[heap] Disallow allocation on the last page in address range

BUG=

Review URL: https://codereview.chromium.org/1899183002

Cr-Commit-Position: refs/heads/master@{#35656}

src/arm/macro-assembler-arm.cc

@@ -2072,12 +2072,11 @@ void MacroAssembler::Allocate(int object_size,
       shift += 8;
       Operand bits_operand(bits);
       DCHECK(bits_operand.instructions_required(this) == 1);
-      add(result_end, source, bits_operand, SetCC, cond);
+      add(result_end, source, bits_operand, LeaveCC, cond);
       source = result_end;
       cond = cc;
     }
   }
-  b(cs, gc_required);
   cmp(result_end, Operand(alloc_limit));
   b(hi, gc_required);
   str(result_end, MemOperand(top_address));

src/arm64/macro-assembler-arm64.cc

@@ -3090,7 +3090,7 @@ void MacroAssembler::Allocate(int object_size,
 
   // Calculate new top and bail out if new space is exhausted.
   Adds(result_end, result, object_size);
-  Ccmp(result_end, alloc_limit, CFlag, cc);
+  Ccmp(result_end, alloc_limit, NoFlag, cc);
   B(hi, gc_required);
   Str(result_end, MemOperand(top_address));
 

src/heap/spaces.cc

@@ -333,6 +333,10 @@ void MemoryAllocator::TearDown() {
   capacity_ = 0;
   capacity_executable_ = 0;
 
+  if (last_chunk_.IsReserved()) {
+    last_chunk_.Release();
+  }
+
   delete code_range_;
   code_range_ = nullptr;
 }
@@ -680,6 +684,23 @@ MemoryChunk* MemoryAllocator::AllocateChunk(intptr_t reserve_area_size,
     PerformAllocationCallback(space, kAllocationActionAllocate, chunk_size);
   }
 
+  // We cannot use the last chunk in the address space because we would
+  // overflow when comparing top and limit if this chunk is used for a
+  // linear allocation area.
+  if ((reinterpret_cast<uintptr_t>(base) + chunk_size) == 0u) {
+    CHECK(!last_chunk_.IsReserved());
+    last_chunk_.TakeControl(&reservation);
+    UncommitBlock(reinterpret_cast<Address>(last_chunk_.address()),
+                  last_chunk_.size());
+    size_.Increment(-static_cast<intptr_t>(chunk_size));
+    if (executable == EXECUTABLE) {
+      size_executable_.Increment(-static_cast<intptr_t>(chunk_size));
+    }
+    CHECK(last_chunk_.IsReserved());
+    return AllocateChunk(reserve_area_size, commit_area_size, executable,
+                         owner);
+  }
+
   return MemoryChunk::Initialize(heap, base, chunk_size, area_start, area_end,
                                  executable, owner, &reservation);
 }

src/heap/spaces.h

@@ -1465,6 +1465,8 @@ class MemoryAllocator {
 
   List<MemoryChunk*> chunk_pool_;
 
+  base::VirtualMemory last_chunk_;
+
   friend class TestCodeRangeScope;
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(MemoryAllocator);

src/ia32/macro-assembler-ia32.cc

@@ -1572,7 +1572,6 @@ void MacroAssembler::Allocate(int object_size,
     mov(top_reg, result);
   }
   add(top_reg, Immediate(object_size));
-  j(carry, gc_required);
   cmp(top_reg, Operand::StaticVariable(allocation_limit));
   j(above, gc_required);
 

src/x64/macro-assembler-x64.cc

@@ -4906,7 +4906,6 @@ void MacroAssembler::Allocate(int object_size,
     movp(top_reg, result);
   }
   addp(top_reg, Immediate(object_size));
-  j(carry, gc_required);
   Operand limit_operand = ExternalOperand(allocation_limit);
   cmpp(top_reg, limit_operand);
   j(above, gc_required);

src/x87/macro-assembler-x87.cc

@@ -1514,7 +1514,6 @@ void MacroAssembler::Allocate(int object_size,
     mov(top_reg, result);
   }
   add(top_reg, Immediate(object_size));
-  j(carry, gc_required);
   cmp(top_reg, Operand::StaticVariable(allocation_limit));
   j(above, gc_required);