[heap] fix crash during the scavenge of ArrayBuffer

src/heap/store-buffer.h

Index: src/heap/store-buffer.h
diff --git a/src/heap/store-buffer.h b/src/heap/store-buffer.h
index 08dcebfc0815d4812b13e2333f3c24cfb0ec66f0..6173ce27cc94aaaa28319e03e286fda8a532b5b8 100644
--- a/src/heap/store-buffer.h
+++ b/src/heap/store-buffer.h
@@ -61,6 +61,11 @@ class StoreBuffer {
   // surviving old-to-new pointers into the store buffer to rebuild it.
   void IteratePointersToNewSpace(ObjectSlotCallback callback);
 
+  // Iterate pointers to from semispace of new space found in memory interval
+  // from start to end within |object|.
+  void IteratePointersToFromSpace(HeapObject* target, int size,

[Hannes Payer (out of office), 2015/10/23 11:41:19]

These methods should live in heap. They have nothing to do with the store buffer
(they can just create store buffer entries). Can you please move them to theap.

[indutny, 2015/10/23 15:17:09]

Acknowledged.

+                                  ObjectSlotCallback slot_callback);
+
   static const int kStoreBufferOverflowBit = 1 << (14 + kPointerSizeLog2);
   static const int kStoreBufferSize = kStoreBufferOverflowBit;
   static const int kStoreBufferLength = kStoreBufferSize / sizeof(Address);
@@ -158,6 +163,10 @@ class StoreBuffer {
 
   void IteratePointersInStoreBuffer(ObjectSlotCallback slot_callback);
 
+  void IterateAndMarkPointersToFromSpace(HeapObject* object, Address start,

[Hannes Payer (out of office), 2015/10/23 11:41:19]

Same same.

[indutny, 2015/10/23 15:17:09]

Acknowledged.

+                                         Address end, bool record_slots,
+                                         ObjectSlotCallback slot_callback);
+
 #ifdef VERIFY_HEAP
   void VerifyPointers(LargeObjectSpace* space);
 #endif