[turbofan] Don't assume all native context fields are set.

When Turbofan gets triggered during bootstrapping (via --always-opt), some context fields still hold undefined rather than their actual value. Bug: v8:7790 Change-Id: Id87c593182fa8450ba9415d144d105281e48236f Reviewed-on: https://chromium-review.googlesource.com/c/1268240Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56449}

[turbofan] Don't assume all native context fields are set.
When Turbofan gets triggered during bootstrapping (via --always-opt), some context fields still hold undefined rather than their actual value. Bug: v8:7790 Change-Id: Id87c593182fa8450ba9415d144d105281e48236f Reviewed-on: https://chromium-review.googlesource.com/c/1268240Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56449}
58e996db · Georg Neis · Commit Bot · 61ede2f5 · 58e996db · 58e996db
Commit 58e996db authored Oct 08, 2018 by Georg Neis Committed by Commit Bot Oct 08, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 23 deletions

js-heap-broker.cc src/compiler/js-heap-broker.cc +5 -1

js-heap-broker.h src/compiler/js-heap-broker.h +30 -22

No files found.
--- a/src/compiler/js-heap-broker.cc
+++ b/src/compiler/js-heap-broker.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/js-heap-broker.h"

 #include "src/ast/modules.h"
+#include "src/bootstrapper.h"
 #include "src/boxed-float.h"
 #include "src/code-factory.h"
 #include "src/compiler/graph-reducer.h"
@@ -2299,7 +2300,10 @@ void NativeContextData::Serialize(JSHeapBroker* broker) {
  DCHECK_NULL(name##_);                                           \
  name##_ = broker->GetOrCreateData(context->name())->As##type(); \
  if (name##_->IsJSFunction()) name##_->AsJSFunction()->Serialize(broker);
-  BROKER_NATIVE_CONTEXT_FIELDS(SERIALIZE_MEMBER)
+  BROKER_COMPULSORY_NATIVE_CONTEXT_FIELDS(SERIALIZE_MEMBER)
+  if (!broker->isolate()->bootstrapper()->IsActive()) {
+    BROKER_OPTIONAL_NATIVE_CONTEXT_FIELDS(SERIALIZE_MEMBER)
+  }
 #undef SERIALIZE_MEMBER

  DCHECK(function_maps_.empty());

--- a/src/compiler/js-heap-broker.h
+++ b/src/compiler/js-heap-broker.h
@@ -236,30 +236,38 @@ class ContextRef : public HeapObjectRef {
  ObjectRef get(int index) const;
 };

-#define BROKER_NATIVE_CONTEXT_FIELDS(V)       \
-  V(JSFunction, array_function)               \
-  V(JSFunction, object_function)              \
-  V(JSFunction, promise_function)             \
-  V(Map, fast_aliased_arguments_map)          \
-  V(Map, initial_array_iterator_map)          \
-  V(Map, initial_string_iterator_map)         \
-  V(Map, iterator_result_map)                 \
-  V(Map, js_array_holey_double_elements_map)  \
-  V(Map, js_array_holey_elements_map)         \
-  V(Map, js_array_holey_smi_elements_map)     \
-  V(Map, js_array_packed_double_elements_map) \
-  V(Map, js_array_packed_elements_map)        \
-  V(Map, js_array_packed_smi_elements_map)    \
-  V(Map, map_key_iterator_map)                \
-  V(Map, map_key_value_iterator_map)          \
-  V(Map, map_value_iterator_map)              \
-  V(Map, set_key_value_iterator_map)          \
-  V(Map, set_value_iterator_map)              \
-  V(Map, sloppy_arguments_map)                \
-  V(Map, slow_object_with_null_prototype_map) \
-  V(Map, strict_arguments_map)                \
+#define BROKER_COMPULSORY_NATIVE_CONTEXT_FIELDS(V) \
+  V(JSFunction, array_function)                    \
+  V(JSFunction, object_function)                   \
+  V(JSFunction, promise_function)                  \
+  V(Map, fast_aliased_arguments_map)               \
+  V(Map, initial_array_iterator_map)               \
+  V(Map, initial_string_iterator_map)              \
+  V(Map, iterator_result_map)                      \
+  V(Map, js_array_holey_double_elements_map)       \
+  V(Map, js_array_holey_elements_map)              \
+  V(Map, js_array_holey_smi_elements_map)          \
+  V(Map, js_array_packed_double_elements_map)      \
+  V(Map, js_array_packed_elements_map)             \
+  V(Map, js_array_packed_smi_elements_map)         \
+  V(Map, sloppy_arguments_map)                     \
+  V(Map, slow_object_with_null_prototype_map)      \
+  V(Map, strict_arguments_map)                     \
  V(ScriptContextTable, script_context_table)

+// Those are set by Bootstrapper::ExportFromRuntime, which may not yet have
+// happened when Turbofan is invoked via --always-opt.
+#define BROKER_OPTIONAL_NATIVE_CONTEXT_FIELDS(V) \
+  V(Map, map_key_iterator_map)                   \
+  V(Map, map_key_value_iterator_map)             \
+  V(Map, map_value_iterator_map)                 \
+  V(Map, set_key_value_iterator_map)             \
+  V(Map, set_value_iterator_map)
+
+#define BROKER_NATIVE_CONTEXT_FIELDS(V)      \
+  BROKER_COMPULSORY_NATIVE_CONTEXT_FIELDS(V) \
+  BROKER_OPTIONAL_NATIVE_CONTEXT_FIELDS(V)
+
 class NativeContextRef : public ContextRef {
 public:
  using ContextRef::ContextRef;