[heap] Revise memento check

Explicitly check that the memento is not in the unallocated portion of the current LAB. Bug: v8:12612 Change-Id: Ie060f44187d2280e72e2eebb0f3c284e2d6c7446 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824337 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82396}

[heap] Revise memento check
Explicitly check that the memento is not in the unallocated portion of the current LAB. Bug: v8:12612 Change-Id: Ie060f44187d2280e72e2eebb0f3c284e2d6c7446 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824337 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82396}
361e24bc · Omer Katz · V8 LUCI CQ · a137ba54 · 361e24bc
Commit 361e24bc authored Aug 11, 2022 by Omer Katz Committed by V8 LUCI CQ Aug 11, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

heap-inl.h src/heap/heap-inl.h +2 -3

No files found.
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -393,9 +393,8 @@ AllocationMemento Heap::FindAllocationMemento(Map map, HeapObject object) {
      // another object of at least word size (the header map word) following
      // it, so suffices to compare ptr and top here.
      top = NewSpaceTop();
-      DCHECK(memento_address == top ||
-             memento_address + HeapObject::kHeaderSize <= top ||
-             !Page::OnSamePage(memento_address, top - 1));
+      DCHECK(memento_address >= new_space()->limit() ||
+             memento_address + HeapObject::kHeaderSize <= top);
      if ((memento_address != top) && memento_candidate.IsValid()) {
        return memento_candidate;
      }