Commit 6aa9f43d authored by Jaroslav Sevcik's avatar Jaroslav Sevcik Committed by Commit Bot

[profiler] Fix heap iteration to ignore deoptimized code objects.

When starting profiling, we iterate the heap to find all existing code
objects and the associated functions.

The iteration tried to log the function's code if either the closure's
code was optimized-but-not-deoptimized or if the optimized code in its
feedback vector was optimized-but-not-deoptimized.

That caused some trouble if the function's code was deoptimized but
we had a valid optimized code in the feedback vector. In that case
we would log the deoptimized code object from the closure, which 
would later crash when trying to access the deoptimization information
(which we clear on deoptimization).

This CL just fixes the iteration so that we do not crash. A better fix
might be to log the function's code object if not deoptimized *and*
the code object in type feedback vector if not not deoptimized. Or
perhaps iterate optimized code objects and log those that have
deoptimization information.

Bug: chromium:763073
Change-Id: Iddee6a1c8b0fe332186ef7af2f3751c8828434b1
Reviewed-on: https://chromium-review.googlesource.com/709116Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48437}
parent 33d4e209
......@@ -1547,7 +1547,10 @@ static int EnumerateCompiledFunctions(Heap* heap,
!Script::cast(maybe_script)->HasValidSource()) {
continue;
}
if (function->HasOptimizedCode()) {
// TODO(jarin) This leaves out deoptimized code that might still be on the
// stack. Also note that we will not log optimized code objects that are
// only on a type feedback vector. We should make this mroe precise.
if (function->IsOptimized()) {
AddFunctionAndCode(sfi, AbstractCode::cast(function->code()), sfis,
code_objects, compiled_funcs_count);
++compiled_funcs_count;
......
......@@ -2185,6 +2185,58 @@ TEST(TracingCpuProfiler) {
i::V8::SetPlatformForTesting(old_platform);
}
TEST(Issue763073) {
class AllowNativesSyntax {
public:
AllowNativesSyntax()
: allow_natives_syntax_(i::FLAG_allow_natives_syntax),
trace_deopt_(i::FLAG_trace_deopt) {
i::FLAG_allow_natives_syntax = true;
i::FLAG_trace_deopt = true;
}
~AllowNativesSyntax() {
i::FLAG_allow_natives_syntax = allow_natives_syntax_;
i::FLAG_trace_deopt = trace_deopt_;
}
private:
bool allow_natives_syntax_;
bool trace_deopt_;
};
AllowNativesSyntax allow_natives_syntax_scope;
LocalContext env;
v8::HandleScope scope(env->GetIsolate());
CompileRun(
"function f() { return function g(x) { }; }"
// Create first closure, optimize it, and deoptimize it.
"var g = f();"
"g(1);"
"%OptimizeFunctionOnNextCall(g);"
"g(1);"
"%DeoptimizeFunction(g);"
// Create second closure, and optimize it. This will create another
// optimized code object and put in the (shared) type feedback vector.
"var h = f();"
"h(1);"
"%OptimizeFunctionOnNextCall(h);"
"h(1);");
// Start profiling.
v8::CpuProfiler* cpu_profiler = v8::CpuProfiler::New(env->GetIsolate());
v8::Local<v8::String> profile_name = v8_str("test");
// Here we test that the heap iteration upon profiling start is not
// confused by having a deoptimized code object for a closure while
// having a different optimized code object in the type feedback vector.
cpu_profiler->StartProfiling(profile_name);
v8::CpuProfile* p = cpu_profiler->StopProfiling(profile_name);
p->Delete();
cpu_profiler->Dispose();
}
} // namespace test_cpu_profiler
} // namespace internal
} // namespace v8
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment