[heap] Filter slots in map space

We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.

This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.

BUG=chromium:638226
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2251993002
Cr-Commit-Position: refs/heads/master@{#38681}

src/heap/remembered-set.cc

@@ -39,19 +39,19 @@ void RememberedSet<direction>::ClearInvalidSlots(Heap* heap) {
           });
     }
   }
-  if (Heap::ShouldZapGarbage()) {
-    // Need to filter invalid slots as we overwrite them with zap values in
-    // during sweeping which runs concurrently with pointer updating.
   for (MemoryChunk* chunk : *heap->map_space()) {
     SlotSet* slots = GetSlotSet(chunk);
     if (slots != nullptr) {
       slots->Iterate([heap, chunk](Address addr) {
         Object** slot = reinterpret_cast<Object**>(addr);
+        // TODO(mlippautz): In map space all allocations would ideally be map
+        // aligned. After establishing this invariant IsValidSlot could just
+        // refer to the containing object using alignment and check the mark
+        // bits.
         return IsValidSlot(heap, chunk, slot) ? KEEP_SLOT : REMOVE_SLOT;
       });
     }
   }
-  }
 }
 
 template <PointerDirection direction>