Ignore slots buffer overflow when recording entries of the allocation sites scratchpad.

src/heap-inl.h

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 472 matching lines @@
     OS::MemMove(dst, src, static_cast<size_t>(byte_size));
   }
 }
 
 
 void Heap::ScavengePointer(HeapObject** p) {
   ScavengeObject(p, *p);
 }
 
 
-void Heap::UpdateAllocationSiteFeedback(HeapObject* object) {
+void Heap::UpdateAllocationSiteFeedback(HeapObject* object,
+                                        ScratchpadSlotMode mode) {
   Heap* heap = object->GetHeap();
   ASSERT(heap->InFromSpace(object));
 
   if (!FLAG_allocation_site_pretenuring ||
       !AllocationSite::CanTrack(object->map()->instance_type())) return;
 
   // Check if there is potentially a memento behind the object. If
   // the last word of the momento is on another page we return
   // immediatelly. Note that we do not have to compare with the current
   // top pointer of the from space page, since we always install filler
   // objects above the top pointer of a from space page when performing
   // a garbage collection.
   Address object_address = object->address();
   Address memento_address = object_address + object->Size();
   Address last_memento_word_address = memento_address + kPointerSize;
   if (!NewSpacePage::OnSamePage(object_address,
                                 last_memento_word_address)) {
     return;
   }
 
   HeapObject* candidate = HeapObject::FromAddress(memento_address);
   if (candidate->map() != heap->allocation_memento_map()) return;
 
   AllocationMemento* memento = AllocationMemento::cast(candidate);
   if (!memento->IsValid()) return;
 
   if (memento->GetAllocationSite()->IncrementMementoFoundCount()) {
-    heap->AddAllocationSiteToScratchpad(memento->GetAllocationSite());
+    heap->AddAllocationSiteToScratchpad(memento->GetAllocationSite(), mode);
   }
 }
 
 
 void Heap::ScavengeObject(HeapObject** p, HeapObject* object) {
   ASSERT(object->GetIsolate()->heap()->InFromSpace(object));
 
   // We use the first word (where the map pointer usually is) of a heap
   // object to record the forwarding pointer.  A forwarding pointer can
   // point to an old space, the code space, or the to space of the new
   // generation.
   MapWord first_word = object->map_word();
 
   // If the first word is a forwarding address, the object has already been
   // copied.
   if (first_word.IsForwardingAddress()) {
     HeapObject* dest = first_word.ToForwardingAddress();
     ASSERT(object->GetIsolate()->heap()->InFromSpace(*p));
     *p = dest;
     return;
   }
 
-  UpdateAllocationSiteFeedback(object);
+  UpdateAllocationSiteFeedback(object, IGNORE_SCRATCHPAD_SLOT);
 
   // AllocationMementos are unrooted and shouldn't survive a scavenge
   ASSERT(object->map() != object->GetHeap()->allocation_memento_map());
   // Call the slow part of scavenge object.
   return ScavengeObjectSlow(p, object);
 }
 
 
 bool Heap::CollectGarbage(AllocationSpace space,
                           const char* gc_reason,
@@ skipping 290 matching lines @@
 #ifdef DEBUG
   Isolate* isolate = Isolate::Current();
   isolate->heap()->disallow_allocation_failure_ = old_state_;
 #endif
 }
 
 
 } }  // namespace v8::internal
 
 #endif  // V8_HEAP_INL_H_