[coverage] Collect source positions when toggling mode

When changing the code coverage or type profiler modes, first ensure
there are source positions for all BytecodeArrays as regenerating the
source positions after toggling the mode will result in a bytecode
mismatch.

Bug: v8:9656, v8:8510
Change-Id: Ic6cf3afec1588f11e5ce5fcbea2fd13e4452e15f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774721
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63484}

src/debug/debug-coverage.cc

@@ -717,6 +717,13 @@ std::unique_ptr<Coverage> Coverage::Collect(
 }
 
 void Coverage::SelectMode(Isolate* isolate, debug::CoverageMode mode) {
+  if (mode != isolate->code_coverage_mode()) {
+    // Changing the coverage mode can change the bytecode that would be
+    // generated for a function, which can interfere with lazy source positions,
+    // so just force source position collection whenever there's such a change.
+    isolate->CollectSourcePositionsForAllBytecodeArrays();
+  }
+
   switch (mode) {
     case debug::CoverageMode::kBestEffort:
       // Note that DevTools switches back to best-effort coverage once the

src/debug/debug-type-profile.cc

@@ -71,6 +71,13 @@ std::unique_ptr<TypeProfile> TypeProfile::Collect(Isolate* isolate) {
 }
 
 void TypeProfile::SelectMode(Isolate* isolate, debug::TypeProfileMode mode) {
+  if (mode != isolate->type_profile_mode()) {
+    // Changing the type profile mode can change the bytecode that would be
+    // generated for a function, which can interfere with lazy source positions,
+    // so just force source position collection whenever there's such a change.
+    isolate->CollectSourcePositionsForAllBytecodeArrays();
+  }
+
   HandleScope handle_scope(isolate);
 
   if (mode == debug::TypeProfileMode::kNone) {

src/execution/isolate.cc

@@ -4681,6 +4681,27 @@ void Isolate::SetIdle(bool is_idle) {
   }
 }
 
+void Isolate::CollectSourcePositionsForAllBytecodeArrays() {
+  HandleScope scope(this);
+  std::vector<Handle<SharedFunctionInfo>> sfis;
+  {
+    DisallowHeapAllocation no_gc;
+    HeapObjectIterator iterator(heap());
+    for (HeapObject obj = iterator.Next(); !obj.is_null();
+         obj = iterator.Next()) {
+      if (obj.IsSharedFunctionInfo()) {
+        SharedFunctionInfo sfi = SharedFunctionInfo::cast(obj);
+        if (sfi.HasBytecodeArray()) {
+          sfis.push_back(Handle<SharedFunctionInfo>(sfi, this));
+        }
+      }
+    }
+  }
+  for (auto sfi : sfis) {
+    SharedFunctionInfo::EnsureSourcePositionsAvailable(this, sfi);
+  }
+}
+
 #ifdef V8_INTL_SUPPORT
 icu::UMemory* Isolate::get_cached_icu_object(ICUObjectCacheType cache_type) {
   return icu_object_cache_[cache_type].get();

src/execution/isolate.h

@@ -1564,6 +1564,11 @@ class Isolate final : private HiddenFactory {
 
   V8_EXPORT_PRIVATE void SetIdle(bool is_idle);
 
+  // Changing various modes can cause differences in generated bytecode which
+  // interferes with lazy source positions, so this should be called immediately
+  // before such a mode change to ensure that this cannot happen.
+  V8_EXPORT_PRIVATE void CollectSourcePositionsForAllBytecodeArrays();
+
  private:
   explicit Isolate(std::unique_ptr<IsolateAllocator> isolate_allocator);
   ~Isolate();

test/mjsunit/regress/regress-v8-9656.js

@@ -0,0 +1,14 @@
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+// Files: test/mjsunit/code-coverage-utils.js
+
+%DebugToggleBlockCoverage(true);
+
+try {
+  throw new Error();
+} catch (e) {
+  e.stack;
+}