Fix segfault during GC #5900 (4.x)
Checklist
-
make -j4 test(UNIX) orvcbuild test nosign(Windows) passes -
the commit message follows commit guidelines
Affected core subsystem(s)
deps: v8
Description of change
These two patches comprise a fix for #5900 (closed) – a segfault during GC that can happen under rare circumstances. The interesting part is that the one of the fixes never landed upstream in V8 because the bug doesn't exist in any active V8 branches.
The segfault occurs at the intersection of the following three conditions that are dependent on the allocation pattern of an application: A pretenured (1) allocation site has to be optimized into a merged allocation by the allocation folding optimization (2) and there needs to be overflow of the store buffer (3).
This second patch disables the allocation folding optimization for pretenured allocations. This may have some, hopefully negligible, performance impact on real world applications.
This also needs to be fixed in v5.x; but I'm not sure how much runway is left on that branch and whether it would give us sufficient feedback. Regardless, I think an independent determination can be made whether this is worth fixing on v4.x in the first place (given than the scenario is rare).
R=@nodejs/lts /cc @nodejs/v8