From 69aa6e57366360ed49deb8cf51a619280c2ae709 Mon Sep 17 00:00:00 2001
From: Ulan Degenbaev <ulan@chromium.org>
Date: Fri, 29 Sep 2017 12:08:40 +0200
Subject: [PATCH] [heap] Ensure that VisitFixedArray pushes grey or black array
 in marking worklist.

Bug: chromium:769173
Change-Id: I4b3ce27d37bec19ec5cc342b4d26a2a45af34b5f
Reviewed-on: https://chromium-review.googlesource.com/691728
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48224}
---
 src/heap/incremental-marking.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/heap/incremental-marking.cc b/src/heap/incremental-marking.cc
index accb4550fe..bde6aa647c 100644
--- a/src/heap/incremental-marking.cc
+++ b/src/heap/incremental-marking.cc
@@ -214,11 +214,17 @@ class IncrementalMarkingMarkingVisitor final
       int start_offset =
           Max(FixedArray::BodyDescriptor::kStartOffset, chunk->progress_bar());
       if (start_offset < object_size) {
+        // Ensure that the object is either grey or black before pushing it
+        // into marking worklist.
+        incremental_marking_->marking_state()->WhiteToGrey(object);
         if (FLAG_concurrent_marking) {
           incremental_marking_->marking_worklist()->PushBailout(object);
         } else {
           incremental_marking_->marking_worklist()->Push(object);
         }
+        DCHECK(incremental_marking_->marking_state()->IsGrey(object) ||
+               incremental_marking_->marking_state()->IsBlack(object));
+
         int end_offset =
             Min(object_size, start_offset + kProgressBarScanningChunk);
         int already_scanned_offset = start_offset;