[serializer] Add support for AllocationSites without weak_next field

After https://chromium-review.googlesource.com/c/v8/v8/+/1101323 some
AllocationSites can have dropped weak_next field, but this doesn't suported in
serializer/deserializer.

This CL adds support for such AllocationSites.

Change-Id: Ibf495ae4effdf4e127892d906967d8e30eebfc87
Reviewed-on: https://chromium-review.googlesource.com/1183238
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55579}

src/snapshot/deserializer.cc

@@ -179,18 +179,11 @@ HeapObject* Deserializer<AllocatorT>::PostProcessNewObject(HeapObject* obj,
   }
 
   if (obj->IsAllocationSite()) {
-    // Allocation sites are present in the snapshot, and must be linked into
-    // a list at deserialization time.
-    AllocationSite* site = AllocationSite::cast(obj);
-    // TODO(mvstanton): consider treating the heap()->allocation_sites_list()
-    // as a (weak) root. If this root is relocated correctly, this becomes
-    // unnecessary.
-    if (isolate_->heap()->allocation_sites_list() == Smi::kZero) {
-      site->set_weak_next(ReadOnlyRoots(isolate_).undefined_value());
-    } else {
-      site->set_weak_next(isolate_->heap()->allocation_sites_list());
-    }
-    isolate_->heap()->set_allocation_sites_list(site);
+    // We should link new allocation sites, but we can't do this immediately
+    // because |AllocationSite::HasWeakNext()| internally accesses
+    // |Heap::roots_| that may not have been initialized yet. So defer this to
+    // |ObjectDeserializer::CommitPostProcessedObjects()|.
+    new_allocation_sites_.push_back(AllocationSite::cast(obj));
   } else if (obj->IsCode()) {
     // We flush all code pages after deserializing the startup snapshot. In that
     // case, we only need to remember code objects in the large object space.

src/snapshot/deserializer.h

@@ -15,6 +15,7 @@
 namespace v8 {
 namespace internal {
 
+class AllocationSite;
 class HeapObject;
 class Object;
 
@@ -71,6 +72,9 @@ class Deserializer : public SerializerDeserializer {
 
   Isolate* isolate() const { return isolate_; }
   SnapshotByteSource* source() { return &source_; }
+  const std::vector<AllocationSite*>& new_allocation_sites() const {
+    return new_allocation_sites_;
+  }
   const std::vector<Code*>& new_code_objects() const {
     return new_code_objects_;
   }
@@ -148,6 +152,7 @@ class Deserializer : public SerializerDeserializer {
 
   ExternalReferenceTable* external_reference_table_;
 
+  std::vector<AllocationSite*> new_allocation_sites_;
   std::vector<Code*> new_code_objects_;
   std::vector<AccessorInfo*> accessor_infos_;
   std::vector<CallHandlerInfo*> call_handler_infos_;

src/snapshot/object-deserializer.cc

@@ -90,6 +90,21 @@ void ObjectDeserializer::CommitPostProcessedObjects() {
                                    MaybeObjectHandle::Weak(script));
     heap->SetRootScriptList(*list);
   }
+
+  // Allocation sites are present in the snapshot, and must be linked into
+  // a list at deserialization time.
+  for (AllocationSite* site : new_allocation_sites()) {
+    if (!site->HasWeakNext()) continue;
+    // TODO(mvstanton): consider treating the heap()->allocation_sites_list()
+    // as a (weak) root. If this root is relocated correctly, this becomes
+    // unnecessary.
+    if (heap->allocation_sites_list() == Smi::kZero) {
+      site->set_weak_next(ReadOnlyRoots(heap).undefined_value());
+    } else {
+      site->set_weak_next(heap->allocation_sites_list());
+    }
+    heap->set_allocation_sites_list(site);
+  }
 }
 
 }  // namespace internal

src/snapshot/serializer.cc

@@ -581,7 +581,8 @@ class UnlinkWeakNextScope {
  public:
   explicit UnlinkWeakNextScope(Heap* heap, HeapObject* object)
       : object_(nullptr) {
-    if (object->IsAllocationSite()) {
+    if (object->IsAllocationSite() &&
+        AllocationSite::cast(object)->HasWeakNext()) {
       object_ = object;
       next_ = AllocationSite::cast(object)->weak_next();
       AllocationSite::cast(object)->set_weak_next(