Relax assertion in StoreBuffer::FindPointersToNewSpaceInMapsRegion

Since r21232, maps are now a non-power-of-two size and thus don't fit
evenly into a page.  No test case, as it is somewhat difficult to get
this condition to trigger.  It is possible with this case, however:

    var result;

    (function() {
        for (var i = 0; i < 1e7; i++) {
            result = (function*() { yield 1; })();
            result.foo = 1;
        }
    })();

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/291913002

Patch from Andy Wingo <wingo@igalia.com>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21744 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/store-buffer.cc b/src/store-buffer.cc
index 3da50f6..5ec3e54 100644 (file)
--- a/src/store-buffer.cc
+++ b/src/store-buffer.cc
@@ -450,7 +450,7 @@ void StoreBuffer::FindPointersToNewSpaceInMapsRegion(
   Address map_aligned_end   = MapEndAlign(end);
 
   ASSERT(map_aligned_start == start);
-  ASSERT(map_aligned_end == end);
+  ASSERT(map_aligned_start <= map_aligned_end && map_aligned_end <= end);
 
   FindPointersToNewSpaceInMaps(map_aligned_start,
                                map_aligned_end,