[coverage] Do not reset JSFunction::code post-deoptimization
When enabling any coverage mode (other than best-effort), we trigger deoptimization of all functions on the heap. Prior to the recent removal of the weak list of optimized functions [0], we'd unlink optimized code from all relevant JSFunctions during the call to DeoptimizeAll. After the weak-list-removal, this was no longer the case, hence this [1] change which attempts to reset the code object from the SharedFunctionInfo for all found JSFunction objects. But this can create a situation in which JSFunctions are set up incorrectly s.t. they have unoptimized code but no feedback vector. This CL fixes that by leaving JSFunction objects untouched and relying on self-healing mechanisms (CompileLazyDeoptimizedCode) to fix up JSFunction::code. [0] https://crrev.com/f0acede9bb05155c25ee87e81b4b587e8a76f690 [1] https://crrev.com/c/647596/5/src/debug/debug-coverage.cc Bug: chromium:786784, chromium:791940, v8:6637 Change-Id: I13191f4c8800a0d72894b959105189dc09ca693e Reviewed-on: https://chromium-review.googlesource.com/813615 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49932}
Showing
Please
register
or
sign in
to comment