[web snapshot] Fix GC issues when deserializing functions

This CL fixes WebSnapshotDeserializer::DeserializeFunctions(), so that the new Script is created after both the SharedFunctionInfoTable and SharedFunctionInfo are allocated. Also, this CL re-enables mjsunit tests for web snapshots (disabled in https://chromium-review.googlesource.com/c/v8/v8/+/2931806). Bug: v8:11842, v8:11525, v8:11706 Change-Id: I13503eab3fa70b128ba1faae75eed62b6c5bb636 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933145Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Vicky Kontoura <vkont@google.com> Cr-Commit-Position: refs/heads/master@{#74923}

[web snapshot] Fix GC issues when deserializing functions
This CL fixes WebSnapshotDeserializer::DeserializeFunctions(), so that the new Script is created after both the SharedFunctionInfoTable and SharedFunctionInfo are allocated. Also, this CL re-enables mjsunit tests for web snapshots (disabled in https://chromium-review.googlesource.com/c/v8/v8/+/2931806). Bug: v8:11842, v8:11525, v8:11706 Change-Id: I13503eab3fa70b128ba1faae75eed62b6c5bb636 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933145Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Vicky Kontoura <vkont@google.com> Cr-Commit-Position: refs/heads/master@{#74923}
f7945e53 · Vicky Kontoura · V8 LUCI CQ · 81dd3f42 · f7945e53 · f7945e53
Commit f7945e53 authored Jun 02, 2021 by Vicky Kontoura Committed by V8 LUCI CQ Jun 02, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 8 deletions

web-snapshot.cc src/web-snapshot/web-snapshot.cc +5 -5

mjsunit.status test/mjsunit/mjsunit.status +0 -3

No files found.
--- a/src/web-snapshot/web-snapshot.cc
+++ b/src/web-snapshot/web-snapshot.cc
@@ -725,17 +725,18 @@ void WebSnapshotDeserializer::DeserializeFunctions() {
  STATIC_ASSERT(kMaxItemCount + 1 <= FixedArray::kMaxLength);
  functions_ = isolate_->factory()->NewFixedArray(function_count_);

-  Handle<Script> script =
-      isolate_->factory()->NewScript(isolate_->factory()->empty_string());
-  script->set_type(Script::TYPE_WEB_SNAPSHOT);
  // Overallocate the array for SharedFunctionInfos; functions which we
  // deserialize soon will create more SharedFunctionInfos when called.
  Handle<WeakFixedArray> infos(isolate_->factory()->NewWeakFixedArray(
      WeakArrayList::CapacityForLength(function_count_ + 1),
      AllocationType::kOld));
-  script->set_shared_function_infos(*infos);
  Handle<ObjectHashTable> shared_function_info_table =
      ObjectHashTable::New(isolate_, function_count_);
+  Handle<Script> script =
+      isolate_->factory()->NewScript(isolate_->factory()->empty_string());
+  script->set_type(Script::TYPE_WEB_SNAPSHOT);
+  script->set_shared_function_infos(*infos);
+  script->set_shared_function_info_table(*shared_function_info_table);

  for (uint32_t i = 0; i < function_count_; ++i) {
    uint32_t context_id;
@@ -804,7 +805,6 @@ void WebSnapshotDeserializer::DeserializeFunctions() {
    }
    functions_->set(i, *function);
  }
-  script->set_shared_function_info_table(*shared_function_info_table);
 }

 void WebSnapshotDeserializer::DeserializeObjects() {

--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@@ -197,9 +197,6 @@
  'regress/regress-crbug-941743': [PASS, HEAVY],
  'regress/regress-crbug-1191886': [PASS, HEAVY],
  'wasm/externref-globals': [PASS, HEAVY],
-
-  # TODO(cbruni): Reenable once custom snapshot is fixed.
-  'web-snapshot/web-snapshot': [SKIP],
 }],  # ALWAYS

 ##############################################################################