deps: cherry-pick 22116dd from upstream V8

Refs: v8/v8@22116dd

Original commit message:

    [snapshot] fix resetting function code.

    Unconditionally setting the JSFunction code to that of the SFI
    may skip initializing the feedback vector.

    [email protected]

    Bug: v8:7857
    Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
    Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809
    Reviewed-on: https://chromium-review.googlesource.com/1107618
    Commit-Queue: Yang Guo <[email protected]>
    Reviewed-by: Leszek Swirski <[email protected]>
    Cr-Commit-Position: refs/heads/master@{#53881}

PR-URL: #21992
Reviewed-By: Tiancheng "Timothy" Gu <[email protected]>
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>

Author: laverdet

common.gypi

@@ -29,7 +29,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.25',
+    'v8_embedder_string': '-node.26',
 
     # Enable disassembler for `--print-code` v8 options
     'v8_enable_disassembler': 1,

deps/v8/src/api.cc

@@ -766,8 +766,11 @@ StartupData SnapshotCreator::CreateBlob(
       // Complete in-object slack tracking for all functions.
       fun->CompleteInobjectSlackTrackingIfActive();
 
-      // Also, clear out feedback vectors.
-      fun->feedback_cell()->set_value(isolate->heap()->undefined_value());
+      // Also, clear out feedback vectors, or any optimized code.
+      if (fun->has_feedback_vector()) {
+        fun->feedback_cell()->set_value(isolate->heap()->undefined_value());
+        fun->set_code(isolate->builtins()->builtin(i::Builtins::kCompileLazy));
+      }
     }
 
     // Clear out re-compilable data from all shared function infos. Any

deps/v8/src/snapshot/partial-serializer.cc

@@ -105,7 +105,7 @@ void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
     // Unconditionally reset the JSFunction to its SFI's code, since we can't
     // serialize optimized code anyway.
     JSFunction* closure = JSFunction::cast(obj);
-    closure->set_code(closure->shared()->GetCode());
+    if (closure->is_compiled()) closure->set_code(closure->shared()->GetCode());
   }
 
   CheckRehashability(obj);

deps/v8/test/cctest/test-serialize.cc

@@ -2640,6 +2640,47 @@ TEST(SnapshotCreatorNoExternalReferencesDefault) {
   delete[] blob.data;
 }
 
+v8::StartupData CreateCustomSnapshotArrayJoinWithKeep() {
+  v8::SnapshotCreator creator;
+  v8::Isolate* isolate = creator.GetIsolate();
+  {
+    v8::HandleScope handle_scope(isolate);
+    {
+      v8::Local<v8::Context> context = v8::Context::New(isolate);
+      v8::Context::Scope context_scope(context);
+      CompileRun(
+          "[].join('');\n"
+          "function g() { return String([1,2,3]); }\n");
+      ExpectString("g()", "1,2,3");
+      creator.SetDefaultContext(context);
+    }
+  }
+  return creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kKeep);
+}
+
+TEST(SnapshotCreatorArrayJoinWithKeep) {
+  DisableAlwaysOpt();
+  v8::StartupData blob = CreateCustomSnapshotArrayJoinWithKeep();
+
+  // Deserialize with an incomplete list of external references.
+  {
+    v8::Isolate::CreateParams params;
+    params.snapshot_blob = &blob;
+    params.array_buffer_allocator = CcTest::array_buffer_allocator();
+    // Test-appropriate equivalent of v8::Isolate::New.
+    v8::Isolate* isolate = TestIsolate::New(params);
+    {
+      v8::Isolate::Scope isolate_scope(isolate);
+      v8::HandleScope handle_scope(isolate);
+      v8::Local<v8::Context> context = v8::Context::New(isolate);
+      v8::Context::Scope context_scope(context);
+      ExpectString("g()", "1,2,3");
+    }
+    isolate->Dispose();
+  }
+  delete[] blob.data;
+}
+
 TEST(SnapshotCreatorNoExternalReferencesCustomFail1) {
   DisableAlwaysOpt();
   v8::StartupData blob = CreateSnapshotWithDefaultAndCustom();