deps: V8: cherry-pick 81181a8ad80a

thomasmichaelwallace · richardlau · commit 4213e97d268d · 2021-07-20T07:11:14.000-04:00
Original commit message: [JSON] Fix GC issue in BuildJsonObject We must ensure that the sweeper is not running or has already swept mutable_double_buffer. Otherwise the GC can add it to the free list. Bug: v8:11837 Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#74859} Refs: v8/v8@81181a8 PR-URL: #39187 Fixes: #37553 Refs: v8/v8@81181a8 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
diff --git a/common.gypi b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.72',
+    'v8_embedder_string': '-node.73',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/heap/heap.cc b/deps/v8/src/heap/heap.cc
@@ -3347,6 +3347,10 @@ void Heap::MakeHeapIterable() {
   mark_compact_collector()->EnsureSweepingCompleted();
 }
 
+void Heap::EnsureSweepingCompleted() {
+  mark_compact_collector()->EnsureSweepingCompleted();
+}
+
 namespace {
 
 double ComputeMutatorUtilizationImpl(double mutator_speed, double gc_speed) {
diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
@@ -1001,6 +1001,8 @@ class Heap {
       Reservation* reservations, const std::vector<HeapObject>& large_objects,
       const std::vector<Address>& maps);
 
+  void EnsureSweepingCompleted();
+
   IncrementalMarking* incremental_marking() {
     return incremental_marking_.get();
   }
diff --git a/deps/v8/src/json/json-parser.cc b/deps/v8/src/json/json-parser.cc
@@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject(
         DCHECK_EQ(mutable_double_address, end);
       }
 #endif
+      // Before setting the length of mutable_double_buffer back to zero, we
+      // must ensure that the sweeper is not running or has already swept the
+      // object's page. Otherwise the GC can add the contents of
+      // mutable_double_buffer to the free list.
+      isolate()->heap()->EnsureSweepingCompleted();
       mutable_double_buffer->set_length(0);
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -3347,6 +3347,10 @@ void Heap::MakeHeapIterable() {`
`3347`	`3347`	`mark_compact_collector()->EnsureSweepingCompleted();`
`3348`	`3348`	`}`
`3349`	`3349`
	`3350`	`+void Heap::EnsureSweepingCompleted() {`
	`3351`	`+ mark_compact_collector()->EnsureSweepingCompleted();`
	`3352`	`+}`
	`3353`	`+`
`3350`	`3354`	`namespace {`
`3351`	`3355`
`3352`	`3356`	`double ComputeMutatorUtilizationImpl(double mutator_speed, double gc_speed) {`
Original file line number	Diff line number	Diff line change
`@@ -1001,6 +1001,8 @@ class Heap {`
`1001`	`1001`	`Reservation* reservations, const std::vector<HeapObject>& large_objects,`
`1002`	`1002`	`const std::vector<Address>& maps);`
`1003`	`1003`
	`1004`	`+ void EnsureSweepingCompleted();`
	`1005`	`+`
`1004`	`1006`	`IncrementalMarking* incremental_marking() {`
`1005`	`1007`	`return incremental_marking_.get();`
`1006`	`1008`	`}`
Original file line number	Diff line number	Diff line change
`@@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject(`
`633`	`633`	`DCHECK_EQ(mutable_double_address, end);`
`634`	`634`	`}`
`635`	`635`	`#endif`
	`636`	`+ // Before setting the length of mutable_double_buffer back to zero, we`
	`637`	`+ // must ensure that the sweeper is not running or has already swept the`
	`638`	`+ // object's page. Otherwise the GC can add the contents of`
	`639`	`+ // mutable_double_buffer to the free list.`
	`640`	`+ isolate()->heap()->EnsureSweepingCompleted();`
`636`	`641`	`mutable_double_buffer->set_length(0);`
`637`	`642`	`}`
`638`	`643`	`}`