[compiler] Fix a DCHECK

Inlineability can change when a function gets its deoptimization disabled. We can bailout if we notice that (but keep in mind that it can still happen later). Bug: chromium:1250244, v8:7790 Change-Id: Ib088396f41eceeaae7ccdfce287cd11c5bee738a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164980 Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/main@{#76896}
2021-09-16 16:35:31 +02:00 · 2021-09-16 16:35:31 +02:00 · 999ef89114
commit 999ef89114
parent 899b54439d
3 changed files with 20 additions and 5 deletions
--- a/src/compiler/js-inlining.cc
+++ b/src/compiler/js-inlining.cc
@ -472,11 +472,24 @@ Reduction JSInliner::ReduceJSCall(Node* node) {
  // Determine the call target.
  base::Optional<SharedFunctionInfoRef> shared_info(DetermineCallTarget(node));
  if (!shared_info.has_value()) return NoChange();
-  DCHECK(shared_info->IsInlineable());

  SharedFunctionInfoRef outer_shared_info =
      MakeRef(broker(), info_->shared_info());

+  SharedFunctionInfo::Inlineability inlineability =
+      shared_info->GetInlineability();
+  if (inlineability != SharedFunctionInfo::kIsInlineable) {
+    // The function is no longer inlineable. The only way this can happen is if
+    // the function had its optimization disabled in the meantime, e.g. because
+    // another optimization job failed too often.
+    CHECK_EQ(inlineability, SharedFunctionInfo::kHasOptimizationDisabled);
+    TRACE("Not inlining " << *shared_info << " into " << outer_shared_info
+                          << " because it had its optimization disabled.");
+    return NoChange();
+  }
+  // NOTE: Even though we bailout in the kHasOptimizationDisabled case above, we
+  // won't notice if the function's optimization is disabled after this point.
+
  // Constructor must be constructable.
  if (node->opcode() == IrOpcode::kJSConstruct &&
      !IsConstructable(shared_info->kind())) {
--- a/src/objects/shared-function-info-inl.h
+++ b/src/objects/shared-function-info-inl.h
@ -244,8 +244,6 @@ SharedFunctionInfo::Inlineability SharedFunctionInfo::GetInlineability(
    return kNeedsBinaryCoverage;
  }

-  if (optimization_disabled()) return kHasOptimizationDisabled;
-
  // Built-in functions are handled by the JSCallReducer.
  if (HasBuiltinId()) return kIsBuiltin;

@ -266,6 +264,8 @@ SharedFunctionInfo::Inlineability SharedFunctionInfo::GetInlineability(

  if (HasBreakInfo()) return kMayContainBreakPoints;

+  if (optimization_disabled()) return kHasOptimizationDisabled;
+
  return kIsInlineable;
 }

--- a/src/objects/shared-function-info.h
+++ b/src/objects/shared-function-info.h
@ -533,17 +533,19 @@ class SharedFunctionInfo
  inline bool ShouldFlushCode(base::EnumSet<CodeFlushMode> code_flush_mode);

  enum Inlineability {
-    kIsInlineable,
    // Different reasons for not being inlineable:
    kHasNoScript,
    kNeedsBinaryCoverage,
-    kHasOptimizationDisabled,
    kIsBuiltin,
    kIsNotUserCode,
    kHasNoBytecode,
    kExceedsBytecodeLimit,
    kMayContainBreakPoints,
+    kHasOptimizationDisabled,
+    // Actually inlineable!
+    kIsInlineable,
  };
+  // Returns the first value that applies (see enum definition for the order).
  template <typename IsolateT>
  Inlineability GetInlineability(IsolateT* isolate, bool is_turboprop) const;