[heap] Fix alignment of large fixed double array.

This ensures that large objects have alignment suitable for a fixed
double arrays.

Bug: chromium:1161759
Change-Id: I64fe88d641fedbb5e27c2b38c1b9a4e75cab535a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639959Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72251}

src/heap/memory-chunk-layout.cc

@@ -41,7 +41,7 @@ size_t MemoryChunkLayout::AllocatableMemoryInCodePage() {
 }
 
 intptr_t MemoryChunkLayout::ObjectStartOffsetInDataPage() {
-  return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kTaggedSize);
+  return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kDoubleSize);
 }
 
 size_t MemoryChunkLayout::ObjectStartOffsetInMemoryChunk(

test/cctest/heap/test-spaces.cc

@@ -328,6 +328,16 @@ TEST(OldLargeObjectSpace) {
 
   CHECK(lo->Contains(ho));
 
+  CHECK_EQ(0, Heap::GetFillToAlign(ho.address(), kWordAligned));
+  // All large objects have the same alignment because they start at the
+  // same offset within a page. Fixed double arrays have the most strict
+  // alignment requirements.
+  CHECK_EQ(
+      0, Heap::GetFillToAlign(
+             ho.address(),
+             HeapObject::RequiredAlignment(
+                 ReadOnlyRoots(CcTest::i_isolate()).fixed_double_array_map())));
+
   while (true) {
     {
       AllocationResult allocation = lo->AllocateRaw(lo_size);