[mjsunit] Harden %GetOptimizationStatus against races

With this Cl, a function that has been marked for deoptimization will not be reported as optimized. This protects against potential races where an mjsunit tests assertUnoptimized, and the optimized code for the function has been marked for deoptimization, but not been disposed of yet. The potential for this race has been discovered in the context of bug v8:9563, but this CL is not a fix for that bug. Change-Id: I89d8aa85f19033e6b823324b3307b95d61367147 Bug: v8:9563 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763543Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63377}

[mjsunit] Harden %GetOptimizationStatus against races
With this Cl, a function that has been marked for deoptimization will not be reported as optimized. This protects against potential races where an mjsunit tests assertUnoptimized, and the optimized code for the function has been marked for deoptimization, but not been disposed of yet. The potential for this race has been discovered in the context of bug v8:9563, but this CL is not a fix for that bug. Change-Id: I89d8aa85f19033e6b823324b3307b95d61367147 Bug: v8:9563 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763543Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63377}
bad6116e · Sigurd Schneider · Commit Bot · 5db04cc0 · bad6116e · bad6116e
Commit bad6116e authored Aug 22, 2019 by Sigurd Schneider Committed by Commit Bot Aug 23, 2019
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

runtime-test.cc src/runtime/runtime-test.cc +5 -1

runtime.h src/runtime/runtime.h +1 -0

mjsunit.js test/mjsunit/mjsunit.js +1 -0

No files found.
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -521,7 +521,11 @@ RUNTIME_FUNCTION(Runtime_GetOptimizationStatus) {
  }

  if (function->IsOptimized()) {
+    if (function->code().marked_for_deoptimization()) {
+      status |= static_cast<int>(OptimizationStatus::kMarkedForDeoptimization);
+    } else {
      status |= static_cast<int>(OptimizationStatus::kOptimized);
+    }
    if (function->code().is_turbofanned()) {
      status |= static_cast<int>(OptimizationStatus::kTurboFanned);
    }

--- a/src/runtime/runtime.h
+++ b/src/runtime/runtime.h
@@ -795,6 +795,7 @@ enum class OptimizationStatus {
  kIsExecuting = 1 << 10,
  kTopmostFrameIsTurboFanned = 1 << 11,
  kLiteMode = 1 << 12,
+  kMarkedForDeoptimization = 1 << 13,
 };

 }  // namespace internal

--- a/test/mjsunit/mjsunit.js
+++ b/test/mjsunit/mjsunit.js
@@ -174,6 +174,7 @@ var V8OptimizationStatus = {
  kIsExecuting: 1 << 10,
  kTopmostFrameIsTurboFanned: 1 << 11,
  kLiteMode: 1 << 12,
+  kMarkedForDeoptimization: 1 << 13,
 };

 // Returns true if --lite-mode is on and we can't ever turn on optimization.