Always mark entire prototype descriptor arrays.

src/heap/objects-visiting-inl.h

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef V8_OBJECTS_VISITING_INL_H_
 #define V8_OBJECTS_VISITING_INL_H_
 
 #include "src/heap/objects-visiting.h"
 
 namespace v8 {
@@ skipping 524 matching lines @@
 
 
 template <typename StaticVisitor>
 void StaticMarkingVisitor<StaticVisitor>::MarkMapContents(Heap* heap,
                                                           Map* map) {
   Object* raw_transitions = map->raw_transitions();
   if (TransitionArray::IsFullTransitionArray(raw_transitions)) {
     MarkTransitionArray(heap, TransitionArray::cast(raw_transitions));
   }
 
-  // Since descriptor arrays are potentially shared, ensure that only the
-  // descriptors that belong to this map are marked. The first time a
-  // non-empty descriptor array is marked, its header is also visited. The slot
-  // holding the descriptor array will be implicitly recorded when the pointer
-  // fields of this map are visited.
   DescriptorArray* descriptors = map->instance_descriptors();
-  if (StaticVisitor::MarkObjectWithoutPush(heap, descriptors) &&
-      descriptors->length() > 0) {
-    StaticVisitor::VisitPointers(heap, descriptors->GetFirstElementAddress(),
-                                 descriptors->GetDescriptorEndSlot(0));
-  }
-  int start = 0;
-  int end = map->NumberOfOwnDescriptors();
-  if (start < end) {
-    StaticVisitor::VisitPointers(heap,
-                                 descriptors->GetDescriptorStartSlot(start),
-                                 descriptors->GetDescriptorEndSlot(end));
+  if (map->is_prototype_map()) {
+    // Prototype maps don't keep track of transitions, so just mark the entire
+    // descriptor array.
+    StaticVisitor::MarkObject(heap, descriptors);

[ulan, 2015/07/06 09:47:04]

No need to mark the array explicitly here: line 573 will take care of it and
also record the slot correctly.

+  } else {
+    // Since descriptor arrays are potentially shared, ensure that only the
+    // descriptors that belong to this map are marked. The first time a
+    // non-empty descriptor array is marked, its header is also visited. The
+    // slot holding the descriptor array will be implicitly recorded when the
+    // pointer fields of this map are visited.
+    if (StaticVisitor::MarkObjectWithoutPush(heap, descriptors) &&
+        descriptors->length() > 0) {
+      StaticVisitor::VisitPointers(heap, descriptors->GetFirstElementAddress(),
+                                   descriptors->GetDescriptorEndSlot(0));
+    }
+    int start = 0;
+    int end = map->NumberOfOwnDescriptors();
+    if (start < end) {
+      StaticVisitor::VisitPointers(heap,
+                                   descriptors->GetDescriptorStartSlot(start),
+                                   descriptors->GetDescriptorEndSlot(end));
+    }
   }
 
   // Mark the pointer fields of the Map. Since the transitions array has
   // been marked already, it is fine that one of these fields contains a
   // pointer to it.
   StaticVisitor::VisitPointers(
       heap, HeapObject::RawField(map, Map::kPointerFieldsBeginOffset),
       HeapObject::RawField(map, Map::kPointerFieldsEndOffset));
 }
 
@@ skipping 264 matching lines @@
 
   RelocIterator it(this, mode_mask);
   for (; !it.done(); it.next()) {
     it.rinfo()->template Visit<StaticVisitor>(heap);
   }
 }
 }
 }  // namespace v8::internal
 
 #endif  // V8_OBJECTS_VISITING_INL_H_