From c5ff664bc8008c43dabb5fae7b8f13e1595982b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Fl=C3=BCckiger?= <olivf@chromium.org>
Date: Mon, 6 Feb 2023 17:51:36 +0100
Subject: [PATCH] [gc][static-roots] Fix more accesses to r/o markbits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two overlooked ones in marking barrier and cppgc.

Fixes blink tests.

Bug: v8:13717
Change-Id: I2c8beb0db1bcc38ae37a058f02da448dae9c7207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224152
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85692}
---
 src/heap/cppgc-js/unified-heap-marking-state-inl.h | 1 +
 src/heap/marking-barrier-inl.h                     | 1 +
 src/heap/marking-barrier.cc                        | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/heap/cppgc-js/unified-heap-marking-state-inl.h b/src/heap/cppgc-js/unified-heap-marking-state-inl.h
index 888bbd0c43..fd4d7cf97f 100644
--- a/src/heap/cppgc-js/unified-heap-marking-state-inl.h
+++ b/src/heap/cppgc-js/unified-heap-marking-state-inl.h
@@ -46,6 +46,7 @@ void UnifiedHeapMarkingState::MarkAndPush(
     return;
   }
   HeapObject heap_object = HeapObject::cast(object);
+  if (heap_object.InReadOnlySpace()) return;
   if (marking_state_->WhiteToGrey(heap_object)) {
     local_marking_worklist_->Push(heap_object);
   }
diff --git a/src/heap/marking-barrier-inl.h b/src/heap/marking-barrier-inl.h
index 37c31c515b..220a9a8aa8 100644
--- a/src/heap/marking-barrier-inl.h
+++ b/src/heap/marking-barrier-inl.h
@@ -72,6 +72,7 @@ void MarkingBarrier::MarkValueShared(HeapObject value) {
 }
 
 void MarkingBarrier::MarkValueLocal(HeapObject value) {
+  DCHECK(!value.InReadOnlySpace());
   if (is_minor()) {
     // We do not need to insert into RememberedSet<OLD_TO_NEW> here because the
     // C++ marking barrier already does this for us.
diff --git a/src/heap/marking-barrier.cc b/src/heap/marking-barrier.cc
index 5a31efd1d1..9ce722b47a 100644
--- a/src/heap/marking-barrier.cc
+++ b/src/heap/marking-barrier.cc
@@ -60,7 +60,7 @@ void MarkingBarrier::WriteWithoutHost(HeapObject value) {
       return;
     }
   }
-
+  if (value.InReadOnlySpace()) return;
   MarkValueLocal(value);
 }