Prevent stack overflow in the serializer/deserializer.

test/cctest/test-serialize.cc

Index: test/cctest/test-serialize.cc
diff --git a/test/cctest/test-serialize.cc b/test/cctest/test-serialize.cc
index 7ec5e053b7aab50663d08ab68b04b818a6aa8ef1..8586edb20eedd913fce76fb4d87adabaf23bbf30 100644
--- a/test/cctest/test-serialize.cc
+++ b/test/cctest/test-serialize.cc
@@ -329,7 +329,7 @@ UNINITIALIZED_TEST(PartialSerialization) {
                                          &partial_sink);
     partial_serializer.Serialize(&raw_foo);
 
-    startup_serializer.SerializeWeakReferences();
+    startup_serializer.SerializeWeakReferencesAndDeferred();
 
     SnapshotData startup_snapshot(startup_serializer);
     SnapshotData partial_snapshot(partial_serializer);
@@ -447,7 +447,7 @@ UNINITIALIZED_TEST(ContextSerialization) {
     PartialSerializer partial_serializer(isolate, &startup_serializer,
                                          &partial_sink);
     partial_serializer.Serialize(&raw_context);
-    startup_serializer.SerializeWeakReferences();
+    startup_serializer.SerializeWeakReferencesAndDeferred();
 
     SnapshotData startup_snapshot(startup_serializer);
     SnapshotData partial_snapshot(partial_serializer);
@@ -582,7 +582,7 @@ UNINITIALIZED_TEST(CustomContextSerialization) {
     PartialSerializer partial_serializer(isolate, &startup_serializer,
                                          &partial_sink);
     partial_serializer.Serialize(&raw_context);
-    startup_serializer.SerializeWeakReferences();
+    startup_serializer.SerializeWeakReferencesAndDeferred();
 
     SnapshotData startup_snapshot(startup_serializer);
     SnapshotData partial_snapshot(partial_serializer);
@@ -738,6 +738,44 @@ TEST(PerIsolateSnapshotBlobsWithLocker) {
 }
 
 
+TEST(SnapshotBlobsStackOverflow) {
+  DisableTurbofan();
+  const char* source =
+      "var a = [0];"
+      "var b = a;"
+      "for (var i = 0; i < 10000; i++) {"
+      "  var c = [i];"
+      "  b.push(c);"
+      "  b.push(c);"
+      "  b = c;"
+      "}";
+
+  v8::StartupData data = v8::V8::CreateSnapshotDataBlob(source);
+
+  v8::Isolate::CreateParams params;
+  params.snapshot_blob = &data;
+  params.array_buffer_allocator = CcTest::array_buffer_allocator();
+
+  v8::Isolate* isolate = v8::Isolate::New(params);
+  {
+    v8::Isolate::Scope i_scope(isolate);
+    v8::HandleScope h_scope(isolate);
+    v8::Local<v8::Context> context = v8::Context::New(isolate);
+    delete[] data.data;  // We can dispose of the snapshot blob now.
+    v8::Context::Scope c_scope(context);
+    const char* test =
+        "var sum = 0;"
+        "while (a) {"
+        "  sum += a[0];"
+        "  a = a[1];"
+        "}"
+        "sum";
+    CHECK_EQ(9999 * 5000, CompileRun(test)->ToInt32(isolate)->Int32Value());
+  }
+  isolate->Dispose();
+}
+
+
 TEST(TestThatAlwaysSucceeds) {
 }