[heap] Filter out stale left-trimmed handles

src/heap/mark-compact.cc

Index: src/heap/mark-compact.cc
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index 5f1c6de4a8f6fe98f91358f67b8e414fb2e91b5d..3d8a8b567769d3cbf5d452be0f9d5e40cc4d7371 100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -1418,8 +1418,34 @@ class RootMarkingVisitor : public ObjectVisitor {
   void MarkObjectByPointer(Object** p) {
     if (!(*p)->IsHeapObject()) return;
 
-    // Replace flat cons strings in place.
     HeapObject* object = HeapObject::cast(*p);
+
+    // We cannot avoid stale handles to left-trimmed objects and only make sure

[jochen (gone - plz use gerrit), 2016/06/20 09:53:27]

nit: s/and only/, but can only/

[Michael Lippautz, 2016/06/20 10:39:51]

Done.

+    // all handles still needed are updated. Filter out any stale pointers and
+    // clear the slot to allow post processing of handles (needed because the
+    // sweeper might actually free the underlying page).
+    if (object->IsFiller()) {
+#ifdef DEBUG
+      // We need to find a FixedArrayBase map after walking the fillers.
+      Heap* heap = collector_->heap();
+      HeapObject* current = object;
+      while (current->IsFiller()) {
+        Address next = reinterpret_cast<Address>(current);
+        if (current->map() == heap->one_pointer_filler_map()) {
+          next += kPointerSize;
+        } else if (current->map() == heap->two_pointer_filler_map()) {
+          next += 2 * kPointerSize;
+        } else {
+          next += current->Size();
+        }
+        current = reinterpret_cast<HeapObject*>(next);
+      }
+      DCHECK(current->IsFixedArrayBase());
+#endif  // DEBUG
+      *p = nullptr;
+      return;
+    }
+
     MarkBit mark_bit = Marking::MarkBitFrom(object);
     if (Marking::IsBlackOrGrey(mark_bit)) return;