[profiler] specially mark allocations during deopt

ofrobots · Commit Bot · commit a2a5a4952522 · 2018-01-22T20:05:07.000Z
Deoptimization may materialize values on the heap, which may get sampled by the heap profiler. Such samples have imprecise stack. Indicate this. BUG=v8:7314 Change-Id: I21ab079c36fc0492b05b546cc1d6a8e6c042aeb8 Reviewed-on: https://chromium-review.googlesource.com/877119 Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50775}
diff --git a/src/profiler/sampling-heap-profiler.cc b/src/profiler/sampling-heap-profiler.cc
@@ -148,6 +148,7 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
   std::vector<SharedFunctionInfo*> stack;
   JavaScriptFrameIterator it(isolate_);
   int frames_captured = 0;
+  bool found_arguments_marker_frames = false;
   while (!it.done() && frames_captured < stack_depth_) {
     JavaScriptFrame* frame = it.frame();
     // If we are materializing objects during deoptimization, inlined
@@ -159,6 +160,8 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
       SharedFunctionInfo* shared = frame->function()->shared();
       stack.push_back(shared);
       frames_captured++;
+    } else {
+      found_arguments_marker_frames = true;
     }
     it.Advance();
   }
@@ -206,6 +209,12 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {
     }
     node = node->FindOrAddChildNode(name, script_id, shared->start_position());
   }
+
+  if (found_arguments_marker_frames) {
+    node =
+        node->FindOrAddChildNode("(deopt)", v8::UnboundScript::kNoScriptId, 0);
+  }
+
   return node;
 }
 
diff --git a/test/cctest/test-heap-profiler.cc b/test/cctest/test-heap-profiler.cc
@@ -3080,7 +3080,7 @@ TEST(SamplingHeapProfilerPretenuredInlineAllocations) {
   // Suppress randomness to avoid flakiness in tests.
   v8::internal::FLAG_sampling_heap_profiler_suppress_randomness = true;
 
-  // Grow new space unitl maximum capacity reached.
+  // Grow new space until maximum capacity reached.
   while (!CcTest::heap()->new_space()->IsAtMaximumCapacity()) {
     CcTest::heap()->new_space()->Grow();
   }
@@ -3171,3 +3171,49 @@ TEST(HeapSnapshotPrototypeNotJSReceiver) {
   const v8::HeapSnapshot* snapshot = heap_profiler->TakeHeapSnapshot();
   CHECK(ValidateSnapshot(snapshot));
 }
+
+TEST(SamplingHeapProfilerSampleDuringDeopt) {
+  i::FLAG_allow_natives_syntax = true;
+
+  v8::HandleScope scope(v8::Isolate::GetCurrent());
+  LocalContext env;
+  v8::HeapProfiler* heap_profiler = env->GetIsolate()->GetHeapProfiler();
+
+  // Suppress randomness to avoid flakiness in tests.
+  v8::internal::FLAG_sampling_heap_profiler_suppress_randomness = true;
+
+  // Small sample interval to force each object to be sampled.
+  heap_profiler->StartSamplingHeapProfiler(i::kPointerSize);
+
+  // Lazy deopt from runtime call from inlined callback function.
+  const char* source =
+      "var b = "
+      "  [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25];"
+      "(function f() {"
+      "  var result = 0;"
+      "  var lazyDeopt = function(deopt) {"
+      "    var callback = function(v,i,o) {"
+      "      result += i;"
+      "      if (i == 13 && deopt) {"
+      "          %DeoptimizeNow();"
+      "      }"
+      "      return v;"
+      "    };"
+      "    b.map(callback);"
+      "  };"
+      "  lazyDeopt();"
+      "  lazyDeopt();"
+      "  %OptimizeFunctionOnNextCall(lazyDeopt);"
+      "  lazyDeopt();"
+      "  lazyDeopt(true);"
+      "  lazyDeopt();"
+      "})();";
+
+  CompileRun(source);
+  // Should not crash.
+
+  std::unique_ptr<v8::AllocationProfile> profile(
+      heap_profiler->GetAllocationProfile());
+  CHECK(profile);
+  heap_profiler->StopSamplingHeapProfiler();
+}

Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,7 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {`
`148`	`148`	`std::vector<SharedFunctionInfo*> stack;`
`149`	`149`	`JavaScriptFrameIterator it(isolate_);`
`150`	`150`	`int frames_captured = 0;`
	`151`	`+ bool found_arguments_marker_frames = false;`
`151`	`152`	`while (!it.done() && frames_captured < stack_depth_) {`
`152`	`153`	`JavaScriptFrame* frame = it.frame();`
`153`	`154`	`// If we are materializing objects during deoptimization, inlined`
`@@ -159,6 +160,8 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {`
`159`	`160`	`SharedFunctionInfo* shared = frame->function()->shared();`
`160`	`161`	`stack.push_back(shared);`
`161`	`162`	`frames_captured++;`
	`163`	`+ } else {`
	`164`	`+ found_arguments_marker_frames = true;`
`162`	`165`	`}`
`163`	`166`	`it.Advance();`
`164`	`167`	`}`
`@@ -206,6 +209,12 @@ SamplingHeapProfiler::AllocationNode* SamplingHeapProfiler::AddStack() {`
`206`	`209`	`}`
`207`	`210`	`node = node->FindOrAddChildNode(name, script_id, shared->start_position());`
`208`	`211`	`}`
	`212`	`+`
	`213`	`+ if (found_arguments_marker_frames) {`
	`214`	`+ node =`
	`215`	`+ node->FindOrAddChildNode("(deopt)", v8::UnboundScript::kNoScriptId, 0);`
	`216`	`+ }`
	`217`	`+`
`209`	`218`	`return node;`
`210`	`219`	`}`
`211`	`220`