cppgc: Fix conservative stack handling

When objects are recorded for conservative handling and the GC is
finalized conservatively, with a different stack, we rely on
MarkNotFullyConstructedObjects(). In this method, the objects are
initially marked, only to be forwarded to handlers that try to mark
them again.

Bug: chromium:1056170
Change-Id: I942e7b0ec88aae08e3fe06b7cb3ff4a86dc42f36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744074
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73281}

src/heap/cppgc/marker.cc

@@ -509,9 +509,9 @@ void MarkerBase::MarkNotFullyConstructedObjects() {
       mutator_marking_state_.not_fully_constructed_worklist().Extract();
   for (HeapObjectHeader* object : objects) {
     DCHECK(object);
-    if (!mutator_marking_state_.MarkNoPush(*object)) continue;
-    // TraceConservativelyIfNeeded will either push to a worklist
-    // or trace conservatively and call AccountMarkedBytes.
+    // TraceConservativelyIfNeeded delegates to either in-construction or
+    // fully constructed handling. Both handlers have their own marked bytes
+    // accounting and markbit handling (bailout).
     conservative_visitor().TraceConservativelyIfNeeded(*object);
   }
 }