[profiler] specially mark allocations during deopt

Deoptimization may materialize values on the heap, which may get sampled
by the heap profiler. Such samples have imprecise stack. Indicate this.

BUG=v8:7314

Change-Id: I21ab079c36fc0492b05b546cc1d6a8e6c042aeb8
Reviewed-on: https://chromium-review.googlesource.com/877119
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50775}

src/profiler/sampling-heap-profiler.cc

@@ -148,6 +148,7 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
   std::vector<SharedFunctionInfo*> stack;
   JavaScriptFrameIterator it(isolate_);
   int frames_captured = 0;
+  bool found_arguments_marker_frames = false;
   while (!it.done() && frames_captured < stack_depth_) {
     JavaScriptFrame* frame = it.frame();
     // If we are materializing objects during deoptimization, inlined
@@ -159,6 +160,8 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
       SharedFunctionInfo* shared = frame->function()->shared();
       stack.push_back(shared);
       frames_captured++;
+    } else {
+      found_arguments_marker_frames = true;
     }
     it.Advance();
   }
@@ -206,6 +209,12 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
     }
     node = node->FindOrAddChildNode(name, script_id, shared->start_position());
   }
+
+  if (found_arguments_marker_frames) {
+    node =
+        node->FindOrAddChildNode("(deopt)", v8::UnboundScript::kNoScriptId, 0);
+  }
+
   return node;
 }
 

test/cctest/test-heap-profiler.cc

@@ -3080,7 +3080,7 @@ TEST(SamplingHeapProfilerPretenuredInlineAllocations) {
   // Suppress randomness to avoid flakiness in tests.
   v8::internal::FLAG_sampling_heap_profiler_suppress_randomness = true;
 
-  // Grow new space unitl maximum capacity reached.
+  // Grow new space until maximum capacity reached.
   while (!CcTest::heap()->new_space()->IsAtMaximumCapacity()) {
     CcTest::heap()->new_space()->Grow();
   }
@@ -3171,3 +3171,49 @@ TEST(HeapSnapshotPrototypeNotJSReceiver) {
   const v8::HeapSnapshot* snapshot = heap_profiler->TakeHeapSnapshot();
   CHECK(ValidateSnapshot(snapshot));
 }
+
+TEST(SamplingHeapProfilerSampleDuringDeopt) {
+  i::FLAG_allow_natives_syntax = true;
+
+  v8::HandleScope scope(v8::Isolate::GetCurrent());
+  LocalContext env;
+  v8::HeapProfiler* heap_profiler = env->GetIsolate()->GetHeapProfiler();
+
+  // Suppress randomness to avoid flakiness in tests.
+  v8::internal::FLAG_sampling_heap_profiler_suppress_randomness = true;
+
+  // Small sample interval to force each object to be sampled.
+  heap_profiler->StartSamplingHeapProfiler(i::kPointerSize);
+
+  // Lazy deopt from runtime call from inlined callback function.
+  const char* source =
+      "var b = "
+      "  [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25];"
+      "(function f() {"
+      "  var result = 0;"
+      "  var lazyDeopt = function(deopt) {"
+      "    var callback = function(v,i,o) {"
+      "      result += i;"
+      "      if (i == 13 && deopt) {"
+      "          %DeoptimizeNow();"
+      "      }"
+      "      return v;"
+      "    };"
+      "    b.map(callback);"
+      "  };"
+      "  lazyDeopt();"
+      "  lazyDeopt();"
+      "  %OptimizeFunctionOnNextCall(lazyDeopt);"
+      "  lazyDeopt();"
+      "  lazyDeopt(true);"
+      "  lazyDeopt();"
+      "})();";
+
+  CompileRun(source);
+  // Should not crash.
+
+  std::unique_ptr<v8::AllocationProfile> profile(
+      heap_profiler->GetAllocationProfile());
+  CHECK(profile);
+  heap_profiler->StopSamplingHeapProfiler();
+}