From 9ec7e04ddc0453c045b29e4cfd9eda0154e3c800 Mon Sep 17 00:00:00 2001
From: Ross McIlroy <rmcilroy@chromium.org>
Date: Wed, 12 Dec 2018 12:36:42 +0000
Subject: [PATCH] [Heap] Allow UncompiledDataWithoutPreParsedScope in LO space.

Bytecode flushing can overwrite a bytecode array with an UncompiledDataWithoutPreParsedScope.
Since the bytecode array could be in the LO space, then we also need to allow
UncompiledDataWithoutPreParsedScope in the LO space if it has overwritten a large
bytecode array.

BUG=v8:8395

Change-Id: I1b83b5c7a61830f5576260a4f4f4c0b689818acc
Reviewed-on: https://chromium-review.googlesource.com/c/1373775
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58186}
---
 src/heap/spaces.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index e4058cd52e..02673e9e74 100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -3642,7 +3642,8 @@ void LargeObjectSpace::Verify(Isolate* isolate) {
           object->IsPropertyArray() || object->IsByteArray() ||
           object->IsFeedbackVector() || object->IsBigInt() ||
           object->IsFreeSpace() || object->IsFeedbackMetadata() ||
-          object->IsContext());
+          object->IsContext() ||
+          object->IsUncompiledDataWithoutPreParsedScope());
 
     // The object itself should look OK.
     object->ObjectVerify(isolate);