Fix numerous bugs introduced by reducing Page::kMaxHeapObjectSize.

src/spaces.cc

 // Copyright 2006-2010 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 1755 matching lines @@
       accounting_stats_.AllocateBytes(size_in_bytes);
 
       HeapObject* obj = HeapObject::cast(result);
       Page* p = Page::FromAddress(obj->address());
 
       if (obj->address() >= p->AllocationWatermark()) {
         // There should be no hole between the allocation watermark
         // and allocated object address.
         // Memory above the allocation watermark was not swept and
         // might contain garbage pointers to new space.
-        ASSERT(obj->address() == p->AllocationWatermark());
+        if (obj->address() != p->AllocationWatermark()) {
+          // TODO(gc) this is waste of time. we should enable linear allocation
+          // at least from above watermark
+          HeapObject* filler =
+              HeapObject::FromAddress(p->AllocationWatermark());
+          while (filler->address() < obj->address()) {
+            Address next_filler = filler->address() + filler->Size();
+            if (filler->Size() > ByteArray::kHeaderSize) {
+              for (Address slot = filler->address() + ByteArray::kHeaderSize;
+                   slot < next_filler;
+                   slot += kPointerSize) {
+                Memory::Address_at(slot) = 0;
+              }
+            }
+            filler = HeapObject::FromAddress(next_filler);
+          }
+        }
         p->SetAllocationWatermark(obj->address() + size_in_bytes);
       }
 
       return obj;
     }
   }
 
   // Free list allocation failed and there is no next page.  Fail if we have
   // hit the old generation size limit that should cause a garbage
   // collection.
   if (!Heap::always_allocate() && Heap::OldGenerationAllocationLimitReached()) {
     return NULL;
   }
 
   // Try to expand the space and allocate in the new next page.
   ASSERT(!current_page->next_page()->is_valid());
   if (Expand()) {
     return AllocateInNextPage(current_page, size_in_bytes);
   }
 
   // Finally, fail.
   return NULL;
 }
 
 
 void OldSpace::PutRestOfCurrentPageOnFreeList(Page* current_page) {
   current_page->SetAllocationWatermark(allocation_info_.top);
   int free_size =
       static_cast<int>(current_page->ObjectAreaEnd() - allocation_info_.top);
-  if (free_size > 0) {
-    int wasted_bytes = free_list_.Free(allocation_info_.top, free_size);
-    accounting_stats_.WasteBytes(wasted_bytes);
-  }
+  if (free_size > 0) AddToFreeList(allocation_info_.top, free_size);
 }
 
 
 void FixedSpace::PutRestOfCurrentPageOnFreeList(Page* current_page) {
   current_page->SetAllocationWatermark(allocation_info_.top);
   int free_size =
       static_cast<int>(current_page->ObjectAreaEnd() - allocation_info_.top);
   // In the fixed space free list all the free list items have the right size.
   // We use up the rest of the page while preserving this invariant.
   while (free_size >= object_size_in_bytes_) {
@@ skipping 640 matching lines @@
   for (HeapObject* obj = obj_it.next(); obj != NULL; obj = obj_it.next()) {
     if (obj->IsCode()) {
       Code* code = Code::cast(obj);
       code_kind_statistics[code->kind()] += code->Size();
     }
   }
 }
 #endif  // DEBUG
 
 } }  // namespace v8::internal