Ensure that we don't mark weak heap references in the constant pool array.

src/heap.cc

Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index b7f9d069d2e85c15ff7d24b6a9ea7b850df20239..997798edbba7388df010c52e307db27f9bc1ce4d 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -5298,6 +5298,17 @@ MaybeObject* Heap::AllocateConstantPoolArray(int number_of_int64_entries,
                                              int number_of_int32_entries) {
   ASSERT(number_of_int64_entries > 0 || number_of_code_ptr_entries > 0 ||
          number_of_heap_ptr_entries > 0 || number_of_int32_entries > 0);
+
+  if (number_of_int64_entries < 0 ||
+      number_of_int64_entries > ConstantPoolArray::kMaxEntriesPerType ||
+      number_of_code_ptr_entries < 0 ||
+      number_of_code_ptr_entries > ConstantPoolArray::kMaxEntriesPerType ||
+      number_of_heap_ptr_entries < 0 ||
+      number_of_heap_ptr_entries > ConstantPoolArray::kMaxEntriesPerType ||
+      number_of_int32_entries < 0 ||
+      number_of_int32_entries > ConstantPoolArray::kMaxEntriesPerType) {
+    v8::internal::Heap::FatalProcessOutOfMemory("invalid array length", true);

[ulan, 2014/04/07 14:14:40]

Let's use ASSERT or CHECK instead of FatalProcessOutOfMemory because it is not
OOM.

[rmcilroy, 2014/04/07 14:23:12]

I was following what AllocateRawFixedArray does with FatalProcessOutOfMemory.  I
can change it to CHECK if you prefer (not ASSERT though since I want this to
happen in release too).

[ulan, 2014/04/07 14:52:01]

I would use CHECK in AllocateRawFixedArray too, but I see how it can be
connected to OOM: allocating a fixed array with kMaxLength elements (128M
elements) would likely cause OOM.

Here exceeding kMaxEntriesPerType (1K) is probably the result of a bug, and is
not related to OOM. So a simple CHECK seems more suitable.

[rmcilroy, 2014/04/07 20:19:17]

Sounds good - done.

+  }
   int size = ConstantPoolArray::SizeFor(number_of_int64_entries,
                                         number_of_code_ptr_entries,
                                         number_of_heap_ptr_entries,
@@ -5316,10 +5327,10 @@ MaybeObject* Heap::AllocateConstantPoolArray(int number_of_int64_entries,
 
   ConstantPoolArray* constant_pool =
       reinterpret_cast<ConstantPoolArray*>(object);
-  constant_pool->SetEntryCounts(number_of_int64_entries,
-                                number_of_code_ptr_entries,
-                                number_of_heap_ptr_entries,
-                                number_of_int32_entries);
+  constant_pool->Init(number_of_int64_entries,
+                      number_of_code_ptr_entries,
+                      number_of_heap_ptr_entries,
+                      number_of_int32_entries);
   if (number_of_code_ptr_entries > 0) {
     int offset =
         constant_pool->OffsetOfElementAt(constant_pool->first_code_ptr_index());
@@ -5348,7 +5359,7 @@ MaybeObject* Heap::AllocateEmptyConstantPoolArray() {
     if (!maybe_result->ToObject(&result)) return maybe_result;
   }
   HeapObject::cast(result)->set_map_no_write_barrier(constant_pool_array_map());
-  ConstantPoolArray::cast(result)->SetEntryCounts(0, 0, 0, 0);
+  ConstantPoolArray::cast(result)->Init(0, 0, 0, 0);
   return result;
 }