v8: backport 22116dd6c884c026225e56dd8e442a660193e729
This is a backport for v8 commit 22116dd6 which fixes v8 issue #7857. The issue does not affect core nodejs but does affect my native npm module isolated-vm. Essentially v8 will segfault if you try to create a startup snapshot of an isolate that contains a closure.
The snapshot crash as it pertains to isolated-vm was originally reported on superfly/fly#101.
The bug was introduced in v8 commit 6bd1d3c2, landed in v8 version 6.7.247, which made its way onto nodejs v10.2.0.
The fix landed in v8 version 6.9.186 will probably never see the light of day on the v10x branch of nodejs, which leads me to this PR :)
The patch applied cleanly with no conflicts.
Refs: https://github.com/v8/v8/commit/22116dd6c884c026225e56dd8e442a660193e729
Original commit message:
[snapshot] fix resetting function code.
Unconditionally setting the JSFunction code to that of the SFI
may skip initializing the feedback vector.
R=leszeks@chromium.org
Bug: v8:7857
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809
Reviewed-on: https://chromium-review.googlesource.com/1107618
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53881}Checklist
-
make -j4 test(UNIX), orvcbuild test(Windows) passes -
commit message follows commit guidelines