Skip to content

deps: backport v8 commits useful for snapshot integration #33300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
joyeecheung wants to merge 3 commits into from
Closed

deps: backport v8 commits useful for snapshot integration #33300

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bc7cd3f
deps: V8: backport ea0719b8ed08
joyeecheung May 29, 2020
27e453a
deps: V8: backport bb9f0c2b2fe9
joyeecheung May 29, 2020
10ddf6a
deps: V8: backport 22014de00115
joyeecheung May 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
deps: V8: backport ea0719b8ed08 
Original commit message:

    [snapshot] Do not defer ArrayBuffers during snapshotting

    ArrayBuffer instances are serialized by first re-assigning a index
    to the backing store field, then serializing the object, and then
    storing the actual backing store address again (and the same for the
    ArrayBufferExtension). If serialization of the object itself is deferred,
    the real backing store address is written into the snapshot, which cannot be
    processed when deserializing, leading to a crash.

    This fixes this by not deferring ArrayBuffer serialization and adding a DCHECK
    for the crash that previously occurred.

    Change-Id: Id9bea8268061bd0770cde7bfeb6695248978f994
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144123
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Dan Elphick <delphick@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#67114}

Refs: v8/v8@ea0719b
  • Loading branch information
@joyeecheung
joyeecheung committed May 29, 2020
commit bc7cd3fef55ee44c8c1b7781906b1489e1766ff6
2 changes: 1 addition & 1 deletion common.gypi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.14',
'v8_embedder_string': '-node.15',

##### V8 defaults for Node.js #####

Expand Down
1 change: 1 addition & 0 deletions deps/v8/src/snapshot/deserializer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
}

std::shared_ptr<BackingStore> backing_store(size_t i) {
DCHECK_LT(i, backing_stores_.size());
return backing_stores_[i];
}

Expand Down
9 changes: 8 additions & 1 deletion deps/v8/src/snapshot/serializer-common.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,14 @@ void SerializerDeserializer::Iterate(Isolate* isolate, RootVisitor* visitor) {
}

bool SerializerDeserializer::CanBeDeferred(HeapObject o) {
return !o.IsString() && !o.IsScript() && !o.IsJSTypedArray();
// ArrayBuffer instances are serialized by first re-assigning a index
// to the backing store field, then serializing the object, and then
// storing the actual backing store address again (and the same for the
// ArrayBufferExtension). If serialization of the object itself is deferred,
// the real backing store address is written into the snapshot, which cannot
// be processed when deserializing.
return !o.IsString() && !o.IsScript() && !o.IsJSTypedArray() &&
!o.IsJSArrayBuffer();
}

void SerializerDeserializer::RestoreExternalReferenceRedirectors(
Expand Down