chore: cherry-pick fix for 1228036 from v8 (#30639)

* chore: cherry-pick fix for 1228036 from v8 * chore: update patches Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
2026-04-10 03:01:51 -04:00 · 2021-08-30 21:26:58 +09:00
parent e5935eaff9
commit dcb311d5c9
2 changed files with 41 additions and 0 deletions
--- a/patches/v8/.patches
+++ b/patches/v8/.patches
@@ -9,4 +9,5 @@ fix_build_deprecated_attirbute_for_older_msvc_versions.patch
 cherry-pick-e38d55313ad9.patch
 cherry-pick-1234770.patch
 cherry-pick-1231950.patch
+cherry-pick-1228036.patch
 cherry-pick-1234764.patch
--- a/patches/v8/cherry-pick-1228036.patch
+++ b/patches/v8/cherry-pick-1228036.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Georg Neis <neis@chromium.org>
+Date: Mon, 26 Jul 2021 16:40:39 +0200
+Subject: Finish concurrent sweeping before overwriting ByteArrays
+
+Bug: chromium:1228036
+Change-Id: I5abe7009920d2c8f81f024c9ae7bb6b13607da1a
+Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054119
+Commit-Queue: Georg Neis <neis@chromium.org>
+Reviewed-by: Hannes Payer <hpayer@chromium.org>
+
+diff --git a/src/deoptimizer/translated-state.cc b/src/deoptimizer/translated-state.cc
+index 02c473d22b18a0a4c288e655afdb73340a0d0ffc..b5378a553a49e41c96713cf3f2ed901f7cfe4626 100644
+--- a/src/deoptimizer/translated-state.cc
+++ b/src/deoptimizer/translated-state.cc
+@@ -514,6 +514,12 @@ Handle<Object> TranslatedValue::GetValue() {
+     //    pass the verifier.
+     container_->EnsureObjectAllocatedAt(this);
+ 
+    // Finish any sweeping so that it becomes safe to overwrite the ByteArray
+    // headers.
+    // TODO(hpayer): Find a cleaner way to support a group of
+    // non-fully-initialized objects.
+    isolate()->heap()->mark_compact_collector()->EnsureSweepingCompleted();
+
+     // 2. Initialize the objects. If we have allocated only byte arrays
+     //    for some objects, we now overwrite the byte arrays with the
+     //    correct object fields. Note that this phase does not allocate
+@@ -1397,9 +1403,9 @@ TranslatedValue* TranslatedState::GetValueByObjectIndex(int object_index) {
+ }
+ 
+ Handle<HeapObject> TranslatedState::InitializeObjectAt(TranslatedValue* slot) {
+-  slot = ResolveCapturedObject(slot);
+-
+   DisallowGarbageCollection no_gc;
+
+  slot = ResolveCapturedObject(slot);
+   if (slot->materialization_state() != TranslatedValue::kFinished) {
+     std::stack<int> worklist;
+     worklist.push(slot->object_index());