[heap] Fix allocation observer for young large objects
The allocation observer step should be called only after the page flags
of the young large object are properly set up.
Bug: chromium:852420
Change-Id: I9f537a7c1d6b7aa15ccbe58006e3957a2ec2ab5c
Reviewed-on: https://chromium-review.googlesource.com/c/1477735
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59696}
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index f187b39..4122dd3 100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -3463,6 +3463,7 @@
heap()->incremental_marking()->marking_state()->IsBlack(object));
page->InitializationMemoryFence();
heap()->NotifyOldGenerationExpansion();
+ AllocationStep(object_size, object->address(), object_size);
return object;
}
@@ -3479,7 +3480,6 @@
heap()->CreateFillerObjectAt(object->address(), object_size,
ClearRecordedSlots::kNo);
- AllocationStep(object_size, object->address(), object_size);
return page;
}
@@ -3779,6 +3779,7 @@
page->InitializationMemoryFence();
DCHECK(page->IsLargePage());
DCHECK_EQ(page->owner()->identity(), NEW_LO_SPACE);
+ AllocationStep(object_size, result->address(), object_size);
return result;
}