From c8e15cd2c68ae8783ca16744393c49dc47952133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Thu, 12 Nov 2020 07:39:19 +0100 Subject: [PATCH] deps: V8: cherry-pick 821fb3883a8e Original commit message: [serializer] avoid deferring objects with embedder fields JS objects with embedder fields cannot be deferred because the serialize/deserialize callbacks need the back reference immediately to identify the object. Refs: https://github.com/nodejs/node-v8/issues/175 Bug: v8:11146 Change-Id: I4292f2ab0041f7b0779620437ed26905c194cd9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531195 Reviewed-by: Jakob Gruber Commit-Queue: Joyee Cheung Cr-Commit-Position: refs/heads/master@{#71134} Refs: https://github.com/v8/v8/commit/821fb3883a8e388bc125d5e38fad701b4fb163f2 PR-URL: https://github.com/nodejs/node/pull/35700 Reviewed-By: Rich Trott Reviewed-By: Colin Ihrig Reviewed-By: Joyee Cheung Reviewed-By: Matteo Collina Reviewed-By: Jiawen Geng Reviewed-By: Shelley Vohr --- common.gypi | 2 +- deps/v8/src/snapshot/serializer-deserializer.cc | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/common.gypi b/common.gypi index ba6b791a6ccf82..c19346bffad434 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.9', + 'v8_embedder_string': '-node.10', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/snapshot/serializer-deserializer.cc b/deps/v8/src/snapshot/serializer-deserializer.cc index afa41e7d03b9b3..0deaaa845fe59c 100644 --- a/deps/v8/src/snapshot/serializer-deserializer.cc +++ b/deps/v8/src/snapshot/serializer-deserializer.cc @@ -30,13 +30,18 @@ void SerializerDeserializer::Iterate(Isolate* isolate, RootVisitor* visitor) { } bool SerializerDeserializer::CanBeDeferred(HeapObject o) { - // Maps cannot be deferred as objects are expected to have a valid map - // immediately. Internalized strings cannot be deferred as they might be + // 1. Maps cannot be deferred as objects are expected to have a valid map + // immediately. + // 2. Internalized strings cannot be deferred as they might be // converted to thin strings during post processing, at which point forward // references to the now-thin string will already have been written. + // 3. JS objects with embedder fields cannot be deferred because the + // serialize/deserialize callbacks need the back reference immediately to + // identify the object. // TODO(leszeks): Could we defer string serialization if forward references // were resolved after object post processing? - return !o.IsMap() && !o.IsInternalizedString(); + return !o.IsMap() && !o.IsInternalizedString() && + !(o.IsJSObject() && JSObject::cast(o).GetEmbedderFieldCount() > 0); } void SerializerDeserializer::RestoreExternalReferenceRedirector(