[compiler] Hold Handles for finalization data

Avoid the SFI lookup in the script's weak SFI list, which could fail if
the function was somehow GCed between allocation and finalization, and
instead hold a Handle to each finalizing SFI in the finalization data
structure.

For similar reasons, also check that the compiled function to have its
compilation finalized is still compiled by that point, because it could
have been bytecode flushed.

Bug: chromium:1081691
Change-Id: I4e1f681263473a966e782b23291636d10a9209c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199349
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67802}

src/codegen/compiler.cc

@@ -549,10 +549,9 @@ CompilationJob::Status FinalizeSingleUnoptimizedCompilationJob(
   CompilationJob::Status status = job->FinalizeJob(shared_info, isolate);
   if (status == CompilationJob::SUCCEEDED) {
     InstallUnoptimizedCode(compilation_info, shared_info, isolate);
-    finalize_unoptimized_compilation_data_list->push_back(
-        FinalizeUnoptimizedCompilationData{
-            compilation_info->literal()->function_literal_id(),
-            job->time_taken_to_execute(), job->time_taken_to_finalize()});
+    finalize_unoptimized_compilation_data_list->emplace_back(
+        isolate, shared_info, job->time_taken_to_execute(),
+        job->time_taken_to_finalize());
   }
   return status;
 }
@@ -1007,10 +1006,13 @@ void FinalizeUnoptimizedCompilation(
                                 isolate->NeedsSourcePositionsForProfiling());
 
   for (const auto& finalize_data : finalize_unoptimized_compilation_data_list) {
-    Handle<SharedFunctionInfo> shared_info =
-        script
-            ->FindSharedFunctionInfo(isolate, finalize_data.function_literal_id)
-            .ToHandleChecked();
+    Handle<SharedFunctionInfo> shared_info = finalize_data.function_handle();
+    // It's unlikely, but possible, that the bytecode was flushed between being
+    // allocated and now, so guard against that case, and against it being
+    // flushed in the middle of this loop.
+    IsCompiledScope is_compiled_scope(*shared_info, isolate);
+    if (!is_compiled_scope.is_compiled()) continue;
+
     if (need_source_positions) {
       SharedFunctionInfo::EnsureSourcePositionsAvailable(isolate, shared_info);
     }
@@ -1019,8 +1021,8 @@ void FinalizeUnoptimizedCompilation(
     }
 
     LogUnoptimizedCompilation(isolate, shared_info, flags,
-                              finalize_data.time_taken_to_execute,
-                              finalize_data.time_taken_to_finalize);
+                              finalize_data.time_taken_to_execute(),
+                              finalize_data.time_taken_to_finalize());
   }
 }
 

src/codegen/compiler.h

@@ -361,10 +361,50 @@ class OptimizedCompilationJob : public CompilationJob {
   const char* compiler_name_;
 };
 
-struct FinalizeUnoptimizedCompilationData {
-  int function_literal_id;
-  base::TimeDelta time_taken_to_execute;
-  base::TimeDelta time_taken_to_finalize;
+class FinalizeUnoptimizedCompilationData {
+ public:
+  FinalizeUnoptimizedCompilationData(Isolate* isolate,
+                                     Handle<SharedFunctionInfo> function_handle,
+                                     base::TimeDelta time_taken_to_execute,
+                                     base::TimeDelta time_taken_to_finalize)
+      : time_taken_to_execute_(time_taken_to_execute),
+        time_taken_to_finalize_(time_taken_to_finalize),
+        function_handle_(function_handle),
+        handle_state_(kHandle) {}
+
+  FinalizeUnoptimizedCompilationData(OffThreadIsolate* isolate,
+                                     Handle<SharedFunctionInfo> function_handle,
+                                     base::TimeDelta time_taken_to_execute,
+                                     base::TimeDelta time_taken_to_finalize)
+      : time_taken_to_execute_(time_taken_to_execute),
+        time_taken_to_finalize_(time_taken_to_finalize),
+        function_transfer_handle_(isolate->TransferHandle(function_handle)),
+        handle_state_(kTransferHandle) {}
+
+  Handle<SharedFunctionInfo> function_handle() const {
+    switch (handle_state_) {
+      case kHandle:
+        return function_handle_;
+      case kTransferHandle:
+        return function_transfer_handle_.ToHandle();
+    }
+  }
+
+  base::TimeDelta time_taken_to_execute() const {
+    return time_taken_to_execute_;
+  }
+  base::TimeDelta time_taken_to_finalize() const {
+    return time_taken_to_finalize_;
+  }
+
+ private:
+  base::TimeDelta time_taken_to_execute_;
+  base::TimeDelta time_taken_to_finalize_;
+  union {
+    Handle<SharedFunctionInfo> function_handle_;
+    OffThreadTransferHandle<SharedFunctionInfo> function_transfer_handle_;
+  };
+  enum { kHandle, kTransferHandle } handle_state_;
 };
 
 using FinalizeUnoptimizedCompilationDataList =