[heap] Check black allocation invariant before invoking observers

Observers may start incremental marking and thus black allocation. Since the object was allocated before invocing the observer the invariant might not hold anymore. Bug: v8:7174 Change-Id: I74fe1816303bedb28b69ec5ac83fd19e588acace Reviewed-on: https://chromium-review.googlesource.com/813714Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49923}

[heap] Check black allocation invariant before invoking observers
Observers may start incremental marking and thus black allocation. Since the object was allocated before invocing the observer the invariant might not hold anymore. Bug: v8:7174 Change-Id: I74fe1816303bedb28b69ec5ac83fd19e588acace Reviewed-on: https://chromium-review.googlesource.com/813714Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49923}
cb8e8cde · Michael Lippautz · Commit Bot · 681bc9b7 · cb8e8cde
Commit cb8e8cde authored Dec 07, 2017 by Michael Lippautz Committed by Commit Bot Dec 07, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

spaces-inl.h src/heap/spaces-inl.h +2 -2

No files found.
--- a/src/heap/spaces-inl.h
+++ b/src/heap/spaces-inl.h
@@ -393,11 +393,11 @@ AllocationResult PagedSpace::AllocateRaw(int size_in_bytes,
 #endif
  HeapObject* heap_obj = nullptr;
  if (!result.IsRetry() && result.To(&heap_obj) && !is_local()) {
-    AllocationStep(static_cast<int>(size_in_bytes + bytes_since_last),
-                   heap_obj->address(), size_in_bytes);
    DCHECK_IMPLIES(
        heap()->incremental_marking()->black_allocation(),
        heap()->incremental_marking()->marking_state()->IsBlack(heap_obj));
+    AllocationStep(static_cast<int>(size_in_bytes + bytes_since_last),
+                   heap_obj->address(), size_in_bytes);
    StartNextInlineAllocationStep();
  }
  return result;