From 15a51c8a855c1ee52629169eb998758132230f60 Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@igalia.com>
Date: Fri, 4 Oct 2024 13:50:01 +0200
Subject: [PATCH] Fix embarrassing bugs in write buffer fast path

Check edge address, not object address, and reverse the sense of the
check!
---
 api/gc-api.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/gc-api.h b/api/gc-api.h
index 2b3f9fcd6..2efd16ecd 100644
--- a/api/gc-api.h
+++ b/api/gc-api.h
@@ -237,14 +237,14 @@ static inline int gc_write_barrier_fast(struct gc_mutator *mut, struct gc_ref ob
     size_t fields_per_byte = gc_write_barrier_field_fields_per_byte();
     uint8_t first_bit_pattern = gc_write_barrier_field_first_bit_pattern();
 
-    uintptr_t addr = gc_ref_value(obj);
+    uintptr_t addr = gc_edge_address(edge);
     uintptr_t base = addr & ~(field_table_alignment - 1);
     uintptr_t field = (addr & (field_table_alignment - 1)) / sizeof(uintptr_t);
     uintptr_t log_byte = field / fields_per_byte;
     uint8_t log_bit = first_bit_pattern << (field % fields_per_byte);
     uint8_t *byte_loc = (uint8_t*)(base + log_byte);
     uint8_t byte = atomic_load_explicit(byte_loc, memory_order_relaxed);
-    return byte & log_bit;
+    return !(byte & log_bit);
   }
   case GC_WRITE_BARRIER_SLOW:
     return 1;