[snapshot] Check CanDiscardCompiled() again before DiscardCompiled()

Since DiscardCompiled() can allocate, it could also a cause a GC. A full GC might perform bytecode flushing, which could change the return value of CanDiscardCompiled(). So a DiscardCompiled() invocation in one loop iteration could violate the assumption that CanDiscardCompiled() holds in subsequent iterations. Prevent DCHECK failure by checking whether CanDiscardCompiled() still holds for each SharedFunctionInfo. Bug: v8:11772 Change-Id: Ie9c704abeea801bd3f4f1bdf8fa9c51a8a9d447d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960274Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75178}

[snapshot] Check CanDiscardCompiled() again before DiscardCompiled()
Since DiscardCompiled() can allocate, it could also a cause a GC. A full GC might perform bytecode flushing, which could change the return value of CanDiscardCompiled(). So a DiscardCompiled() invocation in one loop iteration could violate the assumption that CanDiscardCompiled() holds in subsequent iterations. Prevent DCHECK failure by checking whether CanDiscardCompiled() still holds for each SharedFunctionInfo. Bug: v8:11772 Change-Id: Ie9c704abeea801bd3f4f1bdf8fa9c51a8a9d447d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960274Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75178}
11891fd6 · Dominik Inführ · V8 LUCI CQ · c0614e9b · 11891fd6
Commit 11891fd6 authored Jun 15, 2021 by Dominik Inführ Committed by V8 LUCI CQ Jun 16, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

snapshot.cc src/snapshot/snapshot.cc +6 -2

No files found.
--- a/src/snapshot/snapshot.cc
+++ b/src/snapshot/snapshot.cc
@@ -206,7 +206,9 @@ void Snapshot::ClearReconstructableDataForSerialization(
  if (clear_recompilable_data) {
    HandleScope scope(isolate);
    std::vector<i::Handle<i::SharedFunctionInfo>> sfis_to_clear;
-    {  // Heap allocation is disallowed within this scope.
+    {
+      // Heap allocation is disallowed within this scope.
+      DisallowGarbageCollection disallow_gc;
      i::HeapObjectIterator it(isolate->heap());
      for (i::HeapObject o = it.Next(); !o.is_null(); o = it.Next()) {
        if (o.IsSharedFunctionInfo()) {
@@ -229,7 +231,9 @@ void Snapshot::ClearReconstructableDataForSerialization(

    // Must happen after heap iteration since SFI::DiscardCompiled may allocate.
    for (i::Handle<i::SharedFunctionInfo> shared : sfis_to_clear) {
-      i::SharedFunctionInfo::DiscardCompiled(isolate, shared);
+      if (shared->CanDiscardCompiled()) {
+        i::SharedFunctionInfo::DiscardCompiled(isolate, shared);
+      }
    }
  }