[snapshot] Ensure EphemeronHashTables sufficiently initialised

... when deserializing.

EphemeronHashTables require valid HeapObject keys, however
EphemeronHashTables are filled with Smi::uninitialized_deserialization_value
when deserializing. We could fill EphemeronHashTable's elements
with "the initial filler" which is undefined value to make sure
the elements are valid.

Bug: v8:13232
Change-Id: I268cdbd4303fbe9afa2f9a5d8aafcace397c8164
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864185
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82808}

src/snapshot/deserializer.cc

@@ -638,6 +638,14 @@ Handle<HeapObject> Deserializer<IsolateT>::ReadObject(SnapshotSpace space) {
   // break when making them older.
   if (raw_obj.IsBytecodeArray(isolate())) {
     BytecodeArray::cast(raw_obj).set_bytecode_age(0);
+  } else if (raw_obj.IsEphemeronHashTable()) {
+    // Make sure EphemeronHashTables have valid HeapObject keys, so that the
+    // marker does not break when marking EphemeronHashTable, see
+    // MarkingVisitorBase::VisitEphemeronHashTable.
+    EphemeronHashTable table = EphemeronHashTable::cast(raw_obj);
+    MemsetTagged(table.RawField(table.kElementsStartOffset),
+                 ReadOnlyRoots(isolate()).undefined_value(),
+                 (size_in_bytes - table.kElementsStartOffset) / kTaggedSize);
   }
 
 #ifdef DEBUG