Revert "Delay setting up deserialized JSArrayBuffer"

This reverts commit 83786cb4.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/2037

Original change's description:
> Delay setting up deserialized JSArrayBuffer
> 
> Setting up JSArrayBuffer may trigger GC. Delay this until we
> are done with deserialization.
> 
> R=​ulan@chromium.org
> 
> Bug: chromium:1033395
> Change-Id: I6c79bc47421bc2662dc1906534fc8e820c351ced
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1965580
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65441}

TBR=ulan@chromium.org,yangguo@chromium.org,petermarshall@chromium.org

Change-Id: I77b8ae836e9003eaaccef440dfaf3ae840c112cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1033395
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967327Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65450}

include/v8.h

@@ -9337,7 +9337,6 @@ class V8_EXPORT Isolate {
   internal::Address* GetDataFromSnapshotOnce(size_t index);
   void ReportExternalAllocationLimitReached();
   void CheckMemoryPressure();
-  void CheckGarbageCollectionIsAllowed();
 };
 
 class V8_EXPORT StartupData {
@@ -11744,9 +11743,6 @@ MaybeLocal<T> Isolate::GetDataFromSnapshotOnce(size_t index) {
 
 int64_t Isolate::AdjustAmountOfExternalAllocatedMemory(
     int64_t change_in_bytes) {
-#ifdef V8_ENABLE_CHECKS
-  CheckGarbageCollectionIsAllowed();
-#endif
   typedef internal::Internals I;
   constexpr int64_t kMemoryReducerActivationLimit = 32 * 1024 * 1024;
   int64_t* external_memory = reinterpret_cast<int64_t*>(

src/api/api.cc

@@ -8067,10 +8067,6 @@ void Isolate::CheckMemoryPressure() {
   heap->CheckMemoryPressure();
 }
 
-void Isolate::CheckGarbageCollectionIsAllowed() {
-  DCHECK(i::AllowHeapAllocation::IsAllowed());
-}
-
 HeapProfiler* Isolate::GetHeapProfiler() {
   i::HeapProfiler* heap_profiler =
       reinterpret_cast<i::Isolate*>(this)->heap_profiler();

src/snapshot/deserializer.cc

@@ -274,16 +274,9 @@ HeapObject Deserializer::PostProcessNewObject(HeapObject obj,
   } else if (obj.IsJSDataView()) {
     JSDataView data_view = JSDataView::cast(obj);
     JSArrayBuffer buffer = JSArrayBuffer::cast(data_view.buffer());
-    void* backing_store = nullptr;
-    if (buffer.backing_store() != nullptr) {
-      // The backing store of the JSArrayBuffer has not been correctly restored
-      // yet, as that may trigger GC. The backing_store field currently contains
-      // a numbered reference to an already deserialized backing store.
-      size_t store_index = reinterpret_cast<size_t>(buffer.backing_store());
-      backing_store = backing_stores_[store_index]->buffer_start();
-    }
-    data_view.set_data_pointer(reinterpret_cast<uint8_t*>(backing_store) +
-                               data_view.byte_offset());
+    data_view.set_data_pointer(
+        reinterpret_cast<uint8_t*>(buffer.backing_store()) +
+        data_view.byte_offset());
   } else if (obj.IsJSTypedArray()) {
     JSTypedArray typed_array = JSTypedArray::cast(obj);
     // Fixup typed array pointers.
@@ -301,9 +294,15 @@ HeapObject Deserializer::PostProcessNewObject(HeapObject obj,
     }
   } else if (obj.IsJSArrayBuffer()) {
     JSArrayBuffer buffer = JSArrayBuffer::cast(obj);
-    // Only fixup for the off-heap case. This may trigger GC.
+    // Only fixup for the off-heap case.
     if (buffer.backing_store() != nullptr) {
-      new_off_heap_array_buffers_.push_back(handle(buffer, isolate_));
+      // Serializer writes backing store ref in |backing_store| field.
+      size_t store_index = reinterpret_cast<size_t>(buffer.backing_store());
+      auto backing_store = backing_stores_[store_index];
+      SharedFlag shared = backing_store && backing_store->is_shared()
+                              ? SharedFlag::kShared
+                              : SharedFlag::kNotShared;
+      buffer.Setup(shared, backing_store);
     }
   } else if (obj.IsBytecodeArray()) {
     // TODO(mythria): Remove these once we store the default values for these

src/snapshot/deserializer.h

@@ -76,10 +76,6 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
     attached_objects_.push_back(attached_object);
   }
 
-  void CheckNoArrayBufferBackingStores() {
-    CHECK_EQ(new_off_heap_array_buffers().size(), 0);
-  }
-
   Isolate* isolate() const { return isolate_; }
   SnapshotByteSource* source() { return &source_; }
   const std::vector<AllocationSite>& new_allocation_sites() const {
@@ -102,14 +98,6 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
     return new_scripts_;
   }
 
-  const std::vector<Handle<JSArrayBuffer>>& new_off_heap_array_buffers() const {
-    return new_off_heap_array_buffers_;
-  }
-
-  std::shared_ptr<BackingStore> backing_store(size_t i) {
-    return backing_stores_[i];
-  }
-
   DeserializerAllocator* allocator() { return &allocator_; }
   bool deserializing_user_code() const { return deserializing_user_code_; }
   bool can_rehash() const { return can_rehash_; }
@@ -184,7 +172,6 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
   std::vector<CallHandlerInfo> call_handler_infos_;
   std::vector<Handle<String>> new_internalized_strings_;
   std::vector<Handle<Script>> new_scripts_;
-  std::vector<Handle<JSArrayBuffer>> new_off_heap_array_buffers_;
   std::vector<std::shared_ptr<BackingStore>> backing_stores_;
 
