src · ea0719b8ed087d1f511e78595dcb596faa7638d0 · Linshizhi / V8

[snapshot] Do not defer ArrayBuffers during snapshotting · ea0719b8

Anna Henningsen authored Apr 14, 2020

ArrayBuffer instances are serialized by first re-assigning a index
to the backing store field, then serializing the object, and then
storing the actual backing store address again (and the same for the
ArrayBufferExtension). If serialization of the object itself is deferred,
the real backing store address is written into the snapshot, which cannot be
processed when deserializing, leading to a crash.

This fixes this by not deferring ArrayBuffer serialization and adding a DCHECK
for the crash that previously occurred.

Change-Id: Id9bea8268061bd0770cde7bfeb6695248978f994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144123
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67114}

ea0719b8

Name	Last commit	Last update
..
api		Loading commit data...
asmjs		Loading commit data...
ast		Loading commit data...
base		Loading commit data...
builtins		Loading commit data...
codegen		Loading commit data...
common		Loading commit data...
compiler		Loading commit data...
compiler-dispatcher		Loading commit data...
d8		Loading commit data...
date		Loading commit data...
debug		Loading commit data...
deoptimizer		Loading commit data...
diagnostics		Loading commit data...
execution		Loading commit data...
extensions		Loading commit data...
flags		Loading commit data...
handles		Loading commit data...
heap		Loading commit data...
ic		Loading commit data...
init		Loading commit data...
inspector		Loading commit data...
interpreter		Loading commit data...
json		Loading commit data...
libplatform		Loading commit data...
libsampler		Loading commit data...
logging		Loading commit data...
numbers		Loading commit data...
objects		Loading commit data...
parsing		Loading commit data...
profiler		Loading commit data...
protobuf		Loading commit data...
regexp		Loading commit data...
roots		Loading commit data...
runtime		Loading commit data...
sanitizer		Loading commit data...
snapshot		Loading commit data...
strings		Loading commit data...
tasks		Loading commit data...
third_party		Loading commit data...
torque		Loading commit data...
tracing		Loading commit data...
trap-handler		Loading commit data...
utils		Loading commit data...
wasm		Loading commit data...
zone		Loading commit data...
DEPS		Loading commit data...
OWNERS		Loading commit data...