[ext-code-space] Fix spill slot correctness check

The old check didn't expect to see an already evacuated object. Bug: v8:11880 Change-Id: I5a105e3ae8c04df0061e96f0650c5bd3e66264de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264286 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77736}

[ext-code-space] Fix spill slot correctness check
The old check didn't expect to see an already evacuated object. Bug: v8:11880 Change-Id: I5a105e3ae8c04df0061e96f0650c5bd3e66264de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264286 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77736}
0599776f · Igor Sheludko · V8 LUCI CQ · ed0a8599 · 0599776f
Commit 0599776f authored Nov 05, 2021 by Igor Sheludko Committed by V8 LUCI CQ Nov 05, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

frames.cc src/execution/frames.cc +9 -4

No files found.
--- a/src/execution/frames.cc
+++ b/src/execution/frames.cc
@@ -1124,10 +1124,15 @@ void CommonFrame::IterateCompiledFrame(RootVisitor* v) const {
          // We don't need to update smi values or full pointers.
          *spill_slot.location() =
              DecompressTaggedPointer(cage_base, static_cast<Tagged_t>(value));
-          // Ensure that the spill slot contains correct heap object.
-          DCHECK(HeapObject::cast(Object(*spill_slot.location()))
-                     .map(cage_base)
-                     .IsMap());
+          if (DEBUG_BOOL) {
+            // Ensure that the spill slot contains correct heap object.
+            HeapObject raw = HeapObject::cast(Object(*spill_slot.location()));
+            MapWord map_word = raw.map_word(cage_base, kRelaxedLoad);
+            HeapObject forwarded = map_word.IsForwardingAddress()
+                                       ? map_word.ToForwardingAddress()
+                                       : raw;
+            CHECK(forwarded.map(cage_base).IsMap());
+          }
        }
      } else {
        Tagged_t compressed_value =