[snapshot] fix next chunk logic.

If the first object in the space already exceeds the target chunk size,
we would leave the first chunk empty. That violates some assumptions
later when we allocate for deserialization.

R=hpayer@chromium.org, jgruber@chromium.org
TBR=hpayer@chromium.org

Bug: v8:7887
Change-Id: Iee8147fe1205bb6b1c893d48acde1099b5032a14
Reviewed-on: https://chromium-review.googlesource.com/1126763Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54235}

src/heap/heap.cc

@@ -1588,7 +1588,10 @@ bool Heap::ReserveSpace(Reservation* reservations, std::vector<Address>* maps) {
          space < SerializerDeserializer::kNumberOfSpaces; space++) {
       Reservation* reservation = &reservations[space];
       DCHECK_LE(1, reservation->size());
-      if (reservation->at(0).size == 0) continue;
+      if (reservation->at(0).size == 0) {
+        DCHECK_EQ(1, reservation->size());
+        continue;
+      }
       bool perform_gc = false;
       if (space == MAP_SPACE) {
         // We allocate each map individually to avoid fragmentation.

src/snapshot/default-serializer-allocator.cc

@@ -47,7 +47,7 @@ SerializerReference DefaultSerializerAllocator::Allocate(AllocationSpace space,
   uint32_t new_chunk_size = old_chunk_size + size;
   // Start a new chunk if the new size exceeds the target chunk size.
   // We may exceed the target chunk size if the single object size does.
-  if (new_chunk_size > TargetChunkSize(space)) {
+  if (new_chunk_size > TargetChunkSize(space) && old_chunk_size != 0) {
     serializer_->PutNextChunk(space);
     completed_chunks_[space].push_back(pending_chunk_[space]);
     pending_chunk_[space] = 0;

test/cctest/test-serialize.cc

@@ -323,6 +323,13 @@ UNINITIALIZED_TEST(StartupSerializerOnce) {
   TestStartupSerializerOnceImpl();
 }
 
+UNINITIALIZED_TEST(StartupSerializerOnce1) {
+  DisableLazyDeserialization();
+  DisableAlwaysOpt();
+  FLAG_serialization_chunk_size = 1;
+  TestStartupSerializerOnceImpl();
+}
+
 UNINITIALIZED_TEST(StartupSerializerOnce32) {
   DisableLazyDeserialization();
   DisableAlwaysOpt();
@@ -1382,7 +1389,7 @@ static Handle<SharedFunctionInfo> CompileScriptAndProduceCache(
   return sfi;
 }
 
-TEST(CodeSerializerOnePlusOne) {
+void TestCodeSerializerOnePlusOneImpl() {
   LocalContext context;
   Isolate* isolate = CcTest::i_isolate();
   isolate->compilation_cache()->Disable();  // Disable same-isolate code cache.
@@ -1431,6 +1438,23 @@ TEST(CodeSerializerOnePlusOne) {
   delete cache;
 }
 
+TEST(CodeSerializerOnePlusOne) { TestCodeSerializerOnePlusOneImpl(); }
+
+TEST(CodeSerializerOnePlusOne1) {
+  FLAG_serialization_chunk_size = 1;
+  TestCodeSerializerOnePlusOneImpl();
+}
+
+TEST(CodeSerializerOnePlusOne32) {
+  FLAG_serialization_chunk_size = 32;
+  TestCodeSerializerOnePlusOneImpl();
+}
+
+TEST(CodeSerializerOnePlusOne4K) {
+  FLAG_serialization_chunk_size = 4 * KB;
+  TestCodeSerializerOnePlusOneImpl();
+}
+
 TEST(CodeSerializerPromotedToCompilationCache) {
   LocalContext context;
   Isolate* isolate = CcTest::i_isolate();