[heap] Update InvalidatedSlotsFilter for map space compaction

* Map may be forwarded here, so use IsMapOrForwardedMap in DCHECK
* Code didn't expect a slot in the map word.

Bug: v8:12578
Change-Id: I8dd9cd57fb1336e0014812b7a2e35dc209f78a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429292Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78915}

src/heap/invalidated-slots-inl.h

@@ -31,14 +31,19 @@ bool InvalidatedSlotsFilter::IsValid(Address slot) {
   HeapObject invalidated_object = HeapObject::FromAddress(invalidated_start_);
 
   if (invalidated_size_ == 0) {
-    DCHECK(invalidated_object.map().IsMap());
+    DCHECK(MarkCompactCollector::IsMapOrForwardedMap(invalidated_object.map()));
     invalidated_size_ = invalidated_object.Size();
   }
 
   int offset = static_cast<int>(slot - invalidated_start_);
-  DCHECK_GT(offset, 0);
+
+  // OLD_TO_OLD can have slots in map word unlike other remembered sets.
+  DCHECK_GE(offset, 0);
+  DCHECK_IMPLIES(remembered_set_type_ != OLD_TO_OLD, offset > 0);
+
   if (offset < invalidated_size_)
-    return invalidated_object.IsValidSlot(invalidated_object.map(), offset);
+    return offset == 0 ||
+           invalidated_object.IsValidSlot(invalidated_object.map(), offset);
 
   NextInvalidatedObject();
   return true;

src/heap/invalidated-slots.cc

@@ -13,15 +13,19 @@ namespace v8 {
 namespace internal {
 
 InvalidatedSlotsFilter InvalidatedSlotsFilter::OldToOld(MemoryChunk* chunk) {
-  return InvalidatedSlotsFilter(chunk, chunk->invalidated_slots<OLD_TO_OLD>());
+  return InvalidatedSlotsFilter(chunk, chunk->invalidated_slots<OLD_TO_OLD>(),
+                                OLD_TO_OLD);
 }
 
 InvalidatedSlotsFilter InvalidatedSlotsFilter::OldToNew(MemoryChunk* chunk) {
-  return InvalidatedSlotsFilter(chunk, chunk->invalidated_slots<OLD_TO_NEW>());
+  return InvalidatedSlotsFilter(chunk, chunk->invalidated_slots<OLD_TO_NEW>(),
+                                OLD_TO_NEW);
 }
 
 InvalidatedSlotsFilter::InvalidatedSlotsFilter(
-    MemoryChunk* chunk, InvalidatedSlots* invalidated_slots) {
+    MemoryChunk* chunk, InvalidatedSlots* invalidated_slots,
+    RememberedSetType remembered_set_type) {
+  USE(remembered_set_type);
   invalidated_slots = invalidated_slots ? invalidated_slots : &empty_;
 
   iterator_ = invalidated_slots->begin();
@@ -36,6 +40,7 @@ InvalidatedSlotsFilter::InvalidatedSlotsFilter(
 
 #ifdef DEBUG
   last_slot_ = chunk->area_start();
+  remembered_set_type_ = remembered_set_type;
 #endif
 }
 

src/heap/invalidated-slots.h

@@ -9,6 +9,7 @@
 #include <stack>
 
 #include "src/base/atomic-utils.h"
+#include "src/heap/memory-chunk-layout.h"
 #include "src/objects/heap-object.h"
 #include "src/utils/allocation.h"
 #include "src/utils/utils.h"
@@ -33,11 +34,13 @@ class V8_EXPORT_PRIVATE InvalidatedSlotsFilter {
   static InvalidatedSlotsFilter OldToOld(MemoryChunk* chunk);
   static InvalidatedSlotsFilter OldToNew(MemoryChunk* chunk);
 
-  explicit InvalidatedSlotsFilter(MemoryChunk* chunk,
-                                  InvalidatedSlots* invalidated_slots);
   inline bool IsValid(Address slot);
 
  private:
+  explicit InvalidatedSlotsFilter(MemoryChunk* chunk,
+                                  InvalidatedSlots* invalidated_slots,
+                                  RememberedSetType remembered_set_type);
+
   InvalidatedSlots::const_iterator iterator_;
   InvalidatedSlots::const_iterator iterator_end_;
   Address sentinel_;
@@ -47,6 +50,7 @@ class V8_EXPORT_PRIVATE InvalidatedSlotsFilter {
   InvalidatedSlots empty_;
 #ifdef DEBUG
   Address last_slot_;
+  RememberedSetType remembered_set_type_;
 #endif
 
  private: