From 3ee916c8103c382a791f1188d0cc21cbd665e42b Mon Sep 17 00:00:00 2001
From: "hpayer@chromium.org" <hpayer@chromium.org>
Date: Wed, 5 Nov 2014 07:30:07 +0000
Subject: [PATCH] Truncate strings synchronized.

BUG=
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/702743002

Cr-Commit-Position: refs/heads/master@{#25127}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25127 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/objects-inl.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/objects-inl.h b/src/objects-inl.h
index 6d0f8d4..b7cb68d 100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -4331,8 +4331,10 @@ int HeapObject::SizeFromMap(Map* map) {
   }
   if (instance_type == ONE_BYTE_STRING_TYPE ||
       instance_type == ONE_BYTE_INTERNALIZED_STRING_TYPE) {
+    // Strings may get concurrently truncated, hence we have to access its
+    // length synchronized.
     return SeqOneByteString::SizeFor(
-        reinterpret_cast<SeqOneByteString*>(this)->length());
+        reinterpret_cast<SeqOneByteString*>(this)->synchronized_length());
   }
   if (instance_type == BYTE_ARRAY_TYPE) {
     return reinterpret_cast<ByteArray*>(this)->ByteArraySize();
@@ -4342,8 +4344,10 @@ int HeapObject::SizeFromMap(Map* map) {
   }
   if (instance_type == STRING_TYPE ||
       instance_type == INTERNALIZED_STRING_TYPE) {
+    // Strings may get concurrently truncated, hence we have to access its
+    // length synchronized.
     return SeqTwoByteString::SizeFor(
-        reinterpret_cast<SeqTwoByteString*>(this)->length());
+        reinterpret_cast<SeqTwoByteString*>(this)->synchronized_length());
   }
   if (instance_type == FIXED_DOUBLE_ARRAY_TYPE) {
     return FixedDoubleArray::SizeFor(
-- 
2.7.4