-
Leszek Swirski authored
This reverts commit 1aa9ab73. The reverted CL chain had an issue where ThinStrings could accidentally end up in compilation artifacts, causing issues down the line with ICs that expected direct internalized strings. The reason for this bug was that forward references to internalized strings were resolved before PostProcessNewObject. When this happened, the internalized string A would be written to the field where it was previously deferred, then PostProcessNewObject would change string A to string A', and update string A to a ThinString. This means any _future_ back references to A would see the ThinString and follow it to receive A', but any _past_ forward references would keep pointing to the ThinString A. This reland fixes this by preventing InternalizedString deferral, so that all references to InternalizedStrings are back references. It also adds some additional verification to the heap verifier that constant pools and object boilerplate descriptors aren't allowed to hold thin strings. This patch also fixes an additional bug in the original CL, where weak forward refs weren't being serialized with a weak prefix. Original change's description: > Revert recent de/serializer related changes > > They are suspected to be causing Canary crashes, confirmed through > local reverts and repro attempts. > > This reverts: > - "Reland "[serializer] Change deferring to use forward refs"" > commit 76d684cc. > - "Reland "[serializer] Remove new space"" > commit 81231c23. > - "[serializer] Clean-up and de-macro ReadDataCase" > commit c06d24b9. > - "[serializer] DCHECK deserializer allocations are initialized" > commit fbc1f32d. > > Bug: chromium:1128872 > Change-Id: Id2bb3b8fac526fdf9ffb033222ae08cd423f8238 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414220 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69955} Tbr: jgruber@chromium.org,dinfuehr@chromium.org Bug: chromium:1075999 Bug: chromium:1127610 Bug: chromium:1128848 Bug: chromium:1128872 Bug: chromium:1128957 Change-Id: I8b7bbabf77eb8cb942a28316afbfaa5f9a0aa4cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418101 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69988}
695d9b64
