Better fix for MemoryChunk::owner().

Pointer arithmetic such as "owner_ - kFailureTag" is undefined behaviour
unless owner_ points to a valid object.

This allowed Clang to assume the subtraction would never be NULL,
causing problems in the caller (see https://codereview.chromium.org/12090072/).

To fix this, we should cast owner_ to intptr_t before doing the
arithmetic.

Review URL: https://codereview.chromium.org/12096089
Patch from Hans Wennborg <hans@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13570 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/spaces.cc

@@ -711,7 +711,7 @@ LargePage* MemoryAllocator::AllocateLargePage(intptr_t object_size,
 
 void MemoryAllocator::Free(MemoryChunk* chunk) {
   LOG(isolate_, DeleteEvent("MemoryChunk", chunk));
-  if (chunk->has_owner()) {
+  if (chunk->owner() != NULL) {
     ObjectSpace space =
         static_cast<ObjectSpace>(1 << chunk->owner()->identity());
     PerformAllocationCallback(space, kAllocationActionFree, chunk->size());

src/spaces.h

@@ -320,7 +320,8 @@ class MemoryChunk {
   Space* owner() const {
     if ((reinterpret_cast<intptr_t>(owner_) & kFailureTagMask) ==
         kFailureTag) {
-      return reinterpret_cast<Space*>(owner_ - kFailureTag);
+      return reinterpret_cast<Space*>(reinterpret_cast<intptr_t>(owner_) -
+                                      kFailureTag);
     } else {
       return NULL;
     }
@@ -333,14 +334,6 @@ class MemoryChunk {
            kFailureTag);
   }
 
-  // Workaround for a bug in Clang-3.3 which in some situations optimizes away
-  // an "if (chunk->owner() != NULL)" check.
-  bool has_owner() {
-    if (owner_ == 0) return false;
-    if (reinterpret_cast<intptr_t>(owner_) == kFailureTag) return false;
-    return true;
-  }
-
   VirtualMemory* reserved_memory() {
     return &reservation_;
   }