[ext-code-space] Fix DCHECKs in VisitSpillSlot

... to match new encoding of the forwarding pointers. Bug: v8:11880, chromium:1393256 Change-Id: I8bc8183c22ef8933c02470d5c8ed77cf83489e0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069706 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#84601}
2022-12-01 16:05:49 +01:00 · 2022-12-01 16:05:49 +01:00 · 32b7dc86a7
commit 32b7dc86a7
parent 56b455ea57
2 changed files with 14 additions and 4 deletions
--- a/src/execution/frames.cc
+++ b/src/execution/frames.cc
@ -1119,8 +1119,8 @@ void VisitSpillSlot(Isolate* isolate, RootVisitor* v,
                                   ? map_word.ToForwardingAddress(raw)
                                   : raw;
        bool is_self_forwarded =
-            forwarded.map_word(cage_base, kRelaxedLoad).ptr() ==
-            forwarded.address();
+            forwarded.map_word(cage_base, kRelaxedLoad) ==
+            MapWord::FromForwardingAddress(forwarded, forwarded);
        if (is_self_forwarded) {
          // The object might be in a self-forwarding state if it's located
          // in new large object space. GC will fix this at a later stage.
--- a/src/objects/objects.h
+++ b/src/objects/objects.h
@ -904,7 +904,17 @@ class MapWord {
  // View this map word as a forwarding address.
  inline HeapObject ToForwardingAddress(HeapObject map_word_host);

-  inline Address ptr() { return value_; }
+  constexpr inline Address ptr() const { return value_; }
+
+  // When pointer compression is enabled, MapWord is uniquely identified by
+  // the lower 32 bits. On the other hand full-value comparison is not correct
+  // because map word in a forwarding state might have corrupted upper part.
+  constexpr bool operator==(MapWord other) const {
+    return static_cast<Tagged_t>(ptr()) == static_cast<Tagged_t>(other.ptr());
+  }
+  constexpr bool operator!=(MapWord other) const {
+    return static_cast<Tagged_t>(ptr()) != static_cast<Tagged_t>(other.ptr());
+  }

 #ifdef V8_MAP_PACKING
  static constexpr Address Pack(Address map) {
@ -929,7 +939,7 @@ class MapWord {
  template <typename TFieldType, int kFieldOffset, typename CompressionScheme>
  friend class TaggedField;

-  explicit MapWord(Address value) : value_(value) {}
+  explicit constexpr MapWord(Address value) : value_(value) {}

  Address value_;
 };