   DeserializerAllocator allocator_;

src/snapshot/object-deserializer.cc

@@ -90,15 +90,6 @@ void ObjectDeserializer::CommitPostProcessedObjects() {
                                    MaybeObjectHandle::Weak(script));
     heap->SetRootScriptList(*list);
   }
-
-  for (Handle<JSArrayBuffer> buffer : new_off_heap_array_buffers()) {
-    // Serializer writes backing store ref in |backing_store| field.
-    size_t store_index = reinterpret_cast<size_t>(buffer->backing_store());
-    auto bs = backing_store(store_index);
-    SharedFlag shared =
-        bs && bs->is_shared() ? SharedFlag::kShared : SharedFlag::kNotShared;
-    buffer->Setup(shared, bs);
-  }
 }
 
 void ObjectDeserializer::LinkAllocationSites() {

src/snapshot/partial-deserializer.cc

@@ -37,46 +37,27 @@ MaybeHandle<Object> PartialDeserializer::Deserialize(
 
   AddAttachedObject(global_proxy);
 
-  Handle<Object> result;
-  {
-    DisallowHeapAllocation no_gc;
-    // Keep track of the code space start and end pointers in case new
-    // code objects were unserialized
-    CodeSpace* code_space = isolate->heap()->code_space();
-    Address start_address = code_space->top();
-    Object root;
-    VisitRootPointer(Root::kPartialSnapshotCache, nullptr,
-                     FullObjectSlot(&root));
-    DeserializeDeferredObjects();
-    DeserializeEmbedderFields(embedder_fields_deserializer);
-
-    allocator()->RegisterDeserializedObjectsForBlackAllocation();
-
-    // There's no code deserialized here. If this assert fires then that's
-    // changed and logging should be added to notify the profiler et al of the
-    // new code, which also has to be flushed from instruction cache.
-    CHECK_EQ(start_address, code_space->top());
-
-    if (FLAG_rehash_snapshot && can_rehash()) Rehash();
-    LogNewMapEvents();
-
-    result = handle(root, isolate);
-  }
-
-  SetupOffHeapArrayBufferBackingStores();
-
-  return result;
-}
-
-void PartialDeserializer::SetupOffHeapArrayBufferBackingStores() {
-  for (Handle<JSArrayBuffer> buffer : new_off_heap_array_buffers()) {
-    // Serializer writes backing store ref in |backing_store| field.
-    size_t store_index = reinterpret_cast<size_t>(buffer->backing_store());
-    auto bs = backing_store(store_index);
-    SharedFlag shared =
-        bs && bs->is_shared() ? SharedFlag::kShared : SharedFlag::kNotShared;
-    buffer->Setup(shared, bs);
-  }
+  DisallowHeapAllocation no_gc;
+  // Keep track of the code space start and end pointers in case new
+  // code objects were unserialized
+  CodeSpace* code_space = isolate->heap()->code_space();
+  Address start_address = code_space->top();
+  Object root;
+  VisitRootPointer(Root::kPartialSnapshotCache, nullptr, FullObjectSlot(&root));
+  DeserializeDeferredObjects();
+  DeserializeEmbedderFields(embedder_fields_deserializer);
+
+  allocator()->RegisterDeserializedObjectsForBlackAllocation();
+
+  // There's no code deserialized here. If this assert fires then that's
+  // changed and logging should be added to notify the profiler et al of the
+  // new code, which also has to be flushed from instruction cache.
+  CHECK_EQ(start_address, code_space->top());
+
+  if (FLAG_rehash_snapshot && can_rehash()) Rehash();
+  LogNewMapEvents();
+
+  return Handle<Object>(root, isolate);
 }
 
 void PartialDeserializer::DeserializeEmbedderFields(

src/snapshot/partial-deserializer.h

@@ -33,8 +33,6 @@ class V8_EXPORT_PRIVATE PartialDeserializer final : public Deserializer {
 
   void DeserializeEmbedderFields(
       v8::DeserializeEmbedderFieldsCallback embedder_fields_deserializer);
-
-  void SetupOffHeapArrayBufferBackingStores();
 };
 
 }  // namespace internal

src/snapshot/read-only-deserializer.cc

@@ -51,7 +51,6 @@ void ReadOnlyDeserializer::DeserializeInto(Isolate* isolate) {
       if (object->IsUndefined(roots)) break;
     }
     DeserializeDeferredObjects();
-    CheckNoArrayBufferBackingStores();
   }
 
   if (FLAG_rehash_snapshot && can_rehash()) {

src/snapshot/startup-deserializer.cc

@@ -44,8 +44,6 @@ void StartupDeserializer::DeserializeInto(Isolate* isolate) {
     FlushICache();
   }
 
-  CheckNoArrayBufferBackingStores();
-
   isolate->heap()->set_native_contexts_list(
       ReadOnlyRoots(isolate).undefined_value());
   // The allocation site list is build during root iteration, but if no sites