if (alignment != kObjectAlignment) {
target = EnsureDoubleAligned(heap, target, allocation_size);
}
+ MigrateObject(heap, object, target, object_size);
- // Order is important: slot might be inside of the target if target
- // was allocated over a dead object and slot comes from the store
- // buffer.
+ // Update slot to new target.
*slot = target;
- MigrateObject(heap, object, target, object_size);
heap->IncrementSemiSpaceCopiedObjectSize(object_size);
return true;
if (alignment != kObjectAlignment) {
target = EnsureDoubleAligned(heap, target, allocation_size);
}
-
- // Order is important: slot might be inside of the target if target
- // was allocated over a dead object and slot comes from the store
- // buffer.
-
- // Unfortunately, the allocation can also write over the slot if the slot
- // was in free space and the allocation wrote free list data (such as the
- // free list map or entry size) over the slot. We guard against this by
- // checking that the slot still points to the object being moved. This
- // should be sufficient because neither the free list map nor the free
- // list entry size should look like a new space pointer (the former is an
- // old space pointer, the latter is word-aligned).
- if (*slot == object) {
- *slot = target;
- }
MigrateObject(heap, object, target, object_size);
+ // Update slot to new target.
+ *slot = target;
+
if (object_contents == POINTER_OBJECT) {
if (map->instance_type() == JS_FUNCTION_TYPE) {
heap->promotion_queue()->insert(target,
projects / platform / upstream / v8.git / commitdiff