Workaround for gcc array bound check issue

src/heap/slot-set.h

Index: src/heap/slot-set.h
diff --git a/src/heap/slot-set.h b/src/heap/slot-set.h
index 0066bf57b6cf2e8196d5bec24c3ba593a1823d71..5817f26626646a0a96c510921ee677f5f94b38c5 100644
--- a/src/heap/slot-set.h
+++ b/src/heap/slot-set.h
@@ -72,7 +72,8 @@ class SlotSet : public Malloced {
     SlotToIndices(end_offset, &end_bucket, &end_cell, &end_bit);
     uint32_t start_mask = (1u << start_bit) - 1;
     uint32_t end_mask = ~((1u << end_bit) - 1);
-    if (start_bucket == end_bucket && start_cell == end_cell) {
+    if (start_bucket == end_bucket && start_cell == end_cell &&
+       start_bucket < kBuckets) {
       MaskCell(start_bucket, start_cell, start_mask | end_mask);

[Michael Lippautz, 2016/08/18 09:19:19]

I would guess that the access in MaskCell is the problem, right?

Can we move the condition in there? Maybe something like
  if (bucket < kBuckets) {
    // masking
  } else {
    // Explain the gcc bug.
    UNREACHABLE();
  }

       return;
     }
@@ -100,7 +101,8 @@ class SlotSet : public Malloced {
     }
     // All buckets between start_bucket and end_bucket are cleared.
     DCHECK(current_bucket == end_bucket && current_cell <= end_cell);
-    if (current_bucket == kBuckets || bucket[current_bucket] == nullptr) {
+    if (current_bucket == kBuckets || (current_bucket < kBuckets &&

[Michael Lippautz, 2016/08/18 09:19:19]

If you do above, then just add a comment that refers to MaskCell.

+       bucket[current_bucket] == nullptr)) {
       return;
     }
     while (current_cell < end_cell) {
@@ -109,7 +111,9 @@ class SlotSet : public Malloced {
     }
     // All cells between start_cell and end_cell are cleared.
     DCHECK(current_bucket == end_bucket && current_cell == end_cell);
-    MaskCell(end_bucket, end_cell, end_mask);
+    if (end_bucket < kBuckets) {
+      MaskCell(end_bucket, end_cell, end_mask);
+    }
   }
 
   // The slot offset specifies a slot at address page_start_ + slot_offset.