Questions about heap verify

[孙志朋]

v8 version :7.2

I have add some checks  in Heap::CollectGarbage, 

code snippet:

-----------------------------------------

OptionalTimedHistogramScope histogram_timer_priority_scope(

          gc_type_priority_timer, isolate_, mode);

      VerifyPointersVisitor no_dirty_regions_visitor0(this);  // new added0

      code_space_->Verify(isolate(), &no_dirty_regions_visitor0); // new added1

      code_lo_space_->Verify(isolate());       // new added2

      next_gc_likely_to_collect_more =

          PerformGarbageCollection(collector, gc_callback_flags);

      if (collector == MARK_COMPACTOR || collector == SCAVENGER) {

        tracer()->RecordGCPhasesHistograms(gc_type_timer);

      }

      VerifyPointersVisitor no_dirty_regions_visitor1(this);     // new added3

      code_space_->Verify(isolate(), &no_dirty_regions_visitor1);// new added4

      code_lo_space_->Verify(isolate());// new added5

-----------------------------------------

with this change, my application may crash at "new added5".   

crash reason : the code object's have wrong embeded object.  

code object print:

-------------------------

2 0x9f302001: [Code]

  3  - map: 0xac100551 <Map>

  4 kind = STUB

  5 compiler = unknown

  6 address = 0x9eebbf80

  7

  8 Instructions (size = 1272)

  9 0x9f302040     0  e30ec5ec       movw ip, #58860             ;; object: ì

 10

 11                                                              ;; object: ì

 12

 13                                                              ;; object: ì

 14

 15 0x9f302044     4  e34ac94a       movt ip, #43338             ;; wasm stub call

-------------------------

and what's the most  strange thing was we never allocate an large code object.  

why the code_lo_space_'s verify can cause an error ?

[孙志朋]

sorry， the v8 version is 7.5

and I found that immovable code was allocated in large object space.   but the crash was still Incomprehensible.