[snapshot] correctly clear feedback vector before serialization.

R=jgruber@chromium.org Bug: v8:6422 Change-Id: Ib1075259325627451060b3a0a41cad5c917dc30e Reviewed-on: https://chromium-review.googlesource.com/650246Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#47814}

[snapshot] correctly clear feedback vector before serialization.
R=jgruber@chromium.org Bug: v8:6422 Change-Id: Ib1075259325627451060b3a0a41cad5c917dc30e Reviewed-on: https://chromium-review.googlesource.com/650246Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#47814}
29691f80 · Yang Guo · Commit Bot · 75bbd19f · 29691f80 · 29691f80
Commit 29691f80 authored Sep 05, 2017 by Yang Guo Committed by Commit Bot Sep 05, 2017
Showing with 10 additions and 14 deletions

feedback-vector.cc src/feedback-vector.cc +2 -6

feedback-vector.h src/feedback-vector.h +2 -2

objects.cc src/objects.cc +4 -1

partial-serializer.cc src/snapshot/partial-serializer.cc +2 -5

No files found.
--- a/src/feedback-vector.cc
+++ b/src/feedback-vector.cc
@@ -341,9 +341,7 @@ void FeedbackVector::EvictOptimizedCodeMarkedForDeoptimization(
  }
 }

-void FeedbackVector::ClearSlots(JSFunction* host_function) {
-  Isolate* isolate = GetIsolate();
-
+bool FeedbackVector::ClearSlots(Isolate* isolate) {
  Object* uninitialized_sentinel =
      FeedbackVector::RawUninitializedSentinel(isolate);

@@ -442,9 +440,7 @@ void FeedbackVector::ClearSlots(JSFunction* host_function) {
      }
    }
  }
-  if (feedback_updated) {
-    IC::OnFeedbackChanged(isolate, this, host_function);
-  }
+  return feedback_updated;
 }

 Handle<FixedArray> FeedbackNexus::EnsureArrayOfSize(int length) {

--- a/src/feedback-vector.h
+++ b/src/feedback-vector.h
@@ -224,8 +224,8 @@ class FeedbackVector : public HeapObject {
  DECL_PRINTER(FeedbackVector)
  DECL_VERIFIER(FeedbackVector)

-  // Clears the vector slots.
-  void ClearSlots(JSFunction* host_function);
+  // Clears the vector slots. Return true if feedback has changed.
+  bool ClearSlots(Isolate* isolate);

  // The object that indicates an uninitialized cache.
  static inline Handle<Symbol> UninitializedSentinel(Isolate* isolate);

--- a/src/objects.cc
+++ b/src/objects.cc
@@ -14157,7 +14157,10 @@ int AbstractCode::SourceStatementPosition(int offset) {
 void JSFunction::ClearTypeFeedbackInfo() {
  if (feedback_vector_cell()->value()->IsFeedbackVector()) {
    FeedbackVector* vector = feedback_vector();
-    vector->ClearSlots(this);
+    Isolate* isolate = GetIsolate();
+    if (vector->ClearSlots(isolate)) {
+      IC::OnFeedbackChanged(isolate, vector, this);
+    }
  }
 }


--- a/src/snapshot/partial-serializer.cc
+++ b/src/snapshot/partial-serializer.cc
@@ -95,11 +95,8 @@ void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,

  FlushSkip(skip);

-  // Clear literal boilerplates.
-  if (obj->IsJSFunction()) {
-    JSFunction* function = JSFunction::cast(obj);
-    function->ClearTypeFeedbackInfo();
-  }
+  // Clear literal boilerplates and feedback.
+  if (obj->IsFeedbackVector()) FeedbackVector::cast(obj)->ClearSlots(isolate_);

  if (obj->IsJSObject()) {
    JSObject* jsobj = JSObject::cast(obj);