[heap] Fix PagedSpace::RepairFreeListsAfterDeserialization.

The function assumes that the area of a page after the high watermark is not in the free list. This does not hold if allocation observer are active during deserialization. Change-Id: I1f8d0586be6dc535e85d9da5b0fb2791f1de1031 Reviewed-on: https://chromium-review.googlesource.com/829573Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50132}

[heap] Fix PagedSpace::RepairFreeListsAfterDeserialization.
The function assumes that the area of a page after the high watermark is not in the free list. This does not hold if allocation observer are active during deserialization. Change-Id: I1f8d0586be6dc535e85d9da5b0fb2791f1de1031 Reviewed-on: https://chromium-review.googlesource.com/829573Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50132}
bb26027e · Ulan Degenbaev · Commit Bot · 80ec6420 · bb26027e
Commit bb26027e authored Dec 15, 2017 by Ulan Degenbaev Committed by Commit Bot Dec 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

spaces.cc src/heap/spaces.cc +6 -0

No files found.
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -3175,6 +3175,12 @@ void PagedSpace::RepairFreeListsAfterDeserialization() {
    }
    Address start = page->HighWaterMark();
    Address end = page->area_end();
+    if (start < end - size) {
+      // A region at the high watermark is already in free list.
+      HeapObject* filler = HeapObject::FromAddress(start);
+      CHECK(filler->IsFiller());
+      start += filler->Size();
+    }
    CHECK_EQ(size, static_cast<int>(end - start));
    heap()->CreateFillerObjectAt(start, size, ClearRecordedSlots::kNo);
  }