[snapshot] Fix two stress_snapshot failures

1. Stress snapshot discards code on SFIs, which breaks flushing invariants. Add --stress-snapshot to those invariants. 2. Another test failing on IsScript, added it to the disabled list. Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77430}

[snapshot] Fix two stress_snapshot failures
1. Stress snapshot discards code on SFIs, which breaks flushing invariants. Add --stress-snapshot to those invariants. 2. Another test failing on IsScript, added it to the disabled list. Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77430}
dca83ff7 · Leszek Swirski · V8 LUCI CQ · 50031da2 · dca83ff7 · dca83ff7
Commit dca83ff7 authored Oct 18, 2021 by Leszek Swirski Committed by V8 LUCI CQ Oct 18, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 7 deletions

js-function-inl.h src/objects/js-function-inl.h +8 -7

mjsunit.status test/mjsunit/mjsunit.status +1 -0

No files found.
--- a/src/objects/js-function-inl.h
+++ b/src/objects/js-function-inl.h
@@ -331,10 +331,13 @@ void JSFunction::ResetIfCodeFlushed(
    base::Optional<std::function<void(HeapObject object, ObjectSlot slot,
                                      HeapObject target)>>
        gc_notify_updated_slot) {
-  if (!FLAG_flush_bytecode && !FLAG_flush_baseline_code) return;
+  const bool kBytecodeCanFlush = FLAG_flush_bytecode || FLAG_stress_snapshot;
+  const bool kBaselineCodeCanFlush =
+      FLAG_flush_baseline_code || FLAG_stress_snapshot;
+  if (!kBytecodeCanFlush && !kBaselineCodeCanFlush) return;

-  DCHECK_IMPLIES(NeedsResetDueToFlushedBytecode(), FLAG_flush_bytecode);
-  if (FLAG_flush_bytecode && NeedsResetDueToFlushedBytecode()) {
+  DCHECK_IMPLIES(NeedsResetDueToFlushedBytecode(), kBytecodeCanFlush);
+  if (kBytecodeCanFlush && NeedsResetDueToFlushedBytecode()) {
    // Bytecode was flushed and function is now uncompiled, reset JSFunction
    // by setting code to CompileLazy and clearing the feedback vector.
    set_code(*BUILTIN_CODE(GetIsolate(), CompileLazy));
@@ -342,10 +345,8 @@ void JSFunction::ResetIfCodeFlushed(
    return;
  }

-  DCHECK_IMPLIES(NeedsResetDueToFlushedBaselineCode(),
-                 FLAG_flush_baseline_code);
-  if (FLAG_flush_baseline_code && NeedsResetDueToFlushedBaselineCode()) {
-    DCHECK(FLAG_flush_baseline_code);
+  DCHECK_IMPLIES(NeedsResetDueToFlushedBaselineCode(), kBaselineCodeCanFlush);
+  if (kBaselineCodeCanFlush && NeedsResetDueToFlushedBaselineCode()) {
    // Flush baseline code from the closure if required
    set_code(*BUILTIN_CODE(GetIsolate(), InterpreterEntryTrampoline));
  }

--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@@ -1370,6 +1370,7 @@
  # Investigate (IsScript).
  'harmony/import-from-compilation-errored': [SKIP],
  'harmony/private-fields-special-object': [SKIP],
+  'regress/regress-676025': [SKIP],
  # Skip, since import errors since they refer to the script via debug symbols
  'harmony/import-from-instantiation-errored': [SKIP],
  # The entire snapshotting code assumes that the snapshot size fits