[ext-code-space] Fix spill slot check for objects from NEW_LO_SPACE

Bug: v8:11880, chromium:1296036 Change-Id: Ib27b144c8258218f3ae28a6692f97a8f35679fec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474675Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79174}

[ext-code-space] Fix spill slot check for objects from NEW_LO_SPACE
Bug: v8:11880, chromium:1296036 Change-Id: Ib27b144c8258218f3ae28a6692f97a8f35679fec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474675Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79174}
05169ec0 · Igor Sheludko · V8 LUCI CQ · f03bf4c4 · 05169ec0
Commit 05169ec0 authored Feb 18, 2022 by Igor Sheludko Committed by V8 LUCI CQ Feb 18, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

frames.cc src/execution/frames.cc +11 -1

No files found.
--- a/src/execution/frames.cc
+++ b/src/execution/frames.cc
@@ -1203,7 +1203,17 @@ void CommonFrame::IterateCompiledFrame(RootVisitor* v) const {
            HeapObject forwarded = map_word.IsForwardingAddress()
                                       ? map_word.ToForwardingAddress()
                                       : raw;
-            CHECK(forwarded.map(cage_base).IsMap());
+            bool is_self_forwarded =
+                forwarded.map_word(cage_base, kRelaxedLoad).ptr() ==
+                forwarded.address();
+            if (is_self_forwarded) {
+              // The object might be in a self-forwarding state if it's located
+              // in new large object space. GC will fix this at a later stage.
+              CHECK(BasicMemoryChunk::FromHeapObject(forwarded)
+                        ->InNewLargeObjectSpace());
+            } else {
+              CHECK(forwarded.map(cage_base).IsMap(cage_base));
+            }
          }
        }
      } else {