[Compiler] Strongly hold onto BytecodeArray from DeoptimizationData.

With BytecodeArray flushing the SFI->BytecodeArray pointer will become pseudo weak.
In order to avoid having to recompile (and potentially stack-overflow) on
deoptimization, we explicitly add strong references to any BytecodeArray's we
might deopt into into the DeoptimizationData, as such the BytecodeArrays won't
be flushed while there is optimized code referencing it.

BUG=v8:8395

Change-Id: If3336dfa9c17b7bccafdb73752c58dfa1f14a371
Reviewed-on: https://chromium-review.googlesource.com/c/1314579
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57543}

src/compiler/backend/code-generator.cc

@@ -178,6 +178,16 @@ void CodeGenerator::AssembleCode() {
   }
   inlined_function_count_ = deoptimization_literals_.size();
 
+  // Define deoptimization literals for all BytecodeArrays to which we might
+  // deopt to ensure they are strongly held by the optimized code.
+  if (info->has_bytecode_array()) {
+    DefineDeoptimizationLiteral(DeoptimizationLiteral(info->bytecode_array()));
+  }
+  for (OptimizedCompilationInfo::InlinedFunctionHolder& inlined :
+       info->inlined_functions()) {
+    DefineDeoptimizationLiteral(DeoptimizationLiteral(inlined.bytecode_array));
+  }
+
   unwinding_info_writer_.SetNumberOfInstructionBlocks(
       code()->InstructionBlockCount());
 

src/compiler/js-inlining.cc

@@ -480,7 +480,7 @@ Reduction JSInliner::ReduceJSCall(Node* node) {
 
   // Remember that we inlined this function.
   int inlining_id = info_->AddInlinedFunction(
-      shared_info, source_positions_->GetSourcePosition(node));
+      shared_info, bytecode_array, source_positions_->GetSourcePosition(node));
 
   // Create the subgraph for the inlinee.
   Node* start;

src/optimized-compilation-info.cc

@@ -174,9 +174,11 @@ JSGlobalObject* OptimizedCompilationInfo::global_object() const {
 }
 
 int OptimizedCompilationInfo::AddInlinedFunction(
-    Handle<SharedFunctionInfo> inlined_function, SourcePosition pos) {
+    Handle<SharedFunctionInfo> inlined_function,
+    Handle<BytecodeArray> inlined_bytecode, SourcePosition pos) {
   int id = static_cast<int>(inlined_functions_.size());
-  inlined_functions_.push_back(InlinedFunctionHolder(inlined_function, pos));
+  inlined_functions_.push_back(
+      InlinedFunctionHolder(inlined_function, inlined_bytecode, pos));
   return id;
 }
 

src/optimized-compilation-info.h

@@ -227,12 +227,14 @@ class V8_EXPORT_PRIVATE OptimizedCompilationInfo final {
 
   struct InlinedFunctionHolder {
     Handle<SharedFunctionInfo> shared_info;
+    Handle<BytecodeArray> bytecode_array;
 
     InliningPosition position;
 
     InlinedFunctionHolder(Handle<SharedFunctionInfo> inlined_shared_info,
+                          Handle<BytecodeArray> inlined_bytecode,
                           SourcePosition pos)
-        : shared_info(inlined_shared_info) {
+        : shared_info(inlined_shared_info), bytecode_array(inlined_bytecode) {
       position.position = pos;
       // initialized when generating the deoptimization literals
       position.inlined_function_id = DeoptimizationData::kNotInlinedIndex;
@@ -248,6 +250,7 @@ class V8_EXPORT_PRIVATE OptimizedCompilationInfo final {
 
   // Returns the inlining id for source position tracking.
   int AddInlinedFunction(Handle<SharedFunctionInfo> inlined_function,
+                         Handle<BytecodeArray> inlined_bytecode,
                          SourcePosition pos);
 
   std::unique_ptr<char[]> GetDebugName() const;