From 7dd0b1ca77c675a37b7b3280b4e547106825e9e7 Mon Sep 17 00:00:00 2001
From: "ulan@chromium.org"
 <ulan@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Mon, 25 Feb 2013 12:27:28 +0000
Subject: [PATCH] Zap holes in dependent code array after deoptimizing a code
 group.

BUG=crash on GC stress builder

R=mstarzinger@chromium.org

Review URL: https://chromiumcodereview.appspot.com/12315077

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13715 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/objects.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/objects.cc b/src/objects.cc
index d9da23f..aff72b2 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -9601,9 +9601,15 @@ void DependentCode::DeoptimizeDependentCodeGroup(
     Code* code = code_at(i);
     code->set_marked_for_deoptimization(true);
   }
+  // Compact the array by moving all subsequent groups to fill in the new holes.
   for (int src = end, dst = start; src < number_of_entries; src++, dst++) {
     set_code_at(dst, code_at(src));
   }
+  // Now the holes are at the end of the array, zap them for heap-verifier.
+  int removed = end - start;
+  for (int i = number_of_entries - removed; i < number_of_entries; i++) {
+    clear_code_at(i);
+  }
   set_number_of_entries(group, 0);
   DeoptimizeDependentCodeFilter filter;
   Deoptimizer::DeoptimizeAllFunctionsWith(&filter);
-- 
2.7.4