[snapshot] Skip kNextChunk when deserializing builtins

kNextChunk handling in deserializer.cc relies on the reservation
mechanism, which is not used by builtin deserialization. To avoid
complications, we work around this for now by skipping over these
bytecodes.

This will soon become unnecessary once allocations & reservations have
been refactored.

Bug: v8:6624
Change-Id: I9e861268ee2b3f49fe7f3ed6c1e3501b4b47dc37
Reviewed-on: https://chromium-review.googlesource.com/655158Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47879}

src/snapshot/builtin-deserializer.cc

@@ -77,8 +77,7 @@ Code* BuiltinDeserializer::DeserializeBuiltin(int builtin_id) {
   DeserializingBuiltinScope scope(this, builtin_id);
 
   const int initial_position = source()->position();
-  const uint32_t offset = builtin_offsets_[builtin_id];
-  source()->set_position(offset);
+  SetPositionToBuiltin(builtin_id);
 
   Object* o = ReadDataSingle();
   DCHECK(o->IsCode() && Code::cast(o)->is_builtin());
@@ -89,10 +88,9 @@ Code* BuiltinDeserializer::DeserializeBuiltin(int builtin_id) {
   return Code::cast(o);
 }
 
-uint32_t BuiltinDeserializer::ExtractBuiltinSize(int builtin_id) {
+void BuiltinDeserializer::SetPositionToBuiltin(int builtin_id) {
   DCHECK(Builtins::IsBuiltinId(builtin_id));
 
-  const int initial_position = source()->position();
   const uint32_t offset = builtin_offsets_[builtin_id];
   source()->set_position(offset);
 
@@ -107,9 +105,21 @@ uint32_t BuiltinDeserializer::ExtractBuiltinSize(int builtin_id) {
   // the entire reservations mechanism is unused for the builtins snapshot.
   if (data == kNextChunk) {
     source()->Get();  // Skip over kNextChunk's {space} parameter.
-    data = source()->Get();
+  } else {
+    source()->set_position(offset);  // Rewind.
   }
+}
+
+uint32_t BuiltinDeserializer::ExtractBuiltinSize(int builtin_id) {
+  DCHECK(Builtins::IsBuiltinId(builtin_id));
+
+  const int initial_position = source()->position();
+
+  // Grab the size of the code object.
+  SetPositionToBuiltin(builtin_id);
+  byte data = source()->Get();
 
+  USE(data);
   DCHECK_EQ(kNewObject | kPlain | kStartOfObject | CODE_SPACE, data);
   const uint32_t result = source()->GetInt() << kObjectAlignmentBits;
 

src/snapshot/builtin-deserializer.h

@@ -40,6 +40,9 @@ class BuiltinDeserializer final : public Deserializer {
   void ReserveAndInitializeBuiltinsTableForBuiltin(int builtin_id);
 
  private:
+  // TODO(jgruber): Remove once allocations have been refactored.
+  void SetPositionToBuiltin(int builtin_id);
+
   // Extracts the size builtin Code objects (baked into the snapshot).
   uint32_t ExtractBuiltinSize(int builtin_id);