Deal with filler object map pointers in the ool constant pool correctly.

src/store-buffer.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 505 matching lines @@
 void StoreBuffer::FindPointersToNewSpaceOnPage(
     PagedSpace* space,
     Page* page,
     RegionCallback region_callback,
     ObjectSlotCallback slot_callback,
     bool clear_maps) {
   Address visitable_start = page->area_start();
   Address end_of_page = page->area_end();
 
   Address visitable_end = visitable_start;
+  Address current_constant_pool_end = 0;
 
   Object* free_space_map = heap_->free_space_map();
   Object* two_pointer_filler_map = heap_->two_pointer_filler_map();
+  Object* constant_pool_array_map = heap_->constant_pool_array_map();
 
   while (visitable_end < end_of_page) {
     Object* o = *reinterpret_cast<Object**>(visitable_end);
+    if (o == constant_pool_array_map) {

[Hannes Payer (out of office), 2014/03/03 13:56:13]

I don't think a constant pool can contain old-to-new references, right? In that
case you could just skip the constant pool right away.

[rmcilroy, 2014/03/03 15:07:48]

You are right, skipping it entirely probably simpler. The one thing I was
considering was that this is called from VerifyPointers, so we might want to
ensure that we hadn't accidentally added new-space pointers into a
ConstantPoolArray, but since VerifyPointers only has a dummy ObjectSlotCallback
this probably isn't worth while anyway.

I've uploaded a change to just skip constant pool arrays.

+      // Constant pool arrays can contain pointers to the free_space_map or
+      // two_pointer_filler_map which should not be treated as fillers objects.
+      current_constant_pool_end =
+          visitable_end + HeapObject::FromAddress(visitable_end)->Size();
+    }
     // Skip fillers but not things that look like fillers in the special
     // garbage section which can contain anything.
     if (o == free_space_map ||
         o == two_pointer_filler_map ||
         (visitable_end == space->top() && visitable_end != space->limit())) {
       if (visitable_start != visitable_end) {
         // After calling this the special garbage section may have moved.
         (this->*region_callback)(visitable_start,
                                  visitable_end,
                                  slot_callback,
                                  clear_maps);
         if (visitable_end >= space->top() && visitable_end < space->limit()) {
           visitable_end = space->limit();
           visitable_start = visitable_end;
           continue;
         }
       }
       if (visitable_end == space->top() && visitable_end != space->limit()) {
         visitable_start = visitable_end = space->limit();
+      } else if (visitable_end <= current_constant_pool_end) {
+        // If we are still within a constant pool object then we don't treat
+        // free_space_map or two_pointer_filler_map as filler objects, since
+        // they are just pointers to the map objects used by compiled code.
+        visitable_end += kPointerSize;
       } else {
         // At this point we are either at the start of a filler or we are at
         // the point where the space->top() used to be before the
         // visit_pointer_region call above.  Either way we can skip the
         // object at the current spot:  We don't promise to visit objects
         // allocated during heap traversal, and if space->top() moved then it
         // must be because an object was allocated at this point.
         visitable_start =
             visitable_end + HeapObject::FromAddress(visitable_end)->Size();
         visitable_end = visitable_start;
@@ skipping 163 matching lines @@
     }
     old_buffer_is_sorted_ = false;
     old_buffer_is_filtered_ = false;
     *old_top_++ = reinterpret_cast<Address>(int_addr << kPointerSizeLog2);
     ASSERT(old_top_ <= old_limit_);
   }
   heap_->isolate()->counters()->store_buffer_compactions()->Increment();
 }
 
 } }  // namespace v8::internal