Reviewers: Igor Sheludko,
Description:
Verify that double unboxing is never performed on large objects.
BUG=
Please review this at https://codereview.chromium.org/1214673007/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+5, -0 lines):
M src/heap/spaces.cc
Index: src/heap/spaces.cc
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index
0806b2565da68f802c9b06041efd8fe9858312dc..dfaac73ffd10a4c7722a4ebd70d33bb8aa7d063a
100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -3046,6 +3046,11 @@ void LargeObjectSpace::Verify() {
CHECK(map->IsMap());
CHECK(heap()->map_space()->Contains(map));
+ // Double unboxing in LO space is not allowed. This would break the
+ // lookup mechanism for store and slot buffer entries which use the
+ // page header tag.
+ CHECK(object->ContentType() != HeapObjectContents::kMixedValues);
+
// We have only code, sequential strings, external strings
// (sequential strings that have been morphed into external
// strings), fixed arrays, byte arrays, and constant pool arrays in the
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
