[heap] fix crash during the scavenge of ArrayBuffer

test/cctest/test-api.cc

Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index 7ba4a3c4a923de2f38d9aa8d2453d880a26a8b92..5bae88134cebe27176f499e1fb37cc8cd57fa783 100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -14192,6 +14192,31 @@ THREADED_TEST(SkipArrayBufferBackingStoreDuringGC) {
 }
 
 
+THREADED_TEST(SkipArrayBufferDuringScavenge) {
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  v8::HandleScope handle_scope(isolate);
+
+  // Make sure the pointer looks like a heap object
+  Local<v8::Object> tmp = v8::Object::New(isolate);
+  uint8_t* store_ptr =
+      reinterpret_cast<uint8_t*>(*reinterpret_cast<uintptr_t*>(*tmp));
+
+  // Make `store_ptr` point to from space
+  CcTest::heap()->CollectGarbage(i::NEW_SPACE);
+
+  // Create ArrayBuffer with pointer-that-cannot-be-visited in the backing store
+  Local<v8::ArrayBuffer> ab = v8::ArrayBuffer::New(isolate, store_ptr, 8);
+
+  // Should not crash

[Hannes Payer (out of office), 2015/10/21 14:54:43]

, i.e. backing store pointer should not be treated as a heap object pointer

+  CcTest::heap()->CollectGarbage(i::NEW_SPACE);  // in survivor space now
+  CcTest::heap()->CollectGarbage(i::NEW_SPACE);  // in old gen now
+
+  // Just use the `ab` to silence compiler warning

[Hannes Payer (out of office), 2015/10/21 14:54:43]

Use `ab` to...

+  CHECK_EQ(ab->GetContents().Data(), store_ptr);
+}
+
+
 THREADED_TEST(SharedUint8Array) {
   i::FLAG_harmony_sharedarraybuffer = true;
   TypedArrayTestHelper<uint8_t, v8::Uint8Array, i::FixedUint8Array,