Revert ("Chromium 284577 needs a mitigation CL added." (svn-id 16742))

Also change a check in heap-inl.h for diagnosing 284577 into an assert.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/24259005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/heap-inl.h b/src/heap-inl.h
index 6c33cfc..e11dec8 100644 (file)
--- a/src/heap-inl.h
+++ b/src/heap-inl.h
@@ -525,8 +525,8 @@ void Heap::ScavengeObject(HeapObject** p, HeapObject* object) {
     return;
   }
 
-  // TODO(hpayer): temporary debugging code for issue 284577.
-  CHECK(object->map() != object->GetHeap()->allocation_memento_map());
+  // AllocationMementos are unrooted and shouldn't survive a scavenge
+  ASSERT(object->map() != object->GetHeap()->allocation_memento_map());
   // Call the slow part of scavenge object.
   return ScavengeObjectSlow(p, object);
 }

diff --git a/src/objects.cc b/src/objects.cc
index a5fe097..f8897b0 100644 (file)
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -8971,18 +8971,7 @@ AllocationMemento* AllocationMemento::FindForJSObject(JSObject* object) {
           object->GetHeap()->allocation_memento_map()) {
         AllocationMemento* memento = AllocationMemento::cast(
             reinterpret_cast<Object*>(ptr_end + kHeapObjectTag));
-
-        // TODO(mvstanton): because of chromium bug 284577, put extra care
-        // into validating that the memento points to a valid AllocationSite.
-        // This check is expensive so remove it asap. Also, this check
-        // HIDES bug 284577, so it must be disabled to debug/diagnose.
-        Object* site = memento->allocation_site();
-        Heap* heap = object->GetHeap();
-        if (heap->InOldPointerSpace(site) &&
-            site->IsHeapObject() &&
-            HeapObject::cast(site)->map() == heap->allocation_site_map()) {
-          return memento;
-        }
+        return memento;
       }
     }
   }