[objects] do not visit ArrayBuffer's backing store

src/heap/store-buffer.cc

Index: src/heap/store-buffer.cc
diff --git a/src/heap/store-buffer.cc b/src/heap/store-buffer.cc
index 8a0ee5477918a5683cc83c3dc5eab4be660acbfc..1c673dacc5d735be404fe4e0d196e2f10fad0327 100644
--- a/src/heap/store-buffer.cc
+++ b/src/heap/store-buffer.cc
@@ -499,6 +499,17 @@ void StoreBuffer::IteratePointersToNewSpace(ObjectSlotCallback slot_callback) {
                         obj_address + BytecodeArray::kConstantPoolOffset,
                         obj_address + BytecodeArray::kHeaderSize,
                         slot_callback);
+                  } else if (heap_object->IsJSArrayBuffer()) {
+                    FindPointersToNewSpaceInRegion(
+                        obj_address +
+                            JSArrayBuffer::BodyDescriptor::kStartOffset,
+                        obj_address + JSArrayBuffer::kByteLengthOffset +
+                            kPointerSize,
+                        slot_callback);
+                    FindPointersToNewSpaceInRegion(
+                        obj_address + JSArrayBuffer::kSize,
+                        obj_address + JSArrayBuffer::kSizeWithInternalFields,
+                        slot_callback);
                   } else if (FLAG_unbox_double_fields) {
                     LayoutDescriptorHelper helper(heap_object->map());
                     DCHECK(!helper.all_fields_tagged());