[heap] Filter out non-heap values when tracing wrappers

We used to rely on the fact that all values kept alive through wrapper tracing were materialized as heap objects. Smis break this invariant and need to be filter out. BUG=chromium:716031 Review-Url: https://codereview.chromium.org/2852463003 Cr-Commit-Position: refs/heads/master@{#44946}
2017-04-27 08:33:04 -07:00 · 2017-04-27 08:33:04 -07:00 · 1f3a95f1f7
commit 1f3a95f1f7
parent a16c3c9105
1 changed files with 3 additions and 4 deletions
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@ -5671,11 +5671,10 @@ void Heap::TracePossibleWrapper(JSObject* js_object) {
 }

 void Heap::RegisterExternallyReferencedObject(Object** object) {
+  // The embedder is not aware of whether numbers are materialized as heap
+  // objects are just passed around as Smis.
+  if (!(*object)->IsHeapObject()) return;
  HeapObject* heap_object = HeapObject::cast(*object);
-  if (heap_object == nullptr) {
-    // We might encounter non-empty handles that point to nullptr.
-    return;
-  }
  DCHECK(Contains(heap_object));
  if (FLAG_incremental_marking_wrappers && incremental_marking()->IsMarking()) {
    IncrementalMarking::MarkGrey(this, heap_object);