObject object) {
 
   // JSCollections.
   if (object.IsJSCollection()) {
-    // TODO(bmeurer): Properly compute over-allocation here.
-    RecordSimpleVirtualObjectStats(
-        object, FixedArray::cast(JSCollection::cast(object).table()),
-        ObjectStats::JS_COLLECTION_TABLE_TYPE);
+    Object maybe_table = JSCollection::cast(object).table();
+    if (!maybe_table.IsUndefined(isolate())) {
+      DCHECK(maybe_table.IsFixedArray(isolate()));
+      // TODO(bmeurer): Properly compute over-allocation here.
+      RecordSimpleVirtualObjectStats(object, HeapObject::cast(maybe_table),
+                                     ObjectStats::JS_COLLECTION_TABLE_TYPE);
+    }
   }
 }