From d1cbd1a98cf708589ffaf02a60e0dcf40c33e319 Mon Sep 17 00:00:00 2001
From: "jkummerow@chromium.org"
 <jkummerow@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 10 Dec 2012 12:18:54 +0000
Subject: [PATCH] Flush out potential leaks of Failure objects

Review URL: https://codereview.chromium.org/11475027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13181 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap.h        | 6 +++---
 src/objects-inl.h | 6 +++++-
 src/objects.h     | 4 +++-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/heap.h b/src/heap.h
index 06d479ff0a..72035cadcf 100644
--- a/src/heap.h
+++ b/src/heap.h
@@ -1927,9 +1927,9 @@ class Heap {
 
   void CreateFixedStubs();
 
-  MaybeObject* CreateOddball(const char* to_string,
-                             Object* to_number,
-                             byte kind);
+  MUST_USE_RESULT MaybeObject* CreateOddball(const char* to_string,
+                                             Object* to_number,
+                                             byte kind);
 
   // Allocate a JSArray with no elements
   MUST_USE_RESULT MaybeObject* AllocateJSArray(
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 451a3725a8..077e782905 100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -1064,7 +1064,11 @@ Failure* Failure::Construct(Type type, intptr_t value) {
   uintptr_t info =
       (static_cast<uintptr_t>(value) << kFailureTypeTagSize) | type;
   ASSERT(((info << kFailureTagSize) >> kFailureTagSize) == info);
-  return reinterpret_cast<Failure*>((info << kFailureTagSize) | kFailureTag);
+  // Fill the unused bits with a pattern that's easy to recognize in crash
+  // dumps.
+  static const int kFailureMagicPattern = 0x0BAD0000;
+  return reinterpret_cast<Failure*>(
+      (info << kFailureTagSize) | kFailureTag | kFailureMagicPattern);
 }
 
 
diff --git a/src/objects.h b/src/objects.h
index 2869f2bc0a..701712be32 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -773,7 +773,9 @@ class MaybeObject BASE_EMBEDDED {
     return reinterpret_cast<Failure*>(this);
   }
   inline Object* ToObjectUnchecked() {
-    ASSERT(!IsFailure());
+    // TODO(jkummerow): Turn this back into an ASSERT when we can be certain
+    // that it never fires in Release mode in the wild.
+    CHECK(!IsFailure());
     return reinterpret_cast<Object*>(this);
   }
   inline Object* ToObjectChecked() {