• Mythri A's avatar
    Hold on to FeedbackMetadata when allocating feedback vectors · 97ae1010
    Mythri A authored
    Allocating a new feedback vector happens in two steps: We create an
    empty structure and then initialize the array based on the
    FeedbackMetadata.When allocating a new feedback array we could trigger
    a GC which might flush the bytecode and associated feedback metadata.
    This shouldn't happen in normal cases, because we either allocate
    feedback vector after compilation or when we reach the expected budget.
    In both cases, the age of the feedback vector should be 0 and hence
    bytecode shouldn't be flushed. However, with debugger enabled we may
    allocate feedback vectors even when the bytecode array is old
    for example: when we enable precise invocation counters. This also
    causes issues in tests with --stress-flush-bytecode. In the stress mode
    we flush bytecode without considering the age. Holding on to the
    feedback metadata prevents crashes in such cases.
    
    Bug: v8:10560
    Change-Id: Ie806ff4102cb5fcf257c8683d5ca957853e38c05
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218066
    Commit-Queue: Mythri Alle <mythria@chromium.org>
    Auto-Submit: Mythri Alle <mythria@chromium.org>
    Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#68052}
    97ae1010
regress-786784.js 1.11 KB