Make memento checks more stable. Add filler at the end of new space and check if object and memento…

src/heap-inl.h

Index: src/heap-inl.h
diff --git a/src/heap-inl.h b/src/heap-inl.h
index b1657ab9878dca4c5b1145bb06788e96ac4b9c25..f28b82c732a71088b46dcb9e93f4e85c470ec78f 100644
--- a/src/heap-inl.h
+++ b/src/heap-inl.h
@@ -493,15 +493,21 @@ void Heap::UpdateAllocationSiteFeedback(HeapObject* object) {
   if (!FLAG_allocation_site_pretenuring ||
       !AllocationSite::CanTrack(object->map()->instance_type())) return;
 
-  // Either object is the last object in the from space, or there is another
-  // object of at least word size (the header map word) following it, so
-  // suffices to compare ptr and top here.
-  Address ptr = object->address() + object->Size();
-  Address top = heap->new_space()->FromSpacePageHigh();
-  ASSERT(ptr == top || ptr + HeapObject::kHeaderSize <= top);
-  if (ptr == top) return;
-
-  HeapObject* candidate = HeapObject::FromAddress(ptr);
+  // Check if there is potentially a memento behind the object. If
+  // the last word of the momento is on another page we return
+  // immediatelly. Note that we do not have to compare with the current
+  // top pointer of the from space page, since we always install filler
+  // objects above the top pointer of a from space page when performing
+  // a garbage collection.
+  Address object_address = object->address();
+  Address memento_address = object_address + object->Size();
+  Address last_memento_word_address = memento_address + kPointerSize;
+  if (!NewSpacePage::OnSamePage(object_address,
+                                last_memento_word_address)) {
+    return;
+  }
+
+  HeapObject* candidate = HeapObject::FromAddress(memento_address);
   if (candidate->map() != heap->allocation_memento_map()) return;
 
   AllocationMemento* memento = AllocationMemento::cast(candidate);