Verify that double unboxing is never performed on large objects.

author hpayer <hpayer@chromium.org>

Wed, 8 Jul 2015 16:08:31 +0000 (09:08 -0700)

committer Commit bot <commit-bot@chromium.org>

Wed, 8 Jul 2015 16:08:43 +0000 (16:08 +0000)
author hpayer <hpayer@chromium.org>
Wed, 8 Jul 2015 16:08:31 +0000 (09:08 -0700)
committer Commit bot <commit-bot@chromium.org>
Wed, 8 Jul 2015 16:08:43 +0000 (16:08 +0000)
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc

index 0806b25..dfaac73 100644 (file)
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -3046,6 +3046,11 @@ void LargeObjectSpace::Verify() {
      CHECK(map->IsMap());
      CHECK(heap()->map_space()->Contains(map));
  
+    // Double unboxing in LO space is not allowed. This would break the
+    // lookup mechanism for store and slot buffer entries which use the
+    // page header tag.
+    CHECK(object->ContentType() != HeapObjectContents::kMixedValues);
+
      // We have only code, sequential strings, external strings
      // (sequential strings that have been morphed into external
      // strings), fixed arrays, byte arrays, and constant pool arrays in the
author	hpayer <hpayer@chromium.org>
	Wed, 8 Jul 2015 16:08:31 +0000 (09:08 -0700)
committer	Commit bot <commit-bot@chromium.org>
	Wed, 8 Jul 2015 16:08:43 +0000 (16:08 +0000)