[d8] Disable incremental marking in stress-snapshot mode

The stress-snapshot mode clears bytecode arrays from shared function
infos which the MarkCompactCollector later tries to access. The
simplest fix here is to disable incremental marking in this
specialized testing mode.

Bug: v8:10882
Change-Id: Ie0b5fc4c6411f0768b4e76d21fbd225dc56aab6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409277
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69866}

src/d8/d8.cc

@@ -3253,6 +3253,18 @@ bool Shell::SetOptions(int argc, char* argv[]) {
       argv[i] = nullptr;
     } else if (strcmp(argv[i], "--stress-snapshot") == 0) {
       options.stress_snapshot = true;
+      // Incremental marking is incompatible with the stress_snapshot mode;
+      // specifically, serialization may clear bytecode arrays from shared
+      // function infos which the MarkCompactCollector (running concurrently)
+      // may still need. See also https://crbug.com/v8/10882.
+      //
+      // We thus force the implication
+      //
+      //   --stress-snapshot ~~> --no-incremental-marking
+      //
+      // Note: This is not an issue in production because we don't clear SFI's
+      // there (that only happens in mksnapshot and in --stress-snapshot mode).
+      i::FLAG_incremental_marking = false;
       argv[i] = nullptr;
     } else if (strcmp(argv[i], "--nostress-snapshot") == 0 ||
                strcmp(argv[i], "--no-stress-snapshot") == 0) {