Add another check in profiler's stack iterator to ensure stability.

I made a test run of benchmarks and found another weak point. After
fixing it, benchmarks are able to run for a 100 times in a row
successfully in both builds.

Review URL: http://codereview.chromium.org/53050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/frames-inl.h b/src/frames-inl.h
index 32820a5811f2c5134f5c0afc730ab79cdb990707..07c8e4ede55c7b9f39845f44aa4d50087cecf649 100644 (file)
--- a/src/frames-inl.h
+++ b/src/frames-inl.h
@@ -171,7 +171,13 @@ inline bool JavaScriptFrame::has_adapted_arguments() const {
 
 inline bool JavaScriptFrame::is_at_function() const {
   Object* result = function_slot_object();
+  // Verify that frame points at correct JS function object.
+  // We are verifying that function object address and
+  // the underlying map object address are valid, and that
+  // function is really a function.
   return Heap::Contains(reinterpret_cast<Address>(result)) &&
+      result->IsHeapObject() &&
+      Heap::Contains(HeapObject::cast(result)->map()) &&
       result->IsJSFunction();
 }