[snapshot] fix resetting function code.

hashseed · Commit Bot · commit 22116dd6c884 · 2018-06-20T12:43:52.000Z
Unconditionally setting the JSFunction code to that of the SFI may skip initializing the feedback vector. R=leszeks@chromium.org Bug: v8:7857 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809 Reviewed-on: https://chromium-review.googlesource.com/1107618 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#53881}
diff --git a/src/api.cc b/src/api.cc
@@ -770,8 +770,11 @@ StartupData SnapshotCreator::CreateBlob(
       // Complete in-object slack tracking for all functions.
       fun->CompleteInobjectSlackTrackingIfActive();
 
-      // Also, clear out feedback vectors.
-      fun->feedback_cell()->set_value(isolate->heap()->undefined_value());
+      // Also, clear out feedback vectors, or any optimized code.
+      if (fun->has_feedback_vector()) {
+        fun->feedback_cell()->set_value(isolate->heap()->undefined_value());
+        fun->set_code(isolate->builtins()->builtin(i::Builtins::kCompileLazy));
+      }
     }
 
     // Clear out re-compilable data from all shared function infos. Any
diff --git a/src/snapshot/partial-serializer.cc b/src/snapshot/partial-serializer.cc
@@ -105,7 +105,7 @@ void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
     // Unconditionally reset the JSFunction to its SFI's code, since we can't
     // serialize optimized code anyway.
     JSFunction* closure = JSFunction::cast(obj);
-    closure->set_code(closure->shared()->GetCode());
+    if (closure->is_compiled()) closure->set_code(closure->shared()->GetCode());
   }
 
   CheckRehashability(obj);
diff --git a/test/cctest/test-serialize.cc b/test/cctest/test-serialize.cc
@@ -2663,6 +2663,47 @@ TEST(SnapshotCreatorPreparseDataAndNoOuterScope) {
   delete[] blob.data;
 }
 
+v8::StartupData CreateCustomSnapshotArrayJoinWithKeep() {
+  v8::SnapshotCreator creator;
+  v8::Isolate* isolate = creator.GetIsolate();
+  {
+    v8::HandleScope handle_scope(isolate);
+    {
+      v8::Local<v8::Context> context = v8::Context::New(isolate);
+      v8::Context::Scope context_scope(context);
+      CompileRun(
+          "[].join('');\n"
+          "function g() { return String([1,2,3]); }\n");
+      ExpectString("g()", "1,2,3");
+      creator.SetDefaultContext(context);
+    }
+  }
+  return creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kKeep);
+}
+
+TEST(SnapshotCreatorArrayJoinWithKeep) {
+  DisableAlwaysOpt();
+  v8::StartupData blob = CreateCustomSnapshotArrayJoinWithKeep();
+
+  // Deserialize with an incomplete list of external references.
+  {
+    v8::Isolate::CreateParams params;
+    params.snapshot_blob = &blob;
+    params.array_buffer_allocator = CcTest::array_buffer_allocator();
+    // Test-appropriate equivalent of v8::Isolate::New.
+    v8::Isolate* isolate = TestIsolate::New(params);
+    {
+      v8::Isolate::Scope isolate_scope(isolate);
+      v8::HandleScope handle_scope(isolate);
+      v8::Local<v8::Context> context = v8::Context::New(isolate);
+      v8::Context::Scope context_scope(context);
+      ExpectString("g()", "1,2,3");
+    }
+    isolate->Dispose();
+  }
+  delete[] blob.data;
+}
+
 TEST(SnapshotCreatorNoExternalReferencesCustomFail1) {
   DisableAlwaysOpt();
   v8::StartupData blob = CreateSnapshotWithDefaultAndCustom();

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,`
`105`	`105`	`// Unconditionally reset the JSFunction to its SFI's code, since we can't`
`106`	`106`	`// serialize optimized code anyway.`
`107`	`107`	`JSFunction* closure = JSFunction::cast(obj);`
`108`		`- closure->set_code(closure->shared()->GetCode());`
	`108`	`+ if (closure->is_compiled()) closure->set_code(closure->shared()->GetCode());`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`CheckRehashability(obj);`