[rab/gsab] Fix ObjectSerializer

Without this fix, the byte length for GSABs is probably serialized
wrong. A failing test is omitted since it would be pretty involved
(currently this code path is only hit with --stress-snapshot).

Bug: v8:11111
Change-Id: If7df98263cec9f82766c2fa6ba095b98b53a6fde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657431Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80780}

src/d8/d8.cc

@@ -1482,8 +1482,6 @@ bool Shell::ExecuteWebSnapshot(Isolate* isolate, const char* file_name) {
   PerIsolateData* data = PerIsolateData::Get(isolate);
   Local<Context> realm = data->realms_[data->realm_current_].Get(isolate);
   Context::Scope context_scope(realm);
-  TryCatch try_catch(isolate);
-  bool success = false;
 
   std::string absolute_path = NormalizePath(file_name, GetWorkingDirectory());
 
@@ -1491,20 +1489,29 @@ bool Shell::ExecuteWebSnapshot(Isolate* isolate, const char* file_name) {
   std::unique_ptr<uint8_t[]> snapshot_data(
       reinterpret_cast<uint8_t*>(ReadChars(absolute_path.c_str(), &length)));
   if (length == 0) {
+    TryCatch try_catch(isolate);
     isolate->ThrowError("Could not read the web snapshot file");
+    CHECK(try_catch.HasCaught());
+    ReportException(isolate, &try_catch);
+    return false;
   } else {
     for (int r = 0; r < DeserializationRunCount(); ++r) {
       bool skip_exports = r > 0;
       i::WebSnapshotDeserializer deserializer(isolate, snapshot_data.get(),
                                               static_cast<size_t>(length));
-      success = deserializer.Deserialize({}, skip_exports);
+      if (!deserializer.Deserialize({}, skip_exports)) {
+        // d8 is calling into the internal APIs which won't do
+        // ReportPendingMessages in all error paths (it's supposed to be done at
+        // the API boundary). Call it here.
+        auto i_isolate = reinterpret_cast<i::Isolate*>(isolate);
+        if (i_isolate->has_pending_exception()) {
+          i_isolate->ReportPendingMessages();
+        }
+        return false;
+      }
     }
   }
-  if (!success) {
-    CHECK(try_catch.HasCaught());
-    ReportException(isolate, &try_catch);
-  }
-  return success;
+  return true;
 }
 
 // Treat every line as a JSON value and parse it.

src/snapshot/serializer.cc

@@ -513,13 +513,14 @@ void Serializer::ObjectSerializer::SerializeJSTypedArray() {
     if (typed_array.is_on_heap()) {
       typed_array.RemoveExternalPointerCompensationForSerialization(isolate());
     } else {
-      if (!typed_array.WasDetached()) {
+      if (!typed_array.IsDetachedOrOutOfBounds()) {
         // Explicitly serialize the backing store now.
         JSArrayBuffer buffer = JSArrayBuffer::cast(typed_array.buffer());
         // We cannot store byte_length or max_byte_length larger than int32
         // range in the snapshot.
-        CHECK_LE(buffer.byte_length(), std::numeric_limits<int32_t>::max());
-        int32_t byte_length = static_cast<int32_t>(buffer.byte_length());
+        size_t byte_length_size = buffer.GetByteLength();
+        CHECK_LE(byte_length_size, size_t{std::numeric_limits<int32_t>::max()});
+        int32_t byte_length = static_cast<int32_t>(byte_length_size);
         Maybe<int32_t> max_byte_length = Nothing<int32_t>();
         if (buffer.is_resizable()) {
           CHECK_LE(buffer.max_byte_length(),