[snapshot] Fix clearing compiled code from JSFunction

JSFunctions with an attached InterpreterEntryTrampoline should also be reset to CompileLazy, but this was recently broken by https://crrev.com/c/2345966. This CL introduces a new JSFunction::CanDiscardCompiled helper to mirror SFI::CanDiscardCompiled, and uses it during serialization. Bug: v8:10869 Change-Id: I176b77278d2d40d34db671638232faec4dda1d9c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390145Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69689}

[snapshot] Fix clearing compiled code from JSFunction
JSFunctions with an attached InterpreterEntryTrampoline should also be reset to CompileLazy, but this was recently broken by https://crrev.com/c/2345966. This CL introduces a new JSFunction::CanDiscardCompiled helper to mirror SFI::CanDiscardCompiled, and uses it during serialization. Bug: v8:10869 Change-Id: I176b77278d2d40d34db671638232faec4dda1d9c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390145Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69689}
6cf10c80 · Jakob Gruber · Commit Bot · 214d26d4 · 6cf10c80 · 6cf10c80
Commit 6cf10c80 authored Sep 02, 2020 by Jakob Gruber Committed by Commit Bot Sep 03, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 2 deletions

js-function.cc src/objects/js-function.cc +11 -0

js-function.h src/objects/js-function.h +5 -0

snapshot.cc src/snapshot/snapshot.cc +2 -2

No files found.
--- a/src/objects/js-function.cc
+++ b/src/objects/js-function.cc
@@ -147,6 +147,17 @@ CodeKind JSFunction::NextTier() const {
             : CodeKind::OPTIMIZED_FUNCTION;
 }

+bool JSFunction::CanDiscardCompiled() const {
+  // Essentially, what we are asking here is, has this function been compiled
+  // from JS code? We can currently tell only indirectly, by looking at
+  // available code kinds. If any JS code kind exists, we can discard.
+  //
+  // Note that when the function has not yet been compiled we also return
+  // false; that's fine, since nothing must be discarded in that case.
+  CodeKinds result = GetAvailableCodeKinds();
+  return (result & kJSFunctionCodeKindsMask) != 0;
+}
+
 bool JSFunction::HasOptimizationMarker() {
  return has_feedback_vector() && feedback_vector().has_optimization_marker();
 }

--- a/src/objects/js-function.h
+++ b/src/objects/js-function.h
@@ -116,6 +116,11 @@ class JSFunction : public JSFunctionOrBoundFunction {

  CodeKind NextTier() const;

+  // Similar to SharedFunctionInfo::CanDiscardCompiled. Returns true, if the
+  // attached code can be recreated at a later point by replacing it with
+  // CompileLazy.
+  bool CanDiscardCompiled() const;
+
  // Tells whether or not this function checks its optimization marker in its
  // feedback vector.
  bool ChecksOptimizationMarker();

--- a/src/snapshot/snapshot.cc
+++ b/src/snapshot/snapshot.cc
@@ -251,8 +251,8 @@ void Snapshot::ClearReconstructableDataForSerialization(
      continue;  // Don't clear extensions, they cannot be recompiled.
    }

-    // Also, clear out feedback vectors and any optimized code.
-    if (CodeKindIsJSFunction(fun.code().kind())) {
+    // Also, clear out feedback vectors and recompilable code.
+    if (fun.CanDiscardCompiled()) {
      fun.set_code(*BUILTIN_CODE(isolate, CompileLazy));
    }
    if (!fun.raw_feedback_cell().value().IsUndefined()) {