From 5df56fd975fd85a5f31add9e4954cdb5e99a1754 Mon Sep 17 00:00:00 2001
From: "mvstanton@chromium.org"
 <mvstanton@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 19 Sep 2013 09:15:29 +0000
Subject: [PATCH] Revert ("Chromium 284577 needs a mitigation CL added."
 (svn-id 16742)) Also change a check in heap-inl.h for diagnosing 284577 into
 an assert.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/24259005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap-inl.h |  4 ++--
 src/objects.cc | 13 +------------
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/src/heap-inl.h b/src/heap-inl.h
index 6c33cfc..e11dec8 100644
--- a/src/heap-inl.h
+++ b/src/heap-inl.h
@@ -525,8 +525,8 @@ void Heap::ScavengeObject(HeapObject** p, HeapObject* object) {
     return;
   }
 
-  // TODO(hpayer): temporary debugging code for issue 284577.
-  CHECK(object->map() != object->GetHeap()->allocation_memento_map());
+  // AllocationMementos are unrooted and shouldn't survive a scavenge
+  ASSERT(object->map() != object->GetHeap()->allocation_memento_map());
   // Call the slow part of scavenge object.
   return ScavengeObjectSlow(p, object);
 }
diff --git a/src/objects.cc b/src/objects.cc
index a5fe097..f8897b0 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -8971,18 +8971,7 @@ AllocationMemento* AllocationMemento::FindForJSObject(JSObject* object) {
           object->GetHeap()->allocation_memento_map()) {
         AllocationMemento* memento = AllocationMemento::cast(
             reinterpret_cast<Object*>(ptr_end + kHeapObjectTag));
-
-        // TODO(mvstanton): because of chromium bug 284577, put extra care
-        // into validating that the memento points to a valid AllocationSite.
-        // This check is expensive so remove it asap. Also, this check
-        // HIDES bug 284577, so it must be disabled to debug/diagnose.
-        Object* site = memento->allocation_site();
-        Heap* heap = object->GetHeap();
-        if (heap->InOldPointerSpace(site) &&
-            site->IsHeapObject() &&
-            HeapObject::cast(site)->map() == heap->allocation_site_map()) {
-          return memento;
-        }
+        return memento;
       }
     }
   }
-- 
2.7.4