[snapshot] Guard against flushing when installing native IET

CreateInterpreterDataForDeserializedCode checks for bytecode, copies the InterpreterEntryTrampoline, and installs that and the bytecode on InterpreterData. However, the bytecode can be flushed when the IET is copied, which results in a failure to read it afterward. Add an IsCompiledScope to guard against this. As a drive-by, guard against baseline code being installed on the function. This shouldn't happen in normal execution, but could theoretically happen with some extra support for --always-sparkplug. Bug: chromium:1308178 Change-Id: Ia5e81b376bff2aaa19e9c6007242629ab8b0d4a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545171Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79580}

[snapshot] Guard against flushing when installing native IET
CreateInterpreterDataForDeserializedCode checks for bytecode, copies the InterpreterEntryTrampoline, and installs that and the bytecode on InterpreterData. However, the bytecode can be flushed when the IET is copied, which results in a failure to read it afterward. Add an IsCompiledScope to guard against this. As a drive-by, guard against baseline code being installed on the function. This shouldn't happen in normal execution, but could theoretically happen with some extra support for --always-sparkplug. Bug: chromium:1308178 Change-Id: Ia5e81b376bff2aaa19e9c6007242629ab8b0d4a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545171Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79580}
eec3f923 · Leszek Swirski · V8 LUCI CQ · 7d1f7de6 · eec3f923
Commit eec3f923 authored Mar 23, 2022 by Leszek Swirski Committed by V8 LUCI CQ Mar 23, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

code-serializer.cc src/snapshot/code-serializer.cc +9 -3

No files found.
--- a/src/snapshot/code-serializer.cc
+++ b/src/snapshot/code-serializer.cc
@@ -269,7 +269,9 @@ void CreateInterpreterDataForDeserializedCode(Isolate* isolate,
  SharedFunctionInfo::ScriptIterator iter(isolate, *script);
  for (SharedFunctionInfo shared_info = iter.Next(); !shared_info.is_null();
       shared_info = iter.Next()) {
-    if (!shared_info.HasBytecodeArray()) continue;
+    IsCompiledScope is_compiled(shared_info, isolate);
+    if (!is_compiled.is_compiled()) continue;
+    DCHECK(shared_info.HasBytecodeArray());
    Handle<SharedFunctionInfo> info = handle(shared_info, isolate);
    Handle<Code> code = isolate->factory()->CopyCode(Handle<Code>::cast(
        isolate->factory()->interpreter_entry_trampoline_for_profiling()));
@@ -280,8 +282,12 @@ void CreateInterpreterDataForDeserializedCode(Isolate* isolate,

    interpreter_data->set_bytecode_array(info->GetBytecodeArray(isolate));
    interpreter_data->set_interpreter_trampoline(ToCodeT(*code));
-
-    info->set_interpreter_data(*interpreter_data);
+    if (info->HasBaselineCode()) {
+      FromCodeT(info->baseline_code(kAcquireLoad))
+          .set_bytecode_or_interpreter_data(*interpreter_data);
+    } else {
+      info->set_interpreter_data(*interpreter_data);
+    }

    if (!log_code_creation) continue;
    Handle<AbstractCode> abstract_code = Handle<AbstractCode>::cast(code);