Initialize pre-allocated fields of JSObject with undefined.

src/heap.cc

Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index 8c9ebe3ec48e82faac4f51b2c509532c0676d41b..8eecd1e7d6e56f36ed1df1e99002be2270308ae3 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -3343,6 +3343,9 @@ void Heap::InitializeJSObjectFromMap(JSObject* obj,
   // We cannot always fill with one_pointer_filler_map because objects
   // created from API functions expect their internal fields to be initialized
   // with undefined_value.
+  // Pre-allocated fields need to be initialized with undefined_value as well
+  // so that object accesses before the constructor completes (e.g. in the
+  // debugger) will not cause a crash.
   if (map->constructor()->IsJSFunction() &&
       JSFunction::cast(map->constructor())->shared()->
           IsInobjectSlackTrackingInProgress()) {
@@ -3352,7 +3355,7 @@ void Heap::InitializeJSObjectFromMap(JSObject* obj,
   } else {
     filler = Heap::undefined_value();
   }
-  obj->InitializeBody(map->instance_size(), filler);
+  obj->InitializeBody(map, Heap::undefined_value(), filler);
 }