1 files changed, 17 insertions, 15 deletions

diff --git a/deps/v8/src/heap/cppgc/object-start-bitmap.h b/deps/v8/src/heap/cppgc/object-start-bitmap.h
index dff8b6eae3..cf45d29190 100644
--- a/deps/v8/src/heap/cppgc/object-start-bitmap.h
+++ b/deps/v8/src/heap/cppgc/object-start-bitmap.h
@@ -28,7 +28,8 @@ namespace internal {
 // - kAllocationGranularity
 //
 // ObjectStartBitmap supports concurrent reads from multiple threads but
-// only a single mutator thread can write to it.
+// only a single mutator thread can write to it. ObjectStartBitmap relies on
+// being allocated inside the same normal page.
 class V8_EXPORT_PRIVATE ObjectStartBitmap {
  public:
   // Granularity of addresses added to the bitmap.
@@ -39,7 +40,7 @@ class V8_EXPORT_PRIVATE ObjectStartBitmap {
     return kReservedForBitmap * kBitsPerCell;
   }
 
-  explicit inline ObjectStartBitmap(Address offset);
+  inline ObjectStartBitmap();
 
   // Finds an object header based on a
   // address_maybe_pointing_to_the_middle_of_object. Will search for an object
@@ -87,7 +88,6 @@ class V8_EXPORT_PRIVATE ObjectStartBitmap {
 
   inline void ObjectStartIndexAndBit(ConstAddress, size_t*, size_t*) const;
 
-  const Address offset_;
   // `fully_populated_` is used to denote that the bitmap is populated with all
   // currently allocated objects on the page and is in a consistent state. It is
   // used to guard against using the bitmap for finding headers during
@@ -104,7 +104,7 @@ class V8_EXPORT_PRIVATE ObjectStartBitmap {
   std::array<uint8_t, kReservedForBitmap> object_start_bit_map_;
 };
 
-ObjectStartBitmap::ObjectStartBitmap(Address offset) : offset_(offset) {
+ObjectStartBitmap::ObjectStartBitmap() {
   Clear();
   MarkAsFullyPopulated();
 }
@@ -113,9 +113,13 @@ template <AccessMode mode>
 HeapObjectHeader* ObjectStartBitmap::FindHeader(
     ConstAddress address_maybe_pointing_to_the_middle_of_object) const {
   DCHECK(fully_populated_);
-  DCHECK_LE(offset_, address_maybe_pointing_to_the_middle_of_object);
-  size_t object_offset =
-      address_maybe_pointing_to_the_middle_of_object - offset_;
+  const size_t page_base = reinterpret_cast<uintptr_t>(
+                               address_maybe_pointing_to_the_middle_of_object) &
+                           kPageBaseMask;
+  DCHECK_EQ(page_base, reinterpret_cast<uintptr_t>(this) & kPageBaseMask);
+  size_t object_offset = reinterpret_cast<uintptr_t>(
+                             address_maybe_pointing_to_the_middle_of_object) &
+                         kPageOffsetMask;
   size_t object_start_number = object_offset / kAllocationGranularity;
   size_t cell_index = object_start_number / kBitsPerCell;
   DCHECK_GT(object_start_bit_map_.size(), cell_index);
@@ -129,7 +133,7 @@ HeapObjectHeader* ObjectStartBitmap::FindHeader(
   object_start_number =
       (cell_index * kBitsPerCell) + (kBitsPerCell - 1) - leading_zeroes;
   object_offset = object_start_number * kAllocationGranularity;
-  return reinterpret_cast<HeapObjectHeader*>(object_offset + offset_);
+  return reinterpret_cast<HeapObjectHeader*>(page_base + object_offset);
 }
 
 template <AccessMode mode>
@@ -178,7 +182,8 @@ uint8_t ObjectStartBitmap::load(size_t cell_index) const {
 void ObjectStartBitmap::ObjectStartIndexAndBit(ConstAddress header_address,
                                                size_t* cell_index,
                                                size_t* bit) const {
-  const size_t object_offset = header_address - offset_;
+  const size_t object_offset =
+      reinterpret_cast<size_t>(header_address) & kPageOffsetMask;
   DCHECK(!(object_offset & kAllocationMask));
   const size_t object_start_number = object_offset / kAllocationGranularity;
   *cell_index = object_start_number / kBitsPerCell;
@@ -188,6 +193,8 @@ void ObjectStartBitmap::ObjectStartIndexAndBit(ConstAddress header_address,
 
 template <typename Callback>
 inline void ObjectStartBitmap::Iterate(Callback callback) const {
+  const Address page_base = reinterpret_cast<Address>(
+      reinterpret_cast<uintptr_t>(this) & kPageBaseMask);
   for (size_t cell_index = 0; cell_index < kReservedForBitmap; cell_index++) {
     if (!object_start_bit_map_[cell_index]) continue;
 
@@ -197,7 +204,7 @@ inline void ObjectStartBitmap::Iterate(Callback callback) const {
       const size_t object_start_number =
           (cell_index * kBitsPerCell) + trailing_zeroes;
       const Address object_address =
-          offset_ + (kAllocationGranularity * object_start_number);
+          page_base + (kAllocationGranularity * object_start_number);
       callback(object_address);
       // Clear current object bit in temporary value to advance iteration.
       value &= ~(1 << (object_start_number & kCellMask));
@@ -220,8 +227,6 @@ void ObjectStartBitmap::Clear() {
 class V8_EXPORT_PRIVATE PlatformAwareObjectStartBitmap
     : public ObjectStartBitmap {
  public:
-  explicit inline PlatformAwareObjectStartBitmap(Address offset);
-
   template <AccessMode = AccessMode::kNonAtomic>
   inline void SetBit(ConstAddress);
   template <AccessMode = AccessMode::kNonAtomic>
@@ -232,9 +237,6 @@ class V8_EXPORT_PRIVATE PlatformAwareObjectStartBitmap
   static bool ShouldForceNonAtomic();
 };
 
-PlatformAwareObjectStartBitmap::PlatformAwareObjectStartBitmap(Address offset)
-    : ObjectStartBitmap(offset) {}
-
 // static
 template <AccessMode mode>
 bool PlatformAwareObjectStartBitmap::ShouldForceNonAtomic() {