src/objects-inl.h - Issue 1481493003: Fix JSFunction's in-object properties initialization. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(679)

My Issues | Starred Open | Closed | All

Unified Diff: src/objects-inl.h

Issue 1481493003: Fix JSFunction's in-object properties initialization. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Addressing comments Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « src/objects.h ('k') | test/mjsunit/mjsunit.status » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: src/objects-inl.h

diff --git a/src/objects-inl.h b/src/objects-inl.h

index 937cddfe3129d5df4b9eb0ae1deb4730b3c89449..597a00cd6c084b6e0c7ddc066a1fef7796671108 100644

--- a/src/objects-inl.h

+++ b/src/objects-inl.h

@@ -2288,7 +2288,7 @@ Object* JSObject::InObjectPropertyAtPut(int index,

}

-void JSObject::InitializeBody(Map* map,

+void JSObject::InitializeBody(Map* map, int start_offset,

Object* pre_allocated_value,

Object* filler_value) {

DCHECK(!filler_value->IsHeapObject() ||

@@ -2296,7 +2296,7 @@ void JSObject::InitializeBody(Map* map,

DCHECK(!pre_allocated_value->IsHeapObject() ||

!GetHeap()->InNewSpace(pre_allocated_value));

int size = map->instance_size();

- int offset = kHeaderSize;

+ int offset = start_offset;

if (filler_value != pre_allocated_value) {

int end_of_pre_allocated_offset =

size - (map->unused_property_fields() * kPointerSize);

« no previous file with comments | « src/objects.h ('k') | test/mjsunit/mjsunit.status » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